Cyber security risk analysis for process control systems using rings of protection analysis (ROPA)

Process plants may be subject to terrorist and criminal acts that can cause harm such as the release or diversion of hazardous materials and process or product damage. Such risks are evaluated using threat and vulnerability analysis and possible improvements ill security measures and safeguards are identfied. However, recommendations for improvements are usually based on engineering judgment. Such subjective assessments can lead to disagreements, and possibly inappropriate measures to reduce risk. Rings of Protection Analysis (ROPA), a simplified risk assessment method, can be used to provide more rational, objective, and reproducible decisions. ROPA parallels Layers of Protection Analysis (LOPA) that is used to evaluate accident risks. ROPA assists in identifying and determining the adequacy of existing protection systems. It is used to help determine whether there are sufficient rings/layers of protection against a threat scenario and whether the risk can be tolerated. A scenario may require multiple protection rings/layers depending on the process and the potential severity of the consequences. ROPA helps provide the basis for clear, functional specifications of required protection layers. This paper describes and demonstrates bow ROPA can be applied to cyber security, although it can also be applied to physical security. It considers the selection of security measures and integrates their consideration with other types of protective measures. (C) 2004 American Institute of Chemical Engineers Process.