The main objective of a Cyber Risk Assessment is to identify potential process risks resulting from a Cyber-attack. Given the increased connectivity of process plants, there is a need to see how potential cyber-attacks can impact process risk. Original assumptions regarding demand rates and effectiveness of various instrumented protection layers such as safety controls, alarms, and interlocks, including safety instrumented systems, may no longer be valid. CyberPHAx™ follows a traditional Process Hazards Analysis (PHA) approach to identify potential threats as well as countermeasures for those threats.
CyberPHAx™ guides users through the Cyber Risk Assessment process, effectively focusing the user on the task at hand, identifying types of cyber-attacks, potentially leading to hazardous events and their associated risks. Once the severity of a potential cyber-attack is understood, existing or planned countermeasures can be documented allowing an estimate of residual risk. If the tolerable risk target is not met, recommendations can be documented to lower the risk to a tolerable level.
The CyberPHAx tool allows users to easily define their infrastructure environment, consisting of zones within a plant and cyber nodes within zones. Cyber threats which are the cornerstone of the Cyber Risk Assessment process are defined for each node. Subsequently a cause with associated c onsequence, countermeasures, and recommendations can be defined for each cyber threat.
||Less Data Entry|
||Standards Compliant Documentation|
Cyber Attack scenarios are the basis of all further countermeasure design work. Within CyberPHAx you can specify the Cause-Consequence pairs that are part of a Cyber Attack Scenario.
Items like Countermeasures, Recommendations, and References can be defined in a library which allows use of that item in multiple locations. A change to a library item will automatically be applied to all locations the library item is referenced. Using libraries will dramatically increase the efficiency and consistency of the various work activities to be performed.