aeCyberSolutions, the Industrial Cybersecurity division of aeSolutions, announces the aeCyberPHA Facilitation Suite for industrial asset owners looking to self-perform, maintain, and manage cyber PHA (process hazards analysis) cyber-safety risk assessments. The suite includes an all-in-one package of the tools, training, and guidance needed to successfully lead an ISA/IEC 62443-3-2 compliant risk assessment per the proven cyber PHA methodology.
“Choosing the right method to assess cybersecurity risk can be a challenge, and effectively conducting studies can be more challenging still. As a result, many operational technology (OT) professionals lack the necessary experience and tools to facilitate and maintain cyber PHAs,” said John Cusimano, Vice President of aeCyberSolutions. “With the aeCyberPHA Facilitation Suite, the entire organization will quickly realize the benefits of ownership of the cyber PHA process and will be able to effectively make the connection between process safety and cybersecurity risk.”
While cyber PHA is a proven method in the industrial industry, it can still lead to sub-par results if the risk assessment team lacks the tools and training needed to conduct the study effectively and efficiently. Risk assessment work processes and templates, while seemingly simple, are notoriously challenging to develop and manage.
What has become the de facto methodology for ICS risk assessment, Cyber PHA links realistic threat scenarios with known vulnerabilities and existing countermeasures and couples them with credible consequences from the PHA to determine cyber risk. For facilities that do not have a formal PHA, credible worst-case scenarios are incorporated into the template. The toolset codifies aeCyberSolutions’ internal knowledge and expertise that have been refined in executing hundreds of successful cyber PHA studies, including risk assessment templates, company-specific template customization, integrated libraries, comprehensive training, and expert support guides.
“Until now, asset owners have had to hire consultants or develop internal tools to conduct Cyber PHAs,” Cusimano added. “Our new facilitation suite is truly the first of its kind in the industry and leverages our team’s tremendous experience and best practices in leading hundreds of studies and dozens of custom risk assessments to build an ideal toolset and training for Cyber PHA teams. Users of the facilitation suite will find that the toolset is easily adopted across different industry sectors and product lines, while leveraging the integrated library of common recommendations and industry best practices.”
aeCyberSolutions, the Industrial Cybersecurity division of aeSolutions, exclusively provides industrial cybersecurity services including risk assessments, program development, implementation, support, and training to clients in oil and gas, chemicals, maritime, water, industrial gases, and other process industries. A leader in the intersection of cybersecurity and process safety, aeCyberSolutions helps clients identify and address cybersecurity risks in a manner that is consistent with the engineering methods already in place for process safety risk management. They do so by leveraging existing information and practices while presenting a single, consistent expression of risk to senior management. The aeCyberSolutions team is exclusively staffed with personnel who have strong industrial automation backgrounds and general IT and IT security backgrounds and credentials. This combination of IT and Operational Technology (OT) expertise is essential for working in the field of industrial cybersecurity. aeCyberSolutions is based in Greenville, SC. For more information, visit www.aesolutions.com/aecyberpha-facilitation-suite, www.aeCyberSolutions.com, or follow @aesolns.