How similar is your process safety and cyber-security risk-based analysis processes?
There's been a lot written in recent months about the similarities in taking a risk-based analysis approach to both process safety and cyber-security threats.
Do you see these similarities and if so, in what ways does it organizationally impact the people responsible for these areas?
Risk Based Analysis for Process Safety & Cyber Security
Process Safety analysis usually involves two components that usually starts with "What if XXXX incident occurs".
Consequences of that incident could be (a)injury or death of personnel (b)business/asset loss. How much of protection does a business wants to provide against that scenario determines the level of risk reduction. Many industries that deal with hazardous materials put a lot of emphasis in preventing (or providing protection against) personnel injuries/death. When it comes to risk reduction against business loss or asset protection the level of risk reduction would vary.
Cyber Security generally falls into the business loss/asset protection category which could be analyzed using the same "what if" scenario. Even though an argument could be made that someone can hack into a Safety/Interlock System and disable it (thus causing injury/death), chances of such an occurance is slim at best because the safety systems are usually located in secure areas with enough access protection built in.