Should my Initial Cybersecurity Risk Assessment Consider Non-hackable Protections? | exida

exida Recorded Webinars

  1. exida
  2. Webinars
  3. Recordings
  4. Should my Initial Cybersecurity Risk Assessment Consider Non-hackable Protections?

Should my Initial Cybersecurity Risk Assessment Consider Non-hackable Protections?

Recording Date: May 2023

The initial cybersecurity risk assessment (or high-level risk assessment as it was previously called) is an important step in the cybersecurity lifecycle. It is at this point that the basis for network segmentation and creating zones and conduits for an industrial control system (ICS) starts. At this stage the “worst case unmitigated cyber security risk” for any scenario is documented to allow assets to be grouped into areas of similar risks. Several methodologies have been adopted to complete this task, and two of the most common are asset-based and PHA-based, each with a slightly different focus and approach. One common question that we receive when conducting initial risk assessments, is if any protections can be credited. At this stage no cybersecurity protections can be credited, but what about non-hackable safety protections? In this webinar we will review similarities and differences between these two approaches to initial risk assessment and answer the question of whether or not we can look at non-hackable protections during the initial risk assessment.

View Webinar   

About the Presenter:

Patrick O'Brien

Patrick O’Brien Patrick O’Brien is the Assistant Director of Engineering at exida, LLC, where he helps lead a team of engineers in delivering functional safety, cybersecurity, and alarm management services. He has led cybersecurity risk assessments, training courses, and other lifecycle activities for many different applications, including oil and gas, specialty chemical, critical infrastructure, machinery, and robotics. In addition to his cybersecurity role, he also provides consulting services in the areas of process safety, functional safety, and machine safety. He is a coauthor of Implementing IEC 62443: A Pragmatic Approach to Cybersecurity and the principal author of the CCPS concept book Managing Cybersecurity in the Process Industries – A Risk-based Approach. Patrick represents exida on the International Society of Automation Global Cybersecurity Alliance (ISAGCA). Mr. O’Brien graduated from the Pennsylvania State University with a Bachelor of Science in Chemical Engineering and a Bachelor of Science in German Language and Culture.