Why process safety risk and cyber security risk differ

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Abstract

When cyber security risk for process automation systems is estimated I often see references made to process safety risk. This has several reasons:

For estimating risk we need likelihood and consequence, the process safety HAZOP and LOPA processes used by plants to estimate process safety risk, identify the consequence of the process scenarios they identify and analyze. These methods also classify the consequence in different categories such as for example finance, process safety, and environment.People expect a cyber security risk score that is similar to the process safety risk score, a score expressed as loss based risk. The idea is that the cyber threat potentially increases the process safety risk and they like to know how much that risk is increased. Or more precisely how high is the likelihood that the process scenario could occur as result of a cyber attack.The maturity of the process safety risk estimation method is much higher than the maturity of cyber security risk estimation methods in

Read the article