Armexa’s John Cusimano was recently featured in an important Today with ISSSource podcast on Understanding Consequence-based Risk as well as a written story:
Learning to Apply a Consequence-Based Risk Assessment
Article: Learning to Apply a Consequence-Based Risk Assessment
A midstream pipeline operator was conducting a cybersecurity risk assessment when they discovered an issue with the storage tank control system at a terminal.
The assessment revealed an engineering laptop was simultaneously connected to both the PLC network and business networks, potentially exposing the PLC network to the Internet. Compromise of the PLC could result in tank overfill resulting in a loss of containment (i.e., an oil or gas spill). Actions were taken immediately to address the risk.
This story is based on a real event and is a simple example of the value of conducting a consequence-based risk assessment. The engineer had connected his laptop as a matter of convenience but hadn’t considered the potential consequences of doing so. MORE
Interested in learning more about Armexa’s Consequence-based Risk Assessments:
Consequence-based Risk Assessments | Armexa
Armexa’s cybersecurity experts bring decades ofhttps://armexa.com/ot-cyberhazop/ operational experience and were instrumental in shaping the internationally recognized International Society of Automation/International Electrotechnical Commission (ISA/IEC) 62443-3-2 standard for security risk assessment in system design. Our consequence-based risk assessment methodologies are grounded in that ISA/IEC 62443-3-2 standard, ensuring a structured and standards-based approach to OT risk analysis. Armexa offers two options: CyberHAZOP™ and CyberBowtie™.
