Company’s new consequence-based cybersecurity risk screening methodology to aid industrial organizations in determining the need for a detailed cybersecurity risk assessment.
aeCyberSolutions Introduces ICS Cybersecurity Risk Screening Service to Expose Potential Magnitude of Cyber Risk to Industrial Operations
Greenville, SC – May 13, 2021 – aeCyberSolutions, the Industrial Cybersecurity division of aeSolutions, announces ICS Cybersecurity Risk Screening, a new service to assist industrial organizations in gaining a high-level understanding of the worst-case risk to operations should their industrial control systems (ICSs) be compromised. Utilizing a consequence-based, initial cybersecurity risk screening methodology, the results expose the potential magnitude of cyber risk to operations, assists with the prioritization of detailed risk assessments, facilitates the grouping of assets into zones and conduits, and helps management allocate budgets and resources appropriately.
“Process safety studies typically do not take cyber threats and impacts into account, and that leaves management with a blind spot in not fully being informed on the risk to operations,” said John Cusimano, Vice President of aeCyberSolutions. “Our new screening service leverages existing process safety hazard studies, if available, or helps to generate realistic operational consequence scenarios. These scenarios provide a proven starting point for cyber process hazards analysis (CyberPHA) and ensure compliance with industry standards and best practices.”
aeCyberSolutions’ Cybersecurity PHA Risk Screening is performed following the ISA/IEC 62443-3-2 initial risk assessment requirement (ZCR 2) and identifies the cyber-vulnerable risk scenarios found in an existing process safety study such as a PHA, layer of protection analysis (LOPA), or hazard and operability study (HAZOP). The study’s original risk ranking is adjusted to show the modified risk should the industrial control system or safety instrumented system (SIS) be compromised due to a cybersecurity threat. This provides organizations with the information they need to determine if additional safeguards are required or if a detailed ICS cyber risk assessment, such as an aeCyberPHA®, is warranted to study the specific vulnerabilities and cybersecurity countermeasures (e.g., network segmentation, access controls, etc.) in IT and OT systems and networks.
Individuals interested in learning more about aeCyberSolutions Cybersecurity PHA Risk Screening service are invited to register to attend the company’s upcoming webinar scheduled for May 26 at 2 p.m. ET. To register, visit https://www.aesolutions.com/event-details/cyberpha-risk-screening/form
aeCyberSolutions, the Industrial Cybersecurity division of aeSolutions, exclusively provides industrial cybersecurity services including risk assessments, program development, implementation, support, and training to clients in oil and gas, chemicals, maritime, water, industrial gases, and other process industries. A leader in the intersection of cybersecurity and process safety, aeCyberSolutions helps clients identify and address cybersecurity risks in a manner that is consistent with the engineering methods already in place for process safety risk management. They do so by leveraging existing information and practices while presenting a single, consistent expression of risk to senior management. The aeCyberSolutions team is exclusively staffed with personnel who have strong industrial automation backgrounds and general IT and IT security backgrounds and credentials. This combination of IT and Operational Technology (OT) expertise is essential for working in the field of industrial cybersecurity. aeCyberSolutions is based in Greenville, SC. For more information, visit www.aeCyberSolutions.com, or follow @aesolns.
Kari Walker for aeCyberSolutions