Whether we like it or not — Information Technology (IT) and Operational Technology (OT) are converging. In fact, most would say they already have converged to a large degree and this will continue until they are almost indiscernible in terms of the underlying technology. While the benefits are incredible, convergence means industrial control systems (ICS) are now exposed to a plethora of risks from cyber threats.
It may seem dramatic, but rest assured it is not. Cyber risks increase the probability of disruptive or dangerous events, including: plant shutdowns, loss of income, employee injuries, noxious releases and environmental damages, community evacuations, equipment damage, contaminated or off‐spec products, fines, penalties, regulatory injunctions, and civil and commercial legal actions. Events like these can severely impact an organization, its shareholders, its employees, and the communities in which it operates.
To understand and effectively evaluate operational and process safety cyber risks, it’s necessary to assess vulnerabilities, threats and consequences using a technique called a Cyber Process Hazard Analysis (Cyber PHA). Modeled on the process safety process hazard analysis (PHA) methodology, the Cyber PHA methodology integrates cybersecurity with process safety using familiar techniques allowing IT, operations and engineering to identify and analyze cyber risks in a similar manner as they would any other process risk