9:00 - 10:00 am: "Cybersecurity – Best Practices for Securing Critical Control and Safety Systems"
Many safeguards are required to mitigate the potential risks in process plants, commonly including mechanical devices such as pressure relief valves and automated safeguards such as basic process control system interlocks, alarms, and safety instrumented functions. In a safety risk assessment these safeguards are considered to function independently, but in a cybersecurity incident, multiple layers can be compromised in a single attack. This presentation will review several common points of failures that attackers can exploit to initiate the common cause failure of control and safety functions including bypasses of safety critical components from operator workstations, shared engineering workstations or common laptops used for configuring both safety and control devices, and shared accounts for control and safety access credentials. Learn best practices for securing safety-critical systems and maintaining safeguard independence from cyberattacks—all integrated into your existing process safety activities.
10:00 - 11:00 am: "Using exSILentia Cyber to streamline cybersecurity risk assessments"
A risk-based approach is key for effectively managing cybersecurity for Industrial Control Systems (ICS). It helps to identify critical areas requiring mitigation and focus limited resources on the most critical issues. The ISA/IEC 62443-3-2 standard provides the formal process for conducting these risk assessments in a two-staged approach (initial and detailed). Built from years of assessment experience, exSILentia Cyber was added to the exSILentia v4 platform to provide the efficient data recording and exporting necessary for cyber risk assessment. We will demonstrate how the exSILentia cyber tool can be used to improve the effectiveness of the cybersecurity risk assessment process and streamline the reporting process. Including the recently updated HLRA and DLRA modules!
Patrick O’Brien is the Assistant Director of Engineering at exida, LLC, where he helps lead a team of engineers in delivering functional safety, cybersecurity, and alarm management services. He has led cybersecurity risk assessments, training courses, and other lifecycle activities for many different applications, including oil and gas, specialty chemical, critical infrastructure, machinery, and robotics. In addition to his cybersecurity role, he also provides consulting services in the areas of process safety, functional safety, and machine safety.
He is a coauthor of Implementing IEC 62443: A Pragmatic Approach to Cybersecurity and the principal author of the CCPS concept book Managing Cybersecurity in the Process Industries – A Risk-based Approach. Patrick represents exida on the International Society of Automation Global Cybersecurity Alliance (ISAGCA). Mr. O’Brien graduated from the Pennsylvania State University with a Bachelor of Science in Chemical Engineering and a Bachelor of Science in German Language and Culture.