aeCyberPHA® Risk Assessment Methodology

aeSolutions offers industrial control system (ICS) cybersecurity risk assessment services in every phase of the process automation/process safety lifecycle. We guide clients through our unique cyber-safety risk assessment methodology that we call aeCyberPHA®. The aeCyberPHA methodology is a practical application of the ISA 62443 cybersecurity risk assessment requirements. The method links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples that with credible consequences from the PHA to determine cyber risk. Our risk-based approach to developing your cybersecurity program relies on network assessments from level 0 to level 4, zone and conduit diagrams, and gap assessments utilizing existing policies, procedures, and industry benchmarking.

Following your risk assessment, we can assist you with cybersecurity specifications development; industrial firewall design/review and implementation; governance document creation; policies and procedures development; incident response, forensics, and disaster recovery assistance.

cyberpha copy@4x.png

The aeCyber PHA process integrates process safety, industrial automation and cybersecurity disciplines to identify, rank and manage industrial cybersecurity risk in the same context as all operational risks.

  • Integrates with process safety to provide management with a consistent method of ranking risk

  • Utilizes cross-functional team (automation, operations, IT, HSE) approach to encourage collaboration and buy-in

  • Uncovers “hidden” risks

  • Provides management with risk-ranked recommendations and roadmap

  • Establishes a baseline to measure improvement, document and justify decisions

aeCyberPHA®  Risk Assessment Process

aecyber aecyberpha top graphic.png
aecyber aecyberpha bottom graphic reviis


• Systematic approach to assess ICS & SIS cyber risk
• Structured like a PHA/HAZOP
• Leverages existing process safety analysis
• Well-accepted by engineering and operations

  • System Design Aligned with ISA 62443-3-2 “Security Risk Assessment and System Design"

  • Satisfies new IEC 61511 security risk assessment requirement

  • Successfully implemented at over 100 facilities since 2013

The relationship between Industrial Cybersecurity and Process Safety

aeSolutions understands the strong connection between industrial cybersecurity and process safety. We also recognize that you can’t achieve process safety in today’s world of open, integrated control systems without addressing cybersecurity. At aeSolutions, we have expertise in both fields. We work with some of the world’s leading oil and gas and petrochemical companies helping them integrate industrial cybersecurity solutions into their industrial processes.

John Cusimano presents on “Cyber Process Hazards Analysis (PHA) to Assess ICS Cybersecurity Risk” at the S4x17 conference.

" A great session to understand basic safety risk management philosophy and methodology, and then to learn how to adapt it to address cyber related risk. "


Screening helps management allocate budgets and resources appropriately. 

screening combo.png

ICS Risk Assessment Screening

Expose the potential magnitude of cyber risk

facilitation suite 1-2.png

aeCyberPHA® Facilitation Suite

A Do It Yourself Cyber PHA Package

Learn more about the

CyberPHA method here: