Industry takes specific steps to minimize the likelihood of occurrence and the consequences of loss of control or containment events. However, over the past few decades, we have shifted much of our control systems entirely to microprocessor-based systems. The new control systems allow significant leaps in function over their analog counterparts. Unfortunately, this has also created greater risk from cyber attack.
The problem is amplified because we are replacing more and more mechanical safeguards with microprocessor-based devices and networking them so that we can configure them from the comfort of our offices or even our vendor or integrator’s offices.
The Security PHA Review (SPR) described in our book is easy to understand and easy to implement, either during or after a hazard and operability study (HAZOP). Once properly implemented, the processes that make you nervous will be safe from cybersecurity attacks even if the information technology (IT) and cybersecurity people make a mistake.