流程工业中的网络安全管理：基于风险的方法

化学加工行业是有意造成伤害的网络攻击者的主要目标。当前的风险管理技术基于这样一个前提：事件是由单一故障引发的，后续事件的顺序是可预测的。对安全、控制、警报和联锁（SCAI）的网络攻击破坏了这一基本假设。每个设施都应制定网络安全政策、实施计划和威胁应对计划。响应计划应说明当控制和安全系统受到损害时，如何使过程处于安全状态。应对应急响应计划进行更新，以反映在破坏情况下可能适用的不同行动。IT专业人士，甚至那些在化工厂工作的人，主要关注业务系统的风险。本书为公司提供了指南，指导公司如何通过将基于风险的过程安全（RBPS）概念和技术应用于网络安全问题来提高其过程安全性能。
Managing Cybersecurity in the Process Industries: A Risk-based Approach
The chemical process industry is a rich target for cyber attackers who are intent on causing harm. Current risk management techniques are based on the premise that events are initiated by a single failure and the succeeding sequence of events is predictable. A cyberattack on the Safety, Controls, Alarms, and Interlocks (SCAI) undermines this basic assumption. Each facility should have a Cybersecurity Policy, Implementation Plan and Threat Response Plan in place. The response plan should address how to bring the process to a safe state when controls and safety systems are compromised. The emergency response plan should be updated to reflect different actions that may be appropriate in a sabotage situation. IT professionals, even those working at chemical facilities are primarily focused on the risk to business systems. This book contains guidelines for companies on how to improve their process safety performance by applying Risk Based Process Safety (RBPS) concepts and techniques to the problem of cybersecurity.