Integrating cybersecurity in hazard and risk analyses

As operational and information technologies converge to allow for remote and real-time access to plant operating data and control functions, the process industry could become increasingly susceptible to cyber-attacks. Traditional hazard and risk analysis methods appear inadequate to identify, prevent, and mitigate such attacks. This paper discusses the significance of incorporating cybersecurity vulnerability analysis not just as part of process hazard analysis (PHA), but also in terms of protecting the process control network and implementing adequate safeguards in general against cyber threats. A layer of protection analysis (LOPA) is adapted to evaluate potential weaknesses and ensure safeguards for critical applications would be resistant to cyber-attacks. Integrating cybersecurity into hazard and risk analyses as well as other elements of process safety management (PSM) is demonstrated with examples, making the plant more resilient against both traditional and cyber threats.