aeCyberSolutions helps industrial organizations identify magnitude of cyber risk to operations
aeCyberSolutions announces ICS Cybersecurity Risk Screening, a new service to assist industrial organizations in gaining a high-level understanding of the worst-case risk to operations should their industrial control systems (ICSs) be compromised.
Utilizing a consequence-based, initial cybersecurity risk screening methodology, the results expose the potential magnitude of cyber risk to operations, assists with the prioritization of detailed risk assessments, facilitates the grouping of assets into zones and conduits, and helps management allocate budgets and resources appropriately.
“Process safety studies typically do not take cyber threats and impacts into account, and that leaves management with a blind spot in not fully being informed on the risk to operations,” said John Cusimano, Vice President of aeCyberSolutions.
“Our new screening service leverages existing process safety hazard studies, if available, or helps to generate realistic operational consequence scenarios. These scenarios provide a proven starting point for cyber process hazards analysis (CyberPHA) and ensure compliance with industry standards and best practices.”
aeCyberSolutions’ Cybersecurity PHA Risk Screening is performed following the ISA/IEC 62443-3-2 initial risk assessment requirement (ZCR 2) and identifies the cyber-vulnerable risk scenarios found in an existing process safety study such as a PHA, layer of protection analysis (LOPA), or hazard and operability study (HAZOP). The study’s original risk ranking is adjusted to show the modified risk should the industrial control system or safety instrumented system (SIS) be compromised due to a cybersecurity threat.
This provides organizations with the information they need to determine if additional safeguards are required or if a detailed ICS cyber risk assessment, such as an aeCyberPHA, is warranted to study the specific vulnerabilities and cybersecurity countermeasures (e.g., network segmentation, access controls, etc.) in IT and OT systems and networks.