- ISA Standards and Publications
- ISA Publications
- ISA Books—Technical Resources for Automation and Control Professionals
- Author Q&A: Security PHA Review for Consequence-Based Cybersecurity
Author Q&A: Security PHA Review for Consequence-Based Cybersecurity
ISA recently published Security PHA Review for Consequence-Based Cybersecurity by Edward Marszal, PE, and James McGlone—two globally recognized experts in process safety, industrial cybersecurity, and the ISA/IEC 62443 series of IACS security standards. In this Q&A feature, McGlone highlights the focus, importance, and differentiating qualities of the book.
Note: Photographs of the authors and their biographies are included at the bottom of this page.
Q. What is a Security PHA Review and how does it help ensure industrial cybersecurity?
A. The first step is applying a methodology for assessing the potential risks posed by a cyberattack on process plants. In the process industries, the most widely accepted process for identifying hazards and assessing risk is the Process Hazard Analysis (PHA) method, most commonly performed through hazard and operability studies (HAZOPs)
A Security Process Hazards Analysis (PHA) Review is a practical and inexpensive analysis method that can verify if critical industrial automation processes and machinery are protected or if they could be damaged through cyberattack.
By analyzing the cause of and safeguards for cybersecurity weaknesses, it's possible to determine consequences that are potentially unaffected by the safeguards and those that could be caused by malicious intrusion, such as hacking.
This book reviews the most common methods for PHA of process industry plants and explains how to supplement those methods with an additional Security PHA Review (SPR) study to determine if there are any cyberattack vectors that can cause significant physical damage to the facility. If these attack vectors are present, then the study methodology makes one of two recommendations: (1) modify one or more of the safeguards so that they are not vulnerable to cyberattack or (2) prescribe the appropriate degree of cyberattack safeguarding through the assignment of an appropriate security level. SPR examples provide insight for implementing these recommendations.
Any consequence that is not protected by existing safeguards or that can be caused by a cybersecurity attack is assigned an ISA/IEC 62443-based Security Level Target to be implemented or it is assigned an alternative safeguard or redesign to eliminate all or some of the cybersecurity risk.
Q. What makes this book different than other books on cybersecurity? Why were you compelled to write it?
A. We were prompted to write the book because the industry and cybersecurity practitioners are still unsure of what to do and why. The prevailing approach in industrial cybersecurity focuses on network devices such as computers, Level 3 switches, and firewalls instead of on the process and machines that could be damaged or cause damage if control is lost.
By focusing on hazard and operability studies (HAZOPs) designated scenarios, it is possible to identify hackable scenarios, rank them appropriately, and design non-hackable safeguards-such as relief valves and current overload relays-that are not vulnerable to the cybersecurity threat vector. Where inherently secure safeguard design is not feasible, the appropriate cybersecurity countermeasures must be deployed.
Q. What types of automation and process industry professionals would benefit most by reading the book?
A. The book will be useful to a wide range of automation and process industry professionals, including:
- Instrumentation and control system engineers and technicians
- Network engineers
- Process safety, health and safety, cybersecurity, and maintenance personnel
- Executives focused on risk reduction
Q. Why does the cover of your book depict springs and gears? How are they related to the content of the book?
A. The book shows how to evaluate each cause and safeguard in a "node" to discover if the consequence can be generated by a cyberattack. If a consequence is vulnerable to a cyberattack, then you can select a Security Level Target for the zone where the cause and safeguard reside or you can modify or redesign the cause and safeguard so they are not vulnerable to the cyberattack. The modifications or redesign involves choosing a different type of technology to remove the cyberattack vulnerability. In many cases, the redesign or modification might involve a device with a spring or gear instead of a microprocessor.
About Edward Marszal
Edward Marszal, Professional Engineer (PE) and ISA84 Safety Instrumented Systems Expert, is the president and chief executive officer at Kenexis, an engineering consultancy providing cybersecurity, safety instrumented systems (SISs), fire and gas system (FGSs), and critical alarm system solutions to the process industries.
Marszal is a long-time practitioner and pioneer of the techniques and tools associated with technical safety and the performance-based design and implementation of instrumented safeguards. He began his career as an instrumentation and control field advisor at UOP, performing functional safety assessments of control systems and safety instrumented systems. He also designed and managed the development of custom control systems and SIS projects.
After leaving UOP, Marszal joined Environmental Resources Management (ERM), where he specialized in financial risk analysis and process safety management.
He then co-founded and joined exida, where he was responsible for helping users and vendors of industrial automation systems develop safety critical and high-availability solutions. Marszal specialized in performing numerous SIS safety life-cycle projects that included process hazard analysis (PHA) facilitation, Layer of Protection Analysis (LOPA) facilitation, safety integrity level selection, safety requirements specification development, start-up acceptance testing assistance (validation), and function test plan development.
After leaving exida, Marszal joined Kevin Mitchell in the founding of Kenexis, which was established to assist process industry users implement instrumented safeguards.
Marszal has been highly engaged in professional societies, and has been an active instructor and a prolific author throughout his entire career. In 1994, Marszal joined the ISA84 committee to help develop standards and technical reports and has been an active participant in the committee ever since.
He is the author of record for ISA's EC52 Advanced Safety Integrity Level (SIL) Selection training course, which he frequently presents in combination with ISA's EC54 Advanced Design and SIL Verification course. He is also the author of the award-winning ISA textbook, Systematic Safety Integrity Level Selection with Layer of Protection Analysis, the accompaniment to the EC52 training class.
Additionally, Marszal is the co-developer and frequent presenter of ISA's EC56P Fire and Gas System Engineering: Performance-Based Methods for Process Facilities course. In addition to providing ISA training, Marszal also presents a large amount of Kenexis' training offerings, which cover a range of instrumented safeguard topics.
He earned a BA in chemical engineering, with an emphasis on process controls and artificial intelligence, from Ohio State University.
About James McGlone
James McGlone is the chief marketing officer at Kenexis, an engineering consultancy providing cybersecurity, safety instrumented systems (SISs), fire and gas system (FGSs), and critical alarm system solutions to the process industries.
He possesses more than 30 years of experience in the development, design, programming, and deployment of embedded control systems used in industrial automation, building automation, Internet of Things (IoT), and cybersecurity.
McGlone started his career in the US Navy as an electronics technician and nuclear reactor operator on fast attack submarines. After nine years of maintaining and operating nuclear power plants in submarines, McGlone pursued a civilian career as a technical specialist at a Rockwell Automation (Allen-Bradley) distributor, where he worked on applications for drives and motion control systems and learned to program programmable logic controllers (PLCs).
Driven by his interest in computers, McGlone then pursued a variety of positions promoting and driving the development of industrial software to solve industrial automation problems worldwide.
After 15 years, McGlone become vice president of Tridium, a Honeywell subsidiary where he ran sales and operations. Tridium supplied technology that other vendors deployed under their own brands. This technology included nondeterministic embedded programmable controllers, which incorporated remote capabilities over network connections. This technology has developed into what is commonly referred to as the Internet of Things (IoT) today.
After Tridium, McGlone's interest shifted to bringing high-speed inline encryption technology from government applications into the industrial marketplace. It is during this time that he was introduced to Kenexis.
At Kenexis, McGlone promotes and deploys the disciplines necessary to build and operate process systems safely with secure industrial control systems.
McGlone is a past director of ISA's Safety & Security Division and is a past president of central Ohio's Control System Cyber Security Association International. He is a graduate of the University of New York. McGlone holds: an MBA, a BS in physics and computer systems, several Microsoft certifications, and a Global Industrial Cyber Security Professional (GICSP) certificate.