by John Cusimano & Paul Rostick
The convergence of Information Technology (IT) and Operations Technology (OT) platforms has exposed modern industrial automation systems to increased risk.
Cyber threats have the potential to affect multiple layers of protection, including basic process control, process alarms and safety instrumented systems. In certain circumstances it may be possible for a single cyber threat to simultaneously defeat all three layers of protection. Unfortunately, traditional process hazard evaluation and mitigation techniques such as HAZOP and LOPA do not include a requirement to evaluate or mitigate cyber threats.
Integrating Cybersecurity and Process Safety Risk Management. This paper examines two aspects of integrating cybersecurity and process safety risk management:
Safety Program. The importance of incorporating cybersecurity into an overall process safety risk management program.
Best Practices. The emerging best practices for assessing industrial automation and process safety cyber risk, as found in cybersecurity standards such as the U.S. NIST Cybersecurity Framework and the international ISA/IEC 62443 suite of industrial automation cybersecurity standards.