1.

Record Nr.

UNINA9910830481603321

Titolo

Managing cybersecurity in the process industries : a risk-based approach / / CCPS (Center for Chemical Process Safety)

Pubbl/distr/stampa

Hoboken, NJ : , : John Wiley and Sons Inc. : , : American Institute of Chemical Engineers, , [2022]

©2022

ISBN

1-5231-4617-6

1-119-86181-0

1-119-86179-9

Descrizione fisica

1 online resource (476 pages)

Disciplina

660.068

Soggetti

Chemical processes

Chemical industry

Computer security

Lingua di pubblicazione

Inglese

Formato

Materiale a stampa

Livello bibliografico

Monografia

Nota di bibliografia

Includes bibliographical references and index.

Nota di contenuto

Front Matter -- Introduction, Background, and History of Cybersecurity. Purpose of this Book -- Types of Cyber-Attacks, Who Engages in Them and Why -- Types of Risk Receptors/Targets -- Threat Sources and Types of Attacks -- Who Could Create a Cyber Risk? Insider vs. Outsider Threats -- Case Histories -- Integrating Cybersecurity Management into the Process Safety Framework. General Model for Understanding Cybersecurity Risk -- Designing a Secure Industrial Automation and Control System -- Hazard Identification and Risk Analysis (HIRA) -- Manage the Risk -- Implementing a Holistic Approach to Safety and Cybersecurity -- Where Do We Go from Here?. What's Next? A Look at Future Development Opportunities -- Available Resources -- Excerpt from NIST Cybersecurity Framework -- Detailed Cybersecurity PHA and LOPA Example -- Example Cybersecurity Metrics -- Cybersecurity Sample Audit Question List -- Management System Review Examples -- References -- Index

Sommario/riassunto

The chemical process industry is a rich target for cyber attackers who are intent on causing harm.  Current risk management techniques are



based on the premise that events are initiated by a single failure and the succeeding sequence of events is predictable. A cyberattack on the Safety, Controls, Alarms, and Interlocks (SCAI) undermines this basic assumption.  Each facility should have a Cybersecurity Policy, Implementation Plan and Threat Response Plan in place.  The response plan should address how to bring the process to a safe state when controls and safety systems are compromised. The emergency response plan should be updated to reflect different actions that may be appropriate in a sabotage situation.  IT professionals, even those working at chemical facilities are primarily focused on the risk to business systems. This book contains guidelines for companies on how to improve their process safety performance by applying Risk Based Process Safety (RBPS) concepts and techniques to the problem of cybersecurity.