On Demand: Does Aligning Cyber Security and Process Safety Approaches Reduce Risk?

On Demand: Does Aligning Cyber Security and Process Safety Approaches Reduce Risk?

As more users ask that question, they are learning the approach to security can be similar to safety.

Enjoy this very informative [60:00 min] presentation!

What’s next?

View the survey results presentation »

This Safety/Security presentation:

  1. Introduction by Greg Hale, editor of ISSSource.com [0:00]
    1. Both disciplines aim to protect Operational Integrity …with key differences [0:42]
    2. Operational Integrity depends on… [2:00]
    3. Each asset owner, Integrator and supplier need to ask themselves these 3 questions: [4:54]
  2. Question 1: Do we understand what could go wrong? [6:30]
    1. Asset Owner: Understand the Risk; Learn What to Protect [6:30]
    2. Supplier: Create Threat Model [10:33]
    3. System Integrator: Risk Assessment [15:55]
  3. Question 2: Do we know what systems we have in place to prevent this from happening? [20:00]
    1. Asset Owner: Full System Validation [20:18]
    2. Supplier: Test, Test, Test [23:40]
    3. System Integrator: Integration of Security; Defense in Depth [27:14]
  4. Question 3: Do we have the information to assure us they are working effectively? [30:38]
    1. Asset Owner: Use Risk Matrix [30:37]
    2. Supplier: Security Process Verification [33:54]
    3. System Integrator: Train Personnel on How to Use Monitoring Tools [38:34]
  5. Aligning Cyber Security and Process Safety Reduces Risk [41:33]
    1. Our experiences and focus of this webinar has been to illustrate that there is much to be learned and gained in the protection of Operational Integrity from both the Safety and Cyber Security approaches.
    2. Security will continue to evolve and learn from the experience and disciplines of process safety and, when the approaches are aligned TOGETHER, the risk of disasters is greatly reduced.
  6. Take aways [42:00]

    As a summary wrap-up, we talked about going back to our panel of experts to provide one action they could take (from their persona perspective) to better align Process Safety and Cyber Security approaches.

  7. Q&A [45:32]
    Some of the questions asked and answered:

    • How do we focus on the ROI of a safety and security solution? How do we secure funding, get the resources behind it and show the value? [46:02]
    • Are the tests performed on the network disruptive? or can they be performed with the plant online? [49:15]
    • Is there a 3rd party certification body who can evaluate individual products against security standards? [52:00]
    • Are there quantitative techniques established for security analysis like there is for SIS? [53:22]
    • What is the opinion of the panel on VLAN security? I have a DMZ VLAN on my switches with the SCADA VLAN on the same switch. Ten years ago this was considered a secure method as long as the switches were in a secure area today does the panel recommend separate physical switches for SCADA and DMZ LAN? [55:40]
    • Are there regulations (OSHA DHS etc.) that are on the horizon? [57:30]