The cybersecurity threat to industrial operations has evolved and rapidly expanded over the last year. A number of factors, including a shift to more engineering and maintenance remote activities, more remote operation work on production lines and incomplete digitalization efforts, have led to this rise.

Public awareness of the threat is growing. Colonial Pipeline, the largest pipeline operator in the United States, was compromised earlier this year, temporarily shutting down access to the pipeline’s fuel for a large swath of the country. As this directly affected consumers, calls for action from the public rang loud following the attack.

Despite the growing threat and public pressure, organizations remain unprepared. Organizations may be facing a paradox of choice. The cybersecurity industry includes myriad services, many of which are relatively new and sometimes untested. Confounded by choices, many organizations end up unprotected from the risks facing a firm like their own.

This publication reviews the current threat landscape and presents directions for organizations to take action today and be better prepared for the evolving threat. Core to the recommendation of this paper is the cyber PHA – process hazard analysis – as a toolset for industrial organizations.

Six phases of a cyber PHA
cyber pha