605:
125:
63:
22:
227:
346:
systems. The workshop team typically includes representatives from operations, engineering, IT and health and safety. A multidisciplinary team is important in developing realistic threat scenarios, assessing impacts and achieving consensus on the realistic of the threat, the known vulnerabilities and existing countermeasures.
358:
is typically integrated directly into the worksheet to facilitate assessment of severity and likelihood and to look up the resulting risk score. The workshop facilitator guides the team through the process and strives to gather all input, reach consensus and keep the process proceeding smoothly. The
345:
The technique is typically used in a workshop environment that includes a facilitator and a scribe with expertise in the Cyber PHA/HAZOP process, as well as multiple subject matter experts who are familiar with the industrial process, the industrial automation and control system (IACS) and related IT
341:
and cybersecurity approaches and requires instrumentation, operations and engineering disciplines to collaborate. Modeled on the process safety PHA/HAZOP methodology, a cyber PHA/HAZOP enables cyber hazards to be identified and analyzed in the same manner as any other process risk, and, because it
349:
The facilitator and scribe are typically responsible for gathering and organizing all of the information required to conduct the workshop (e.g. system architecture diagrams, vulnerability assessments, and previous PHA/HAZOPs) and training the workshop team on the method, if necessary.
302:
is a safety-oriented methodology to conduct a cybersecurity risk assessment for an industrial control system (ICS) or safety instrumented system (SIS). It is a systematic, consequence-driven approach that is based upon industry standards such as
342:
can be conducted as a separate follow-on activity to a traditional HAZOP, it can be used in both existing brownfield sites and newly constructed greenfield sites without unduly meddling with well-established process safety processes.
375:
353:
A worksheet is commonly used to document the cyber PHA/HAZOP assessment. Various spreadsheet templates, databases and commercial software tools have been developed to support the cyber method. The organization's
443:
390:
359:
workshop proceeds until all zone and conduits have been assessed. The results are then consolidated and reported to the workshop team and appropriate stakeholders.
245:
499:
457:
462:
435:
440:
410:
1043:
430:
405:
1020:
1092:
1051:
189:
492:
161:
983:
281:
263:
208:
106:
49:
334:, particularly in industries that operate highly hazardous industrial processes (e.g. oil and gas, chemical, etc.).
88:
779:
1097:
1033:
400:
168:
467:
146:
73:
846:
485:
327:
175:
1082:
1038:
959:
759:
1077:
1015:
973:
629:
142:
35:
472:
157:
876:
594:
452:
331:
861:
739:
634:
421:
Video: Cyber
Process Hazards Analysis (PHA) to Assess ICS Cybersecurity Risk presentation at S4x17
1087:
949:
901:
564:
323:
304:
135:
84:
990:
724:
322:
The names, Cyber PHA or Cyber HAZOP, were given to this method because they are similar to
1010:
922:
871:
816:
684:
657:
639:
537:
508:
401:
Cyber
Security Risk Analysis for Process Control Systems Using Rings of Protection Analysis
604:
8:
794:
569:
527:
978:
906:
811:
316:
182:
1026:
784:
719:
669:
616:
574:
522:
995:
935:
699:
689:
584:
241:
80:
886:
866:
764:
589:
579:
447:
1056:
954:
804:
754:
729:
694:
674:
554:
542:
338:
41:
425:
420:
1071:
966:
927:
896:
891:
744:
734:
704:
308:
1000:
856:
559:
376:
2018 AIChE Spring
Meeting and Global Congress on Process Safety Proceedings
940:
774:
749:
714:
549:
355:
1005:
821:
769:
652:
532:
477:
395:
881:
836:
831:
679:
647:
312:
124:
91:. Statements consisting only of original research should be removed.
841:
799:
662:
426:
Video: Consequence Based ICS Risk
Management presentation at S4x19
851:
826:
789:
473:
Dale
Peterson Unsolicited Response Podcast: Truth or Consequences
709:
624:
415:
458:
The
Familial Relationship between Cybersecurity and Safety
337:
The cyber PHA or cyber HAZOP methodology reconciles the
406:
236:
may be too technical for most readers to understand
149:. Unsourced material may be challenged and removed.
1069:
463:Cybersecurity Depends on Up-to-Date Intelligence
493:
431:How Secure are your Process Safety Systems?
50:Learn how and when to remove these messages
500:
486:
1044:Security information and event management
282:Learn how and when to remove this message
264:Learn how and when to remove this message
248:, without removing the technical details.
209:Learn how and when to remove this message
107:Learn how and when to remove this message
507:
396:Security process hazard analysis review
1070:
1021:Host-based intrusion detection system
481:
246:make it understandable to non-experts
328:hazard and operability study (HAZOP)
317:NIST Special Publication (SP) 800-39
220:
147:adding citations to reliable sources
118:
56:
15:
1052:Runtime application self-protection
13:
603:
436:Process Safety & Cybersecurity
14:
1109:
984:Security-focused operating system
384:
31:This article has multiple issues.
