Functional safety assessments have been a well‐established practice since the 1990’s to help organizations identify and manage industrial hazards. One of the most important is the Process Hazard Analysis (PHA) requirement and its associated Hazards and Operability Study (HAZOP) methodology, a technique used in the industry for more than 40 years.
However, functional safety assessments, by design, do not address the cybersecurity risk facing modern industrial control and safety systems that could lead to a process safety incident. In order to understand and effectively evaluate operational and process safety cyber risks, it’s necessary to assess vulnerabilities, threats and consequences using a technique called a Cyber Process Hazard Analysis (Cyber PHA). Modeled on the process safety process hazard analysis (PHA) methodology, the Cyber PHA methodology integrates cybersecurity with process safety using familiar techniques allowing IT, operations and engineering to identify and analyze cyber risks in a similar manner as they would any other process risk.
Find out more about how industry can leverage mature, well-accepted process safety methodologies to assess industrial control system (ICS) cybersecurity risk by reading our whitepaper, “If it isn’t secure, it isn’t safe”.