Integrate Cybersecurity into Process Hazard Analyses

June
,
2019
images

Cyberattacks can infiltrate and disrupt industrial processes, causing operational disturbances, equipment damage, and even injury to employees. Incorporating cybersecurity into process hazard analyses can help you identify the vulnerabilities in your facility.

A traditional process hazard analysis (PHA), such as a hazard and operability study (HAZOP), typically includes a systematic assessment of initiating events (IEs) and their consequences. PHA teams evaluate the relationships among those events, safeguards, and consequences. However, such evaluation is generally based on unintentional causes such as human error or some unexpected failure of equipment, instrumentation, controls, or safeguards. As the chemical process industries (CPI) evolve toward greater reliance on and integration with information technology, PHA teams should also consider intentional disruption of process operations by malicious parties.

Incorporating cybersecurity in a PHA can help you identify the vulnerability of your system or facility. It can also help your facility prioritize limited resources to ensure that critical vulnerabilities are accounted for and safeguards installed in a timely and efficient manner.

Cyberattacks exploit the ever-increasing integration of modern communication with industrial process controls and operations. A typical refinery or chemical plant can have thousands of signals that are connected to a distributed control system (DCS). This arrangement presents multiple pathways for malicious parties to intervene by manipulating signals or disrupting communications. In rare but disturbing instances, these attacks can cause an incident such as a fire, explosion, and/or fatality.

This article discusses the significance of cybersecurity within industrial processes and presents a method to integrate cybersecurity analysis as part of a PHA. It demonstrates how a PHA team can assess the vulnerability of a system or facility to potential cyber threats, analyze the adequacy of safeguards, and develop necessary countermeasures to resist cyberattacks.

Author Bios: 

Addie Cormier

Addie Cormier is a lead safety consultant at Siemens Energy, Inc. She has more than 20 years of analytical and technical experience, and more than 10 years of experience in process safety. She has expertise in process design and process safety, steady-state flare modeling, and process hazard and risk analyses. She holds bachelor’s degrees in chemical engineering and chemistry from Prairie View A&M (Prairie View, TX) and a master’s degree in advanced safety engineering management from the Univ. of Alabama (Birmingham, AL).Read more

Chris Ng, P.E.

Chris Ng, P.E., is a technical advisor at Siemens Energy, Inc., with more than 18 years of process engineering experience in the upstream and downstream industry, as well as expertise in process design and modeling, process safety, and hazard and risk analysis. He has a bachelor’s degree in chemical engineering from the Univ. of Western Ontario (Canada) and is a licensed professional engineer in Texas.Read more

Would you like to access the complete CEP Article?

No problem. You just have to complete the following steps.

You have completed 0 of 2 steps.

  1. Log in

    You must be logged in to view this content. Log in now.

  2. AIChE Membership

    You must be an AIChE member to view this article. Join now.

Copyright Permissions: 

Would you like to reuse content from CEP Magazine? It’s easy to request permission to reuse content. Simply click here to connect instantly to licensing services, where you can choose from a list of options regarding how you would like to reuse the desired content and complete the transaction.