The High Level Risk Assessment is the starting point of an Industrial Cyber Security Risk Assessment in compliance with the Cyber Security Lifecycle defined by the international standard IEC 62443 for OT Security.
What is a High-Level Risk Assessment
Across a complete IEC 62443 risk assessment, the High-Level Risk Assessment is performed to determine the potential consequences in the event that a plant/system is compromised by a cyber attack. High-Level Risk Assessment helps identify the most critical areas inside a plant, where it is requested to perform adequate mitigation actions. In terms of High-Level Risk Assessment, cyber-attacks are usually analyzed by simulating their success, i.e. the potential violation of a control system, and by focusing on the severity of the damage. IEC 62443 risk assessment must be understood as a means for estimating the risk related to OT Cyber Security, once the top management has defined the most critical consequences for its business. This is what the IEC 62443 standard names Business Rationale.
Then, High-Level Risk Assessment is deepened by a detailed analysis (Low-Level Risk Assessment), which takes into consideration those specific vulnerabilities of systems that need to be analyzed, and specifically, the most considerable parts of the infrastructure, in terms of the most serious consequences.
The calculation of High-Level Cyber Risk is based on the following formula:
Risk = 〖Threat〗 Potential x 〖Probability] (Event Happens〗 x 〖Consequences〗 Event
The probability that the event happens must be determined by considering a specific asset and its attractiveness, i.e. how profitable an asset is in economic terms if attacked.
At this stage, it is important to weigh the consequences in order to quantify the cyber risk. High-Level Risk Assessment simply considers the event as probable, without going into detail on what countermeasures are already in place or what vulnerabilities are present. In other words, for each asset, we answer this question: in the event that a specific asset is successfully attacked, what is the worst consequence my business will suffer?
Industrial Cyber Security Risk Assessment is an analysis intended for the top management, for this reason, consequences are considered in economic terms. The purpose of this analysis is not to establish in detail what damage and what consequences derive from a cyber attack on the industrial system, nor what type of countermeasures must be implemented; High-Level Risk Assessment simply allows us to summarily quantify which risks are connected to OT cybersecurity and still, summarily, what weight these risks assume. In this sense, the parameter that best quantifies the damage is the economic one.
In the next paragraphs, we will see an example of how to set up a High-Level Risk Assessment by starting from the evaluation of Business Rationale.
Technical standards for High-Level Risk Assessment
The following table shows the technical standards within the IEC 62443 standard applicable to the High-Level Risk Assessment:
|ISA 62443-1-1:2015||Industrial communication networks – Network and system security – Part 1-1: Terminology, concepts, and models|
|IEC 62443-2-1:2010||Industrial communication networks – Network and system security – Part 2-1: Establishing an industrial automation and control system security program|
|IEC 62443-3-3:2013||Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels|
IEC 62443 suggests the guideline for understanding requirements and models for setting up a risk analysis in accordance with the Cyber Security Lifecycle, which starts from the macroscopic assessment of the impact of a cyberattack on an industrial control system. As mentioned, the High-Level Risk Assessment starts with the evaluation of Business Rationale.
What is Business Rationale
Within any organization, the road to developing an effective Industrial Cyber Security Risk Assessment begins from the top management becoming aware of the technical, commercial, and branding damages deriving from suffering a cyber attack. Business Rationale is a high-level description of the possible consequences of a cyber attack addressed to the most sensitive corporate assets. By starting from the assessment of this kind of consequence, we will plan the next actions aimed at the implementation of a Cyber Security Management System in compliance with the IEC 62443 standard.
In the following example of Business Rationale, we examine a few of the most considerable consequences of a cyber attack:
- Business Continuity. The attack on an infrastructure involves the shutdown of the plant connected to the infrastructure for long. The consequence of the shutdown of the plant can be examined on different levels: at a system level or at the level of any other systems belonging to the same plant which interact with the main one. In this case, the damage of a plant shutdown must be assessed in terms of loss of production.
- Safety, i.e. threats that can lead to the alteration or inhibition of safety functions present on machines, systems, or environments and whose safety automation is implemented by means of safety PLC where the exchange of signals occurs through network connections. This kind of threat could lead to injury or accidents. Even in this case, the assessment is carried out on several levels, in terms of impact on the internal staff or on external staff.
- Environment. When equipment intended for the production and control of hazardous emissions is attacked and manipulated, the risk of hazardous environmental emissions must be evaluated similarly to the safety aspect (see the previous point).
Business Rationale helps define the critical consequences and thresholds to be taken into account along the High-Level Risk Assessment and the weight that each consequence represents for a company. In the table below, we present an example of Business Rationale:
Cyber Security Risk Assessment: our proposal
As mentioned, the first step for developing an OT Cyber Security plan is the macroscopic estimation of the risk deriving from a cyber attack.
For this scope, named by the IEC 62443-2-1 standard as High-Level Risk Assessment, our pool of ISA99/IEC62443 certified in-house specialists provides a comprehensive set of services aimed at defining the Cyber Security requirements applicable to the integrated control system subject to the analysis.
Each phase of the project is managed in accordance with the Cyber Security Lifecycle, as suggested by the IEC 62443 standard. Our proven experience in industrial automation allows us to support our customers through the whole development process of a control system, by identifying vulnerabilities and providing operational solutions.
Our High-Level Cyber Security Risk Assessment service is articulated into 4 phases:
- Inspection/conference call for the survey of preliminary information, where we investigate the main properties of the network architecture
- Definition of Business Rationale; this phase involves the discussion of all possible consequences of an attack and the estimation of damages
- High-Level Risk Assessment (preliminary), aimed at highlighting the results of Business Rationale
- High-Level Risk Assessment (final), where we complete the analysis by providing all the information needed for managing cybersecurity processes. In this way, the internal personnel will be able to deal with cybersecurity issues, such as random cyber incidents (i.e. ransomware or DDoS), or damages caused by the human factor (social engineering), etc.
This work is the fundamental and preparatory starting point for the next actions, which have the final aim of establishing the mitigation measures addressed to industrial control systems.
Did you find this helpful? For further information about our IEC 62443 Risk Assessment or to request a quote