![Page 1: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/1.jpg)
1
INTEGRATING AND IMPROVING
CYBER AND PHYSICAL
SECURITY VULNERABILITY ANALYSIS (SVA)
by Paul Baybutt, Primatech Inc.
Presented at the
1st Latin American Process Safety Conference and Exposition,
Center for Chemical Process Safety, Buenos Aires, May 27 – 29, 2008
www.primatech.com
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 2: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/2.jpg)
2
OVERVIEW
Background
Cyber security
Security Vulnerability Analysis (SVA)
Integration and improvement of cyber and physical SVA
Lessons learned
Conclusions
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 3: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/3.jpg)
3
BACKGROUND
“There are many ways of going forward,
but only one way of standing still.”
Franklin D. Roosevelt
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 4: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/4.jpg)
AccidentsNatural
Events
Malevents (Deliberate Acts)
EXTRAORDINARY EVENTS
PHA PHA and ERP SVA
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 5: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/5.jpg)
5
MALEVENT THREATS
Physical Cyber
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 6: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/6.jpg)
6
PHYSICAL SECURITY PROTECTS AGAINST
THREATS OF…
Release of hazardous materials
Theft or diversion of materials
Contamination of chemicals, materials or
products
Damaging, destroying or stealing assets
Manipulating or disabling equipment,
processes, plants or other assets
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 7: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/7.jpg)
7
CYBER SECURITY PROTECTS AGAINST
THREATS OF…
Cyber attack to disable or manipulate
computer systems
Physical attack to disable or manipulate
computer systems
Access by adversaries who want to obtain,
corrupt, damage, destroy or prohibit access
to valuable information
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 8: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/8.jpg)
8
SOURCES OF THREATS
Internal
E.g. Disgruntled employees or contractors
External
E.g. Terrorists, criminals, activists, hostile
governments
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 9: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/9.jpg)
9
EXAMPLE – PHYSICAL ATTACK ON A
CHEMICAL FACILITY
In 1997, four KKK members plotted to place
an improvised explosive device on a hydrogen
sulfide tank at a refinery near Dallas
FBI infiltrated the group
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 10: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/10.jpg)
10
EXAMPLE - CYBER ATTACK ON A WASTE-
TREATMENT PLANT
Disgruntled contractor
caused the release of millions
of gallons of raw sewage in
Queensland, Australia
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 11: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/11.jpg)
11
WHAT IS THE CURRENT STATUS OF
SECURITY IN PROCESS PLANTS?
In 1999, the Agency for Toxic Substances
and Disease Registry (ATSDR) reported that
“Security at chemical plants ranged from fair to
very poor”
“Most security gaps were the result of
complacency and lack of awareness of the threat”
US industry and government have acted, e.g.
ACC Security Code, 2002
DHS CFATS Regulation, 2007
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 12: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/12.jpg)
12
POSSIBLE APPROACHES FOR PROCESS
SECURITY
Head in the sand
Reactive
Proactive
“What we anticipate seldom occurs; what we least expected
generally happens.” Benjamin Disraeli
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 13: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/13.jpg)
13
CYBER SECURITY
“Most human beings have an almost infinite capacity for
taking things for granted.”Aldous Huxley
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 14: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/14.jpg)
14
CYBER VULNERABILITIES
Control systems are increasingly connected to
business, commercial and enterprise networks
These are connected to the Internet
Control systems may also contain:
Computers with Internet connections
Modems for remote access
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 15: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/15.jpg)
15
CYBER VULNERABILITIES (CONTD.)
Current control systems:
Not designed with public access in mind
Often have poor security
Much of the technical information needed to
penetrate these systems is readily available
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 16: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/16.jpg)
16
CYBER THREATS ARE REAL
In 2003 the Slammer worm was released (malware)
Utility's SCADA network was downed when Slammer moved from a corporate network to the control center network
Some petrochemical plants lost HMIs and data historians
In Ohio's Davis-Besse nuclear power plant a safety monitoring system was disabled
Despite a belief that the network was protected by a firewall
Event occurred due to an unprotected interconnection between plant and corporate networks
These were the effects of the release of oneunintelligent piece of malicious software
No specific facility was targeted
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 17: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/17.jpg)
17
SECURITY VULNERABILITY ANALYSIS
(SVA)
“Minds are like parachutes; they
work best when open.”
Lord Thomas Dewar
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 18: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/18.jpg)
18
SECURITY VULNERABILITY ANALYSIS
(SVA)
Identifies ways in which deliberate acts could
cause harm (threat scenarios)
How flaws or weaknesses expose a system to
attack
Determines protective measures that could
be taken
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 19: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/19.jpg)
Initiation
THREAT SCENARIO
Enabling events
TerminationPenetration
AttackAccess to
assetsCause harm
Action
Consequence
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 20: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/20.jpg)
SVA METHODS
Method Origination Protect Approach
Asset-based Security
professionals
Assets Pairs assets with
threats to define
threat events
Scenario-based Safety
professionals
Against
accidents
Develops more
detailed scenario
descriptions
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 21: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/21.jpg)
21
SVA METHODS (CONTD.)
