New ISA book introduces an inexpensive, easy-to-understand way to protect against industrial cyberattack

With their advanced, microprocessor-based technologies, today’s industrial automation and control systems (IACS) deliver much-improved performance and features compared to their analog counterparts. 

Unfortunately, these newer, networked systems-with their ability to be configured remotely-are more vulnerable to cyberattack.

Security PHA Review for Consequence-Based Cybersecurity, a new book published by the International Society of Automation (ISA), introduces an easy-to-follow, cost-effective methodology for safeguarding critical infrastructure and process industry facilities from cyberwarfare and other forms of cyber-risks.

The book illustrates how a Security Process Hazards Analysis (PHA) Review identifies hackable scenarios, ranks them appropriately, and pinpoints non-hackable safeguards-such as relief valves and current overload relays-that are not vulnerable to cybersecurity threats.

Written by Edward Marszal, PE, and James McGlone-two globally recognized experts in process safety, industrial cybersecurity, and the ISA/IEC 62443 series of IACS security standards-the book is designed to deliver clarity, simplicity, and confidence to those responsible for industrial cybersecurity.

“We were prompted to write this book because the industry and the cybersecurity practitioners are still unsure of what to do and why,” emphasizes McGlone. “In addition, the current approach in industrial cybersecurity focuses on network devices such as computers, Level 3 switches, and firewalls instead of on the process and machines that could be damaged or cause damage if control is lost.

“By analyzing the cause of and safeguards for cybersecurity weaknesses,” McGlone explains, “it’s possible to determine consequences that are potentially unaffected by the safeguards and those that could be caused by malicious intrusion, such as hacking. Any consequence that is not protected by existing safeguards or that can be caused by a cybersecurity attack is assigned an ISA/IEC 62443-based Security Level Target to be implemented or it is assigned an alternative safeguard or redesign to eliminate all or some of the cybersecurity risk.”

McClone points out that the book is targeted to a wide range of automation and process industry professionals, including:

  • Instrumentation and control system engineers and technicians
  • Network engineers
  • Process safety, health and safety, cybersecurity, and maintenance personnel
  • Executives focused on risk reduction

——————

To purchase a copy of Security PHA Review for Consequence-Based Cybersecurityclick here.

For more details, read the informative author interview
For greater perspective on the value and significance of the new book as well a more detailed overview of its content, read the Q&A feature with one of the book’s authors.

Source

Related Articles



Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More



Latest Articles

  • Verifying Quality without Compromising Production Output Through Holistic Traceability

    March 28, 2024 Shipping a mislabeled product is at the heart of some of the largest recalls, damaged supplier relations, compliance violations, and warranty costs across multiple industries. Customers relying on “just-in-time” delivery can experience costly downtime if the quality of a label or barcode is not maintained upstream. Handheld high-volume traceability systems continue to be a… Read More…

  • Making the Sustainable Transformation of the Process Industry a Success

    March 25, 2024 By Krystie Johnston and Dr. Manfred Jagiella Sustainability facilitates opportunity when approached with a mindset to preserve resources and promote circularity. We share one Earth, and it is our global responsibility to care for it for the next generation. Endress+Hauser is one global company that understands this responsibility – and practices it… Read More…