Cyber security PHA Study
The TEMA’s Cyber security PHA Study aims to protect the industrial process from a possible cyberattack, whether external or internal, as well as to evaluate the associated risk and identify possible solutions to avoid the consequences of these attacks to happen.
This study is based on the international standard ISA / IEC 62443 Security for Industrial Automation and Control System, the first one that includes the concept of “Security Level” (SL), which defines a set of policies, procedures and practices that must be implemented to secure an area and its ICS (Industrial Control System).
The Cybersecurity PHA Review (CSPR) is designed to define the Security Level (SL) required using the existing PHA as a starting point. TEMA includes this analysis in the HAZOP studies as an extension or add-on.
The CSPR approach has been developed to adapt naturally to the normal life cycle of the design, implementation and operation project of the industrial process.
The following information is gathered in the Safety Process Report:
- List of hackable scenarios: possible consequences of a cyberattack in the HSE (in reference to the results of HAZOP).
- Classification of hackable scenarios: prioritization of risk-based scenarios to allow a rapid response to vulnerabilities.
- Security level: definition of the minimum requirements of the cybersecurity system for each identified scenario.
- ICS alternatives: recommendations to obtain an intrinsically safe system against cyberattacks.