- English
- ePUB (mobile friendly)
- Available on iOS & Android
About This Book
The chemical process industry is a rich target for cyber attackers who are intent on causing harm. Current risk management techniques are based on the premise that events are initiated by a single failure and the succeeding sequence of events is predictable. A cyberattack on the Safety, Controls, Alarms, and Interlocks (SCAI) undermines this basic assumption. Each facility should have a Cybersecurity Policy, Implementation Plan and Threat Response Plan in place. The response plan should address how to bring the process to a safe state when controls and safety systems are compromised. The emergency response plan should be updated to reflect different actions that may be appropriate in a sabotage situation. IT professionals, even those working at chemical facilities are primarily focused on the risk to business systems. This book contains guidelines for companies on how to improve their process safety performance by applying Risk Based Process Safety (RBPS) concepts and techniques to the problem of cybersecurity.
Frequently asked questions
Information
Part 1
Introduction, Background, and History of Cybersecurity
1
Purpose of this Book
- Increased interconnectivity of industrial control systems
- Increased convergence of OT and IT systems
- Increased use of Internet Protocol in OT applications
- Increased requirements for remote access
- Increased number of readily available hacking tools
- Desire to target critical infrastructure for political motives
- Increase in number of threat agents with skills to target control systems
- Better identification of cybersecurity attacks
- Increase in known software vulnerabilities
- Increase in known vulnerabilities in legacy systems
- Lack of sufficient cybersecurity awareness and training
- Potential for significant financial gain
- Desire to gain recognition of skills by targeting control systems
- Understanding cybersecurity risk for the process industry,
- Integrating cybersecurity management into the existing process safety framework, and
- Developing a path forward for the future of cybersecurity for the process industry.
- Develop their approach to cybersecurity incident prevention.
- Continuously improve their management system effectiveness.
- Employ cybersecurity management for nonâregulatory processes using riskâbased design principles.
- Integrate the cybersecurity business case into an organization's business processes.
- Focus their resources on higher risk activities.
RBPS Accident Prevention Pillars | Cybersecurity Event Prevention Pillars |
---|---|
Commit to process safety | Commit to cybersecurity |
Understand hazards and risk | Understand cybersecurity hazards and risk |
Manage risk | Manage cybersecurity risk |
Learn from experience | Learn from experience |
- Apply industry best practices
- Correct deficiencies identified from internal incidents
- Apply lessons learned from other organizations
Table of contents
- Cover
- Table of Contents
- Title Page
- Copyright
- List of Figures
- List of Tables
- Acronyms and Abbreviations
- Glossary
- Acknowledgments
- Managing Cybersecurity in the Process Industries
- Preface
- Part 1: Introduction, Background, and History of Cybersecurity
- Part 2: Integrating Cybersecurity Management into the Process Safety Framework
- Part 3: Where Do We Go from Here?
- Appendix A Excerpt from NIST Cybersecurity FrameworkExcerpt from NIST Cybersecurity Framework
- Appendix B Detailed Cybersecurity PHA and LOPA ExampleDetailed Cybersecurity PHA and LOPA Example
- Appendix C Example Cybersecurity MetricsExample Cybersecurity Metrics
- Appendix D Cybersecurity Sample Audit Question ListCybersecurity Sample Audit Question List
- Appendix E Management System Review ExamplesManagement System Review Examples
- ReferencesReferences
- Index
- End User License Agreement