Cougar Automation’s cyber security team is ready to help you prepare for your site visit by inspectors.
If you operate a major hazard workplace (e.g. COMAH site), you must now be able to demonstrate that you are managing cyber security appropriately. New HSE operational guidance note 86 ‘Cyber Security for Industrial Automation and Control Systems’ sets out what inspectors will be expecting to see when they visit your site. Cougar Automation have invested heavily in cyber security so that we can help you with this challenge.
The guidance highlights that PLCs, SCADA systems, DCS systems, historians, control system servers and networks, programmable switchgear, drives, sensors, and actuators may all be vulnerable to cyber security attacks and that you must have a process in place to manage these threats.
To demonstrate you have managed cyber security risks to a level as low as reasonably practicable, you could follow the risk assessment-based process set out in the guidance, which includes:
- Identifying security threats
- Defining your Industrial Automation and Control System
- Carrying out a risk assessment
- Defining and implementing countermeasures
- Operating and maintaining security measures
- Ongoing auditing, monitoring and reviewing of the cyber security system
Whether you use the process set out in the guidance, or an alternative equivalent process, HSE inspectors will want to see documentation, records and reports demonstrating that you have put in place a suitable system to manage cyber security threats.
Cyber security is a relatively new concept in the world of industrial automation and control systems, and most systems were installed without considering cyber security. Also, securing systems is as much about the human factors (e.g. user awareness training, control of who accesses systems, user account management) as technical countermeasures. However, what this new HSE guidance makes clear is that we do now need to start taking a systematic approach to assessing these risks and gradually improving their security.
Please contact us to have a free, informal discussion with a member of our qualified cyber security team. We’ll help you determine the first steps to take to put in place an effective cyber security process for your automation and control systems.
Contact: Derek Burton, Company Leader, firstname.lastname@example.org