Early SVA approaches focused on physical
security
Cyber security was not considered explicitly
Separate cyber SVA methods have
subsequently been developed
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 22: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/22.jpg)
22
SVA METHODS (CONTD.)
This paper focuses on how physical and
cyber security can be addressed in the
same study
The SVA methods presented also:
Integrate asset-based and scenario-based
methods into a unified approach
Improve on previous approaches
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 23: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/23.jpg)
23
INTEGRATION AND IMPROVEMENT OF
CYBER AND PHYSICAL SVA
“Never mistake motion for action.”
Ernest Hemingway
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 24: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/24.jpg)
Threat
Events
Attackers + Intent
Assets
Threats
Risk Estimate Recommendations
Combination of
severity and
likelihood
Possible actions
to reduce risk
MODEL FOR SECURITY RISK
ASSESSMENT
Specific actions to
cause harm
using assets
Chemicals
Equipment
People
Information
Etc.
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 25: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/25.jpg)
25
SVA STEPS
Preparation and organization
Target analysis
Threat analysis
Vulnerability analysis
Identification of consequences
Identification of existing countermeasures
Estimation of risks
Identification of recommendations
Documentation and reporting
Follow-up
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 26: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/26.jpg)
26
SVA STEPS
Preparation and organization
Target analysis
Threat analysis
Vulnerability analysis
Identification of consequences
Identification of existing countermeasures
Estimation of risks
Identification of recommendations
Documentation and reporting
Follow-up
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 27: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/27.jpg)
EXAMPLE OF TARGET ANALYSIS FOR
CRITICAL ASSETS
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 28: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/28.jpg)
28
SVA STEPS
Preparation and organization
Target analysis
Threat analysis
Vulnerability analysis
Identification of consequences
Identification of existing countermeasures
Estimation of risks
Identification of recommendations
Documentation and reporting
Follow-up
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 29: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/29.jpg)
EXAMPLE OF THREAT ANALYSIS
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 30: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/30.jpg)
30
SVA STEPS
Preparation and organization
Target analysis
Threat analysis
Vulnerability analysis
Identification of consequences
Identification of existing countermeasures
Estimation of risks
Identification of recommendations
Documentation and reporting
Follow-up
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 31: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/31.jpg)
EXAMPLE OF ASSET-BASED PHYSICAL SVA
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 32: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/32.jpg)
EXAMPLE OF SCENARIO-BASED PHYSICAL
SVA
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 33: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/33.jpg)
EXAMPLE OF ASSET-BASED CYBER SVA
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 34: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/34.jpg)
EXAMPLE OF SCENARIO-BASED CYBER
SVA
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 35: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/35.jpg)
35
LESSONS LEARNED
“The only real mistake is the one from which we learn nothing.”
John Powell
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 36: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/36.jpg)
36
ADVANTAGES OF COMBINING PHYSICAL
AND CYBER SVA
Economies in preparation and organization of
studies
Overlap in the team members required
Physical attacks apply to both plant
equipment and computer systems
SVA process is similar for physical and cyber
security
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 37: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/37.jpg)
37
ADVANTAGES OFFERED BY IMPROVED
SVA METHODS
Simpler, more direct and coherent analysis
Results are as comprehensive
Analysis and documentation of results is
simplified
Single worksheet is used
Target analysis, threat analysis and vulnerability
analysis can also be displayed in separate
worksheets
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 38: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/38.jpg)
38
ADVANTAGES OFFERED BY IMPROVED
SVA METHODS (CONTD.)
Possible to conduct the simpler, asset-based
analysis first and transition smoothly into a
scenario-based analysis
Either for the entire facility or parts of it
Can also go directly to a scenario-based analysis
SVA is easily updated for revalidation
Or, for change and configuration management
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 39: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/39.jpg)
39
ADVANTAGES OFFERED BY IMPROVED
SVA METHODS (CONTD.)
Format similar to PHA
Benefits PHA team members who will participate
in SVAs
Structured around a classical risk analysis
framework
Can be updated and modified easily to benefit
from future technical developments
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 40: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/40.jpg)
40
CONCLUSIONS
Risk of malevents for process
plants is real
Must be assessed and managed
for all credible threats
SVA is the key
A process security management
program should be implemented
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 41: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/41.jpg)
41
FURTHER INFORMATION
Technical papers on cyber and physical SVA
and management systems:
www.primatech.com
Contact info:
Copyright © 2008, Primatech Inc., All rights reserved.
![Page 42: INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY … · 2016-06-20 · INTEGRATING AND IMPROVING CYBER AND PHYSICAL SECURITY VULNERABILITY ANALYSIS (SVA) by Paul Baybutt, Primatech](https://reader031.vdocuments.mx/reader031/viewer/2022011822/5ec5e26008eedb081827345d/html5/thumbnails/42.jpg)
Copyright © 2008, Primatech Inc., All rights reserved.