Overview
The worlds of process safety and cybersecurity are closely intertwined. The recent malware incident, in which a process safety system was attacked by what is most likely a state-sponsored hacking group, provides further impetus to look at these two disciplines holistically. Process safety systems were never immune to the same types of malware and cyber-attacks that plague industrial control systems (ICS), they just weren’t an active target until now.
Cybersecurity and Process Safety Must be Addressed Proactively
Cyber vulnerabilities in process safety systems cannot be solved by simply applying cybersecurity products or solutions to these systems. As with process automation systems, cybersecurity must be addressed proactively throughout the lifecycle of the system. The safety and cybersecurity disciplines can learn much from each other. The HAZOP and risk analysis typically performed in the process safety lifecycle, for example, could be applied to ICS cybersecurity.
At the recent ARC Industry Forum in Orlando, several presentations touched on different aspects of the convergence of cybersecurity and process safety. Standards organizations like ISA, IEC, Automation Federation and NIST are all addressing this topic. As we saw in presentations by major end users, the recent TRITON attack on a Triconex safety system installed in the Middle East has also created an increased sense of urgency among end users that rely heavily on process safety systems as their last line of defense against a plant incident or unsafe shutdown.
ARC Advisory Group clients can view the complete report at ARC Main Client Portal or at ARC Office 365 Client Portal
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Cybersecurity, Process Safety, Risk Management, TRITON, HAZOP, ARC Advisory Group.