• Back to Security PHA Review for Consequence-Based Cybersecurity

    Security PHA Review for Consequence-Based Cybersecurity

    By Edward M. Marszal and Jim McGlone

    Over the past few decades, the process industry has replaced mechanical safeguards with networked microprocessor-based devices that can be configured remotely. The new systems have more functionality their analog counterparts; however, they have also created greater risk from cyber attack.

    By focusing on hazard and operability studies (HAZOPs) designated scenarios, it is possible to identify hackable scenarios, rank them appropriately, and design non-hackable safeguards—such as relief valves and current overload relays—that are not vulnerable to the cybersecurity threat vector. Where inherently secure safeguard design is not feasible, the appropriate cybersecurity countermeasures must be deployed.

    The first step in this decision-making process is the application of a methodology for assessing the potential risks posed by a cyberattack on these process plants. In the process industries, the most widely accepted process for identifying hazards and assessing risk is the process hazard analysis (PHA) method, most commonly performed through a HAZOP.

    This book reviews the most common methods for PHA of process industry plants and then explains how to supplement those methods with an additional security PHA review (SPR) study to determine if there are any cyberattack vectors that can cause significant physical damage to the facility. If these attack vectors are present, then the study methodology makes one of two recommendations: (1) modify one or more of the safeguards so that they are not vulnerable to cyberattack or (2) prescribe the appropriate degree of cyberattack safeguarding through the assignment of an appropriate security level. SPR examples provide insight for implementing these recommendations.

    Digital Versions Available! Kindle  | ePub

    Q&A with the authors

    Jim McGlone
    Jim McGlone

    Edward Marszal
    Edward Marszal

    Authors Jim McGlone and Edward Marszal explain how process hazards analysis and Security PHA Review (SPR) studies can be used in conjunction with the ISA/IEC 62443 standards to protect today’s networked industrial automation and control systems (IACSs). Read the full article.

    ISA Press Release

    Edward Marszal and James McGlone—globally recognized experts in process safety, industrial cybersecurity, and the ISA/IEC 62443 series of IACS security standards—talk about selecting methods for identifying cybersecurity weaknesses and guarding against them. Read the full article.

      • List Price: $89.00 USD
      • Member Price: $72.00 USD
      Purchase More and save:
      • Qty 5 - 25 Save 20.00%
      • Qty 26 - 50 Save 10.00%
      • Qty 26 - 50 Save 25.00%
      • Qty 51 - 100 Save 30.00%
      • Qty 51 - 100 Save 5.00%

        has been added to your Shopping Cart.

      Want to save more?
      to see if you qualify for a lower rate.
      Members save $17.00 USD or more

      Item Details:

      Copyright: 2019
      Length: 168 pages
      ISBN: 978-1-64331-000-8
      Available Formats: Paperback, ePub, Kindle
      Publisher: International Society of Automation

      Back to Security PHA Review for Consequence-Based Cybersecurity
    • Back to Product Detail
      Product Reviews 5 out of 5  ( 1 Reviews)
      1 - 1 of 1
      Mr. Andrew Ginter Feb 13, 2020 Report Abuse
      The best kind of book - you finish reading and think "Brilliantly obvious - in hindsight. Why haven't we ALL been doing this FOREVER?" But of course you didn't know how to do any of this until you read the book... Details:...
      show more
      1 - 1 of 1