780:Insecure direct object reference
225:
123:
61:
20:
1034:Information security management
416:Video: Cyber PHA Overview Video
134:needs additional citations for
39:or discuss these issues on the
369:
1:
468:Cybersecurity Risk Assessment
453:Safety Requires Cybersecurity
391:Safety requires cybersecurity
362:
324:process hazard analysis (PHA)
330:studies that are popular in
7:
1093:Risk analysis methodologies
1039:Information risk management
960:Multi-factor authentication
516:Related security categories
87:the claims made and adding
10:
1114:
1016:Intrusion detection system
974:Computer security software
630:Advanced persistent threat
915:
615:
601:
595:Digital rights management
515:
332:process safety management
740:Denial-of-service attack
635:Arbitrary code execution
950:Computer access control
902:Rogue security software
565:Electromagnetic warfare
1098:Management cybernetics
996:Obfuscation (software)
725:Browser Helper Objects
609:
991:Data-centric security
872:Remote access trojans
607:
923:Application security
817:Privilege escalation
685:Cross-site scripting
538:Cybersex trafficking
509:Information security
143:improve this article
570:Information warfare
528:Automotive security
1083:Evaluation methods
979:Antivirus software
847:Social engineering
812:Polymorphic engine
765:Fraudulent dialers
670:Hardware backdoors
610:
446:2020-06-16 at the
411:Intro to Cyber PHA
309:ISO/IEC 27005:2018
307:, ISA TR84.00.09,
72:possibly contains
1078:Impact assessment
1065:
1064:
1027:Anomaly detection
932:Secure by default
785:Keystroke loggers
720:Drive-by download
608:vectorial version
575:Internet security
523:Computer security
292:
291:
284:
274:
273:
266:
219:
218:
211:
193:
117:
116:
109:
74:original research
54:
1105:
936:Secure by design
867:Hardware Trojans
700:History sniffing
690:Cross-site leaks
585:Network security
502:
495:
488:
479:
478:
378:
373:
287:
280:
269:
262:
258:
255:
249:
229:
228:
221:
214:
207:
203:
200:
194:
192:
151:
127:
119:
112:
105:
101:
98:
92:
89:inline citations
65:
64:
57:
46:
24:
23:
16:
1113:
1112:
1108:
1107:
1106:
1104:
1103:
1102:
1068:
1067:
1066:
1061:
911:
611:
599:
590:Copy protection
580:Mobile security
511:
506:
448:Wayback Machine
387:
382:
381:
374:
370:
365:
288:
277:
276:
275:
270:
259:
253:
250:
242:help improve it
239:
230:
226:
215:
204:
198:
195:
152:
150:
140:
128:
113:
102:
96:
93:
78:
66:
62:
25:
21:
12:
11:
5:
1111:
1101:
1100:
1095:
1090:
1088:Process safety
1085:
1080:
1063:
1062:
1060:
1059:
1057:Site isolation
1054:
1049:
1048:
1047:
1041:
1031:
1030:
1029:
1024:
1013:
1008:
1003:
998:
993:
988:
987:
986:
981:
971:
970:
969:
964:
963:
962:
955:Authentication
947:
946:
945:
944:
943:
933:
930:
919:
917:
913:
912:
910:
909:
904:
899:
894:
889:
884:
879:
874:
869:
864:
859:
854:
849:
844:
839:
834:
829:
824:
819:
814:
809:
808:
807:
797:
792:
787:
782:
777:
772:
767:
762:
757:
755:Email spoofing
752:
747:
742:
737:
732:
727:
722:
717:
712:
707:
702:
697:
695:DOM clobbering
692:
687:
682:
677:
675:Code injection
672:
667:
666:
665:
660:
655:
650:
642:
637:
632:
627:
621:
619:
613:
612:
602:
600:
598:
597:
592:
587:
582:
577:
572:
567:
562:
557:
555:Cyberterrorism
552:
547:
546:
545:
543:Computer fraud
540:
530:
525:
519:
517:
513:
512:
505:
504:
497:
490:
482:
476:
475:
470:
465:
460:
455:
450:
438:
433:
428:
423:
418:
413:
408:
403:
398:
393:
386:
385:External links
383:
380:
379:
367:
366:
364:
361:
339:process safety
