aeCyberPHA® Risk Assessment Methodology
aeSolutions offers industrial control system (ICS) cybersecurity risk assessment services in every phase of the process automation/process safety lifecycle. We guide clients through our unique cyber-safety risk assessment methodology that we call aeCyberPHA®. The aeCyberPHA methodology is a practical application of the ISA 62443 cybersecurity risk assessment requirements. The method links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples that with credible consequences from the PHA to determine cyber risk. Our risk-based approach to developing your cybersecurity program relies on network assessments from level 0 to level 4, zone and conduit diagrams, and gap assessments utilizing existing policies, procedures, and industry benchmarking.
Following your risk assessment, we can assist you with cybersecurity specifications development; industrial firewall design/review and implementation; governance document creation; policies and procedures development; incident response, forensics, and disaster recovery assistance.
The aeCyber PHA process integrates process safety, industrial automation and cybersecurity disciplines to identify, rank and manage industrial cybersecurity risk in the same context as all operational risks.
Integrates with process safety to provide management with a consistent method of ranking risk
Utilizes cross-functional team (automation, operations, IT, HSE) approach to encourage collaboration and buy-in
Uncovers “hidden” risks
Provides management with risk-ranked recommendations and roadmap
Establishes a baseline to measure improvement, document and justify decisions
aeCyberPHA® Risk Assessment Process
• Systematic approach to assess ICS & SIS cyber risk
• Structured like a PHA/HAZOP
• Leverages existing process safety analysis
• Well-accepted by engineering and operations
System Design Aligned with ISA 62443-3-2 “Security Risk Assessment and System Design"
Satisfies new IEC 61511 security risk assessment requirement
Successfully implemented at over 100 facilities since 2013
The relationship between Industrial Cybersecurity and Process Safety
aeSolutions understands the strong connection between industrial cybersecurity and process safety. We also recognize that you can’t achieve process safety in today’s world of open, integrated control systems without addressing cybersecurity. At aeSolutions, we have expertise in both fields. We work with some of the world’s leading oil and gas and petrochemical companies helping them integrate industrial cybersecurity solutions into their industrial processes.
John Cusimano presents on “Cyber Process Hazards Analysis (PHA) to Assess ICS Cybersecurity Risk” at the S4x17 conference.
" A great session to understand basic safety risk management philosophy and methodology, and then to learn how to adapt it to address cyber related risk. "