(113b) If It Isn’t Secure, It Isn’t Safe: Incorporating Cybersecurity into Process Safety

Process hazard assessments (PHA) are a well-established practice in process safety management. These assessments focus on failures (aka deviations) that are typically caused by equipment failures or human error. By design, PHAs do not consider cyber threats to industrial control systems (ICS). However, these threats represent additional failure modes that may lead to the same health, safety and environmental consequences identified in the PHA. This presentation will discuss CyberPHAs and how they integrate with existing PHAs to establish a realistic representation of cyber risk that is aligned with established process safety management programs.