An all-in-one package provides tools, training, and guidance to successfully lead an ISA/IEC 62443-3-2 compliant risk assessment per the Cyber PHA methodology for industrial asset owners.
aeCyberSolutions, the Industrial Cybersecurity division of aeSolutions, announces the aeCyberPHA Facilitation Suite for industrial asset owners looking to self-perform, maintain, and manage cyber PHA (process hazards analysis) cyber-safety risk assessments. The suite includes an all-in-one package of the tools, training, and guidance needed to successfully lead an ISA/IEC 62443-3-2 compliant risk assessment per the proven cyber PHA methodology.
“Choosing the right method to assess cybersecurity risk can be a challenge, and effectively conducting studies can be more challenging still. As a result, many operational technology (OT) professionals lack the necessary experience and tools to facilitate and maintain cyber PHAs,” said John Cusimano, Vice President of aeCyberSolutions. “With the aeCyberPHA Facilitation Suite, the entire organization will quickly realize the benefits of ownership of the cyber PHA process and will be able to effectively make the connection between process safety and cybersecurity risk.”
While cyber PHA is a proven method in the industrial industry, it can still lead to sub-par results if the risk assessment team lacks the tools and training needed to conduct the study effectively and efficiently. Risk assessment work processes and templates, while seemingly simple, are notoriously challenging to develop and manage.
What has become the de facto methodology for ICS risk assessment, Cyber PHA links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples them with credible consequences from the PHA to determine cyber risk. For facilities that do not have a formal PHA, credible worst-case scenarios are incorporated into the template. The toolset codifies aeCyberSolutions’ internal knowledge and expertise that have been refined in executing hundreds of successful cyber PHA studies, including risk assessment templates, company-specific template customization, integrated libraries, comprehensive training, and expert support guides.
“Until now, asset owners have had to hire consultants or develop internal tools to conduct Cyber PHAs,” Cusimano added. “Our new facilitation suite is truly the first of its kind in the industry and leverages our team’s tremendous experience and best practices in leading hundreds of studies and dozens of custom risk assessments to build an ideal toolset and training for Cyber PHA teams. Users of the facilitation suite will find that the toolset is easily adopted across different industry sectors and product lines, while leveraging the integrated library of common recommendations and industry best practices.”