(148d) ICS Risk Assessment Standards & Best Practices in the Chemical Sector

1. There is no simple recipe for how to secure an industrial automation and control system (IACS) and there is good reason for this. It is because security is a matter of risk management. Every IACS presents a different risk to the organization depending upon the threats it is exposed to, the likelihood of those threats arising, the inherent vulnerabilities in the system and the consequences if the system were to be compromised. Furthermore, every organization that owns and operates an IACS has a different tolerance for risk.

ISA/IEC 62443 Part 3-2, Security Risk Assessment for System Design, strives to define a set of engineering measures that will guide an organization through the process of assessing the risk of a particular IACS and identifying and applying security countermeasures to reduce that risk to tolerable levels.

This presentation will provide an overview of the 62443-3-2 standard as well as examples of how the standard has been applied in real-world applications.