1. References

2. External links

A cyber PHA (also styled cyber security PHA) is a detailed cybersecurity risk assessment methodology that conforms to ISA 62443-3-2. The name, cyber PHA, was given to this method because it is similar to the Process Hazards Analysis (PHA) or the hazard and operability study (HAZOP) methodology that is popular in process safety management, particularly in industries that operate highly hazardous industrial processes (e.g. oil and gas, chemical, etc.).

The method is typically conducted as a workshop that includes a facilitator and a scribe with expertise in the cyber PHA process as well as multiple subject matter experts who are familiar with the industrial process, the industrial automation and control system (IACS) and related IT systems. For example, the workshop team typically includes representatives from operations, engineering, IT and health and safety as well as an independent facilitator and scribe. A multidisciplinary team is important in developing realistic threat scenarios, assessing the impact of compromise and achieving consensus on realistic likelihood values given the threat environment, the known vulnerabilities and existing countermeasures.

The facilitator and scribe are typically responsible for gathering and organizing all of the information required to conduct the workshop (e.g. system architecture diagrams, vulnerability assessments, and PHAs) and training the workshop team on the method, if necessary.

A worksheet is commonly used to document the cyber PHA assessment. Various spreadsheet templates, databases and commercial software tools have been developed to support the cyber PHA method. The organization’s risk matrix is typically integrated directly into the worksheet to facilitate assessment of severity and likelihood and to look up the resulting risk score. The workshop facilitator guides the team through the process and strives to gather all input, reach consensus and keep the process proceeding smoothly. The workshop proceeds until all zone and conduits have been assessed. The results are then consolidated and reported to the workshop team and appropriate stakeholders.

References

External links

• Safety requires cybersecurity
• [https://ics-cert.us-cert.gov/sites/default/files/ICSJWG-Archive/QNL_JUN_16/Sridhar_Core_Principles_ICSCybersecurity_Program_S508C.PDF Core Principles of an ICS Cybersecurity Program]
• [https://www.isa.org/intech/20160401/ Security process hazard analysis review]
• [https://www.slideshare.net/JohnCusimano/wednesday-cusimano Understanding the Risk of Cyber Threats to an Industrial Process with a Cyber PHA]
• Integrating ICS Cybersecurity and Process Safety Management (PSM)
• [https://pdfs.semanticscholar.org/aafd/27dd69282132bf00020984a7756e410f623f.pdf Cyber Security Risk Analysis for Process Control Systems Using Rings of Protection Analysis]
• aeCyberPHA Risk Assessment Methodology

• NWOAL
• NWOAM
• NWoAM
• NWoBHM
• NWOBHM '79 Revisited
• NWOBHM 79 Revisited
• NWo Black and White
• NWo B-Team
• NWo "B-Team"
• NWO Championship
• NWoD
• NWO (disambiguation)
• NWo Elite
• NWo "Elite"
• NWo Girl
• NWo Girls
• NWo Girl Tylene
• "N" word
• N-word (disambiguation)
• NW ordiance
• NWo Reunion
• NWo Silver
• NWo Souled Out
• Nwosu
• NWOSU