risk banner.png

Cybersecurity Risk Assessment for TSA Regulated Pipeline Operators

aeSolutions Cybersecurity Risk Assessment methodology integrates safety, industrial automation, and cybersecurity disciplines to identify, rank and manage industrial cybersecurity risk in the same context as all operational risks. The method links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples that with credible consequences to determine cyber risk.  Additionally, vulnerabilities are rationalized and asset criticality is determined. 

These assessments are a practical application of the ICS risk assessment requirements documented in the ISA/IEC 62443-3-2 standard, “Security Risk Assessment for Design”.  Our method has been applied hundreds of times by companies in the pipeline sector.

Cyber Risk Assessment Benefits:

  • Corporate and facility managers often struggle with how to responsibly implement OT cybersecurity but don’t know where to start or how to best allocate their limited resources.

  • SCADA systems are each highly unique and require specialized skills and knowledge to properly assess.

  • Safety risk assessment may not be available to use for baseline scenarios

  • Most pipeline system risk assessments do not include cybersecurity specific scenarios

  • Nearly all OT cybersecurity standards require performing an ICS cybersecurity risk assessment but none of them provide a step-by-step methodology

  • aeSolutions facilitators are experts in both cybersecurity and process risk assessments

  • Establishes a baseline to measure improvements

  • Documents and justifies business decisions

Why aeCyber Solutions:

  • We have team members well-versed in midstream operations and SCADA

  • aeSolutions methodology is aligned with ISA 62443-3-2, API 1164 & 1173

  • Provides a risk based method to rationalize vulnerabilities and prioritize remediation

Contact us to learn how we can help you review your current practices to identify gaps and related remediation measures, to address cyber-related risks, and assist you in reporting those results in the TSA form.