Hazardex 2019 Conference Presentations - Cybersecurity Risk Assessment: A Semi-Quantitative Approach for SIF
20 November 2018
The ISA standard employs the notion of security levels (SL 1-4); the clear temptation is to expect direct correspondence with safety integrity levels (SIL), but there is no such direct correspondence between SL and SIL. The SL are so defined that they can identify a target requirement (SL=T) for comparison with equipment capability SL-C and the achieved security level (SL-A).
The SLs have a notional correspondence with the degree of sophistication and determination associated with possible attacks.
This presentation describes an approach in which we can:
• assign a likelihood of an attack at any given security level as a function of the attractiveness of the target operation,
• establish a risk tolerability calibration, and
• determine SL targets on a quantitative basis from the PFD/PFH targets for the safety instrumented functions.
Consideration is given to the potential for common cause attacks on Safety Instrumented Functions and otherwise Independent Protection Layers by examining the co-incidence of these functions within the identified security zones on the zone and conduit drawing.
It also offers some thoughts on tolerable cybersecurity risk calibration in respect of non-safety business disruption impacts.
Given the nature of cybersecurity, significant uncertainty remains but the technique allows a coherent approach to risk assessment to promote proportionate investment in defence.
Harvey T. Dearden (BSc CEng FIET FIMechE FInstMC FIChemE) is Engineering Director of HTS Engineering Group and a director of SISSuite Ltd. and Time Domain Solutions Ltd.
He is actively involved with the Institute of Measurement & Control and specialties include: Implementation of IEC61508/61511 (SIL), DSEAR/ATEX; Development/troubleshooting of control systems/strategies; Development of engineering management policy/procedures; Auditing of fiscal measurement systems and Training on control/measurement/protection systems
He previously held senior engineering positions at Great Lakes Chemical, Associated Octel Company, Costain Oil and Gas & Process Ltd
Contact Details and Archive...