Cyber-attacks aimed to interfere with the Basic Process Control System (BPCS) and the SIS (Safety Instrumented System) of industrial facilities where large quantities of hazardous substances are stored or handled may have consequences comparable to those of conventional major accidents due to internal causes.
While consolidated approaches exist to manage and control the cybersecurity of IT (Information Technology) and OT (Operational Technology) systems of a plant, there is an evident lack of operating procedures for assessing the actual link between malicious manipulations of the BPCS and the SIS (OT system) and the major accidents that can be induced.
In the present study a specific operating systematic methodology, PHAROS, was developed to address the identification of major accident scenarios achievable by remote manipulation of the physical components of the plant (e.g. automatic valves, pumps, compressors, etc.). The methodology exploits a reverse-HazOp concept and it also supports the definition of the specifications for the design and management of barriers aimed at the prevention and mitigation of such scenarios. The application of PHAROS to a demonstrative case study evidenced first that both the BPCS and the SIS typically need to be attacked in order to induce major accidents, and second, that passive/inherent safeguards have a key role with respect to the success of the considered malicious attack in case they are properly designed.