313:ISO 31000:2009
290:
289:
272:
271:
233:
231:
224:
217:
216:
131:
129:
122:
115:
114:
69:
67:
60:
55:
29:
28:
26:
19:
9:
6:
4:
3:
2:
1110:
1099:
1096:
1094:
1091:
1089:
1086:
1084:
1081:
1079:
1076:
1075:
1073:
1058:
1055:
1053:
1050:
1045:
1042:
1040:
1037:
1036:
1035:
1032:
1028:
1025:
1022:
1019:
1018:
1017:
1014:
1012:
1009:
1007:
1004:
1002:
999:
997:
994:
992:
989:
985:
982:
980:
977:
976:
975:
972:
968:
967:Authorization
965:
961:
958:
957:
956:
953:
952:
951:
948:
942:
939:
938:
937:
934:
931:
929:
928:Secure coding
926:
925:
924:
921:
920:
918:
914:
908:
905:
903:
900:
898:
897:SQL injection
895:
893:
890:
888:
885:
883:
880:
878:
877:Vulnerability
875:
873:
870:
868:
865:
863:
862:Trojan horses
860:
858:
857:Software bugs
855:
853:
850:
848:
845:
843:
840:
838:
835:
833:
830:
828:
825:
823:
820:
818:
815:
813:
810:
806:
803:
802:
801:
798:
796:
793:
791:
788:
786:
783:
781:
778:
776:
773:
771:
768:
766:
763:
761:
758:
756:
753:
751:
748:
746:
745:Eavesdropping
743:
741:
738:
736:
735:Data scraping
733:
731:
728:
726:
723:
721:
718:
716:
713:
711:
708:
706:
705:Cryptojacking
703:
701:
698:
696:
693:
691:
688:
686:
683:
681:
678:
676:
673:
671:
668:
664:
661:
659:
656:
654:
651:
649:
646:
645:
643:
641:
638:
636:
633:
631:
628:
626:
623:
622:
620:
618:
614:
606:
596:
593:
591:
588:
586:
583:
581:
578:
576:
573:
571:
568:
566:
563:
561:
558:
556:
553:
551:
548:
544:
541:
539:
536:
535:
534:
531:
529:
526:
524:
521:
520:
518:
514:
510:
503:
498:
496:
491:
489:
484:
483:
480:
474:
471:
469:
466:
464:
461:
459:
456:
454:
451:
449:
445:
442:
439:
437:
434:
432:
429:
427:
424:
422:
419:
417:
414:
412:
409:
407:
404:
402:
399:
397:
394:
392:
389:
388:
377:
372:
368:
360:
357:
351:
347:
343:
340:
335:
333:
329:
325:
320:
318:
314:
310:
306:
305:ISA 62443-3-2
301:
297:
286:
283:
268:
265:
257:
247:
243:
237:
234:This article
232:
223:
222:
213:
210:
202:
191:
188:
184:
181:
177:
174:
170:
167:
163:
160: –
159:
155:
154:Find sources:
148:
144:
138:
137:
132:This article
130:
126:
121:
120:
111:
108:
100:
90:
86:
82:
76:
75:
70:This article
68:
59:
58:
53:
51:
44:
43:
38:
37:
32:
27:
18:
17:
1001:Data masking
560:Cyberwarfare
441:Securing ICS
371:
352:
348:
344:
336:
321:
299:
295:
293:
278:
260:
251:
235:
205:
199:January 2021
196:
186:
179:
172:
165:
153:
141:Please help
136:verification
133:
103:
94:
71:
47:
40:
34:
33:Please help
30:
941:Misuse case
775:Infostealer
750:Email fraud
715:Data breach
550:Cybergeddon
356:risk matrix
300:cyber HAZOP
158:"Cyber PHA"
1072:Categories
1006:Encryption
882:Web shells
822:Ransomware
770:Hacktivism
533:Cybercrime
363:References
169:newspapers
81:improve it
36:improve it
837:Shellcode
832:Scareware
680:Crimeware
640:Backdoors
296:cyber PHA
254:June 2017
97:July 2017
85:verifying
42:talk page
1011:Firewall
916:Defenses
842:Spamming
827:Rootkits
800:Phishing
760:Exploits
444:Archived
852:Spyware
795:Payload
790:Malware
730:Viruses
710:Botnets
617:Threats
326:or the
240:Please
183:scholar
79:Please
1046:(SIEM)
1023:(HIDS)
907:Zombie
644:Bombs
625:Adware
185:
178:
171:
164:
156:
892:Worms
887:Wiper
805:Voice
653:Logic
190:JSTOR
176:books
658:Time
648:Fork
315:and
162:news
663:Zip
298:or
244:to
145:by
83:by
1074::
319:.
311:,
294:A
45:.
501:e
494:t
487:v
285:)
279:(
267:)
261:(
256:)
252:(
238:.
212:)
206:(
201:)
197:(
187:·
180:·
173:·
166:·
139:.
110:)
104:(
99:)
95:(
77:.
52:)
48:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.