New ISA book introduces an inexpensive, easy-to-understand way to protect against industrial cyberattack

June 25, 2019

With their advanced, microprocessor-based technologies, today’s industrial automation and control systems (IACS) deliver much-improved performance and features compared to their analog counterparts. 

Unfortunately, these newer, networked systems-with their ability to be configured remotely-are more vulnerable to cyberattack.

Security PHA Review for Consequence-Based Cybersecurity, a new book published by the International Society of Automation (ISA), introduces an easy-to-follow, cost-effective methodology for safeguarding critical infrastructure and process industry facilities from cyberwarfare and other forms of cyber-risks.

The book illustrates how a Security Process Hazards Analysis (PHA) Review identifies hackable scenarios, ranks them appropriately, and pinpoints non-hackable safeguards-such as relief valves and current overload relays-that are not vulnerable to cybersecurity threats.

Written by Edward Marszal, PE, and James McGlone-two globally recognized experts in process safety, industrial cybersecurity, and the ISA/IEC 62443 series of IACS security standards-the book is designed to deliver clarity, simplicity, and confidence to those responsible for industrial cybersecurity.

“We were prompted to write this book because the industry and the cybersecurity practitioners are still unsure of what to do and why,” emphasizes McGlone. “In addition, the current approach in industrial cybersecurity focuses on network devices such as computers, Level 3 switches, and firewalls instead of on the process and machines that could be damaged or cause damage if control is lost.

“By analyzing the cause of and safeguards for cybersecurity weaknesses,” McGlone explains, “it’s possible to determine consequences that are potentially unaffected by the safeguards and those that could be caused by malicious intrusion, such as hacking. Any consequence that is not protected by existing safeguards or that can be caused by a cybersecurity attack is assigned an ISA/IEC 62443-based Security Level Target to be implemented or it is assigned an alternative safeguard or redesign to eliminate all or some of the cybersecurity risk.”

McClone points out that the book is targeted to a wide range of automation and process industry professionals, including:

  • Instrumentation and control system engineers and technicians
  • Network engineers
  • Process safety, health and safety, cybersecurity, and maintenance personnel
  • Executives focused on risk reduction

——————

To purchase a copy of Security PHA Review for Consequence-Based Cybersecurityclick here.

For more details, read the informative author interview
For greater perspective on the value and significance of the new book as well a more detailed overview of its content, read the Q&A feature with one of the book’s authors.

Source

Related Articles


Changing Scene


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…

  • From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    From Endress+Hauser, 24/7 Digital, Plant-Wide Health Monitoring for Rockwell Systems Optimizes Workflows and Processes

    Endress+Hauser’s Asset Health Monitoring Solution–Rockwell Edition, now available for installation, provides operators with a centralized, digital overview of plant-wide device health to avoid unscheduled shutdowns and accelerate troubleshooting. It not only presents early visibility of problematic devices but distinguishes itself by adding likely causes and remedies to such a report so problems can be fixed… Read More…