IEEE HOU Sec: Leveraging PHA to Develop Requirements for Cyber-Security


Registration Highly Recomended

Process plants need to be protected against physical consequences generated from cyber-attack.  The starting point for developing a program for cyber-security is the assessment of the risk posed by cyber-attacks.  Instead of starting with a blank sheet for paper for this analysis, use of the existing PHA documentation and process will provide optimal results with minimal additional work, and also ensuring that risk tolerance criteria and risk management methods are consistently applied.  This paper will explain how existing methods for process hazards analysis (PHA) of process industry plants can be expanded with an additional "cyber review".  The purpose of the cyber review is to determine if there are any cyber-attack vectors that can cause significant physical damage to the facility, and if so, make recommendations for modifying one or more of the safeguards in a cyber-vulnerable vector so that they are not vulnerable to cyber-attack, or assigning an appropriate level of performance to cyber-security measures.  The same way that definition of safety integrity levels (SIL) flow from HAZOP through LOPA to a safety instrumented system specifications, the definition of "security levels" as defined in ISA 99 (IEC 62443) can flow from the PHA through a "cyber review" to industrial control network specifications.

The approach that will be discussed includes analysis of the causes of safety incidents, the safeguards that prevent the causes from resulting in consequences, and the magnitude of the consequences that might result from the realization of these hazards.  The discussion will include an example of a batch chemical reactor where a Hazards and Operability (HAZOP) study was assessed using a PHA cyber review in order to determine whether or not the facility was inherently cyber-safe, and if not, make cyber-safe recommendations and define IEC 62443 Security Level specifications.

  Date and Time




  • Date: 23 Feb 2017
  • Time: 06:30 PM to 08:30 PM
  • All times are (UTC-06:00) Central Time (US & Canada)
  • Add_To_Calendar_icon Add Event to Calendar
  • 5430 Westheimer Rd
  • Houston, Texas
  • United States 77056
  • Building: HESS Club
  • Click here for Map

  • IEEE Houston Section Programs Chairman

  • Co-sponsored by Jared Johnson
  • Starts 31 December 2016 12:00 AM
  • Ends 23 February 2017 07:30 PM
  • All times are (UTC-06:00) Central Time (US & Canada)
  • Admission fee ?


Ed Marszal Ed Marszal of


Ed Marszal is President and CEO of Kenexis. He has over 20 years of experience in the design of instrumented safeguards such as Safety Instrumented Systems and Fire and Gas Systems, and membership on the ISA 84 Standard Committee.  Ed is an ISA Fellow and former Director of the ISA Safety Division and the author of the “Safety Integrity Level Selection” textbook from ISA.  He is also a registered professional engineer and an ISA84 Expert.

Address:3366 Riverside Drive, Suite 200, Columbus, United States, 43221

Ed Marszal of


Address:Columbus, United States


6:30 Registration

6:45 Dinner

7:15 Presentation

8:15 Q&A

8:30 Speaker Appreciation Presentation

Dinner will be served, please indicate during your registration if you have any dietary restrictions. Alternative meals will be selected to accommodate your registration request.  Very limited previsions can be made for at the door registration.