Managing Cybersecurity in the Process Industries: A Risk-based Approach
- Length: 480 pages
- Edition: 1
- Language: English
- Publisher: Wiley-AIChE
- Publication Date: 2022-04-19
- ISBN-10: 1119861780
- ISBN-13: 9781119861782
- Sales Rank: #205919 (See Top 100 Books)
The chemical process industry is a rich target for cyber attackers who are intent on causing harm. Current risk management techniques are based on the premise that events are initiated by a single failure and the succeeding sequence of events is predictable. A cyberattack on the Safety, Controls, Alarms, and Interlocks (SCAI) undermines this basic assumption. Each facility should have a Cybersecurity Policy, Implementation Plan and Threat Response Plan in place. The response plan should address how to bring the process to a safe state when controls and safety systems are compromised. The emergency response plan should be updated to reflect different actions that may be appropriate in a sabotage situation. IT professionals, even those working at chemical facilities are primarily focused on the risk to business systems. This book contains guidelines for companies on how to improve their process safety performance by applying Risk Based Process Safety (RBPS) concepts and techniques to the problem of cybersecurity.
Cover Table of Contents Title Page Copyright List of Figures List of Tables Acronyms and Abbreviations Glossary Acknowledgments Managing Cybersecurity in the Process Industries Preface Part 1: Introduction, Background, and History of Cybersecurity 1 Purpose of this Book 1.1 Target Audience 1.2 What is Cybersecurity? 1.3 What is Operational Technology (OT)? 1.4 Which industries have OT? 1.5 Scope 1.6 Organization of the Book 2 Types of Cyber‐Attacks, Who Engages in Them and Why 2.1 Types of Cyber‐Attacks 2.2 Who Commits Cybercrimes and Their Motives 2.3 Summary 3 Types of Risk Receptors/Targets 3.1 What is Cybersecurity Risk 3.2 What are Common Cybersecurity Targets? 3.3 Types of Cybersecurity Consequences 3.4 Summary 4 Threat Sources and Types of Attacks 4.1 Non‐Targeted Attacks 4.2 Targeted Attacks 4.3 Advanced Persistent Threats (APT) 4.4 Summary 5 Who Could Create a Cyber Risk? Insider vs. Outsider Threats 5.1 Insider Cybersecurity Risk 5.2 Outsider Cybersecurity Risk 5.3 Summary 6 Case Histories 6.1 Maroochy Shire 6.2 Stuxnet 6.3 German Steel Mill 6.4 Ukrainian Power Grid 6.5 NotPetya 6.6 Triton 6.7 Düsseldorf Hospital Ransomware 6.8 SolarWinds 6.9 Florida Water System 6.10 Colonial Pipeline Ransomware 6.11 Summary Part 2: Integrating Cybersecurity Management into the Process Safety Framework 7 General Model for Understanding Cybersecurity Risk 7.1 Cybersecurity Lifecycle 7.2 Integrated Cybersecurity and Safety Lifecycle 7.3 NIST Cybersecurity Framework 7.4 Summary 8 Designing a Secure Industrial Automation and Control System 8.1 The Disconnect between IT and OT Risk Management 8.2 Inherently Safer vs. Inherently More Secure 8.3 Defense‐in‐Depth 8.4 Network Segmentation 8.5 System Hardening 8.6 Security Monitoring 8.7 Risk Compatibility Assessment 8.8 Summary 9 Hazard Identification and Risk Analysis (HIRA) 9.1 Use of Process Safety Tools to Identify and Manage Cybersecurity Risk 9.2 Qualitative Methods 9.3 Quantitative Methods 9.4 How to Prioritize Risk Reduction Measures? 9.5 Revalidation/Reassessment 9.6 Summary 10 Manage the Risk 10.1 Management Approach 10.2 Initial Steps 10.3 Cybersecurity Culture 10.4 Compliance with Standards 10.5 Cybersecurity Competency 10.6 Workforce Involvement 10.7 Stakeholder Outreach 10.8 Process Knowledge Management 10.9 Operating Procedures 10.10 Safe Work Practices 10.11 Management of Change 10.12 Asset Integrity and Reliability 10.13 Contractor Management 10.14 Training and Performance Assurance 10.15 Operational Readiness 10.16 Conduct of Operations 10.17 Emergency Management 10.18 Incident Investigation 10.19 Measurements and Metrics 10.20 Auditing 10.21 Management Review and Continuous Improvement 10.22 Summary 11 Implementing a Holistic Approach to Safety and Cybersecurity 11.1 Cybersecurity Management Systems (CSMS) 11.2 Integrating CSMS with Process Safety Management 11.3 Summary Part 3: Where Do We Go from Here? 12 What's Next? A Look at Future Development Opportunities 12.1 Cybersecurity Adoption Trends 12.2 Emerging Technologies 12.3 Summary 13 Available Resources 13.1 Local, Regional, and Global Topics 13.2 Cybersecurity Incident Repositories 13.3 Competency Requirements and Training Availability 13.4 Administration vs. Accountability Functions 13.5 Summary Appendix A Excerpt from NIST Cybersecurity FrameworkExcerpt from NIST Cybersecurity Framework Appendix B Detailed Cybersecurity PHA and LOPA ExampleDetailed Cybersecurity PHA and LOPA Example B.1 System Basis B.2 Initial Risk Assessment B.3 Detailed Risk Assessment (Cyber PHA/HAZOP) B.4 LOPA/Semi‐Quantitative SL Verification Appendix C Example Cybersecurity MetricsExample Cybersecurity Metrics Appendix D Cybersecurity Sample Audit Question ListCybersecurity Sample Audit Question List Appendix E Management System Review ExamplesManagement System Review Examples ReferencesReferences Index End User License Agreement
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.