ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Book Excerpt + Q&A: Security PHA Review for Consequence-Based Cybersecurity


This ISA author Q&A was edited by Joel Don, ISA’s community manager. ISA recently published Security PHA Review for Consequence-Based Cybersecurity by Jim McGlone and Edward Marszal. In this Q&A feature, both authors highlight the focus, importance, and differentiating qualities of the book. To purchase a copy of this book, click here.



ISA recently published Security PHA Review for Consequence-Based Cybersecurity by Edward Marszal, PE, and James McGlone  – two globally recognized experts in process safety, industrial cybersecurity, and the ISA/IEC 62443 series of IACS security standards. In this Q&A feature, McGlone highlights the focus, importance, and differentiating qualities of the book.

Q. What is a Security PHA Review and how does it help ensure industrial cybersecurity?

A. The first step is applying a methodology for assessing the potential risks posed by a cyberattack on process plants. In the process industries, the most widely accepted process for identifying hazards and assessing risk is the Process Hazard Analysis (PHA) method, most commonly performed through hazard and operability studies (HAZOPs)

A Security Process Hazards Analysis (PHA) Review is a practical and inexpensive analysis method that can verify if critical industrial automation processes and machinery are protected or if they could be damaged through cyberattack.

By analyzing the cause of and safeguards for cybersecurity weaknesses, it's possible to determine consequences that are potentially unaffected by the safeguards and those that could be caused by malicious intrusion, such as hacking.

This book reviews the most common methods for PHA of process industry plants and explains how to supplement those methods with an additional Security PHA Review (SPR) study to determine if there are any cyberattack vectors that can cause significant physical damage to the facility. If these attack vectors are present, then the study methodology makes one of two recommendations: (1) modify one or more of the safeguards so that they are not vulnerable to cyberattack or (2) prescribe the appropriate degree of cyberattack safeguarding through the assignment of an appropriate security level. SPR examples provide insight for implementing these recommendations.

Any consequence that is not protected by existing safeguards or that can be caused by a cybersecurity attack is assigned an ISA/IEC 62443-based Security Level Target to be implemented or it is assigned an alternative safeguard or redesign to eliminate all or some of the cybersecurity risk.

Q. What makes this book different than other books on cybersecurity? Why were you compelled to write it?

A. We were prompted to write the book because the industry and cybersecurity practitioners are still unsure of what to do and why. The prevailing approach in industrial cybersecurity focuses on network devices such as computers, Level 3 switches, and firewalls instead of on the process and machines that could be damaged or cause damage if control is lost.

By focusing on hazard and operability studies (HAZOPs) designated scenarios, it is possible to identify hackable scenarios, rank them appropriately, and design non-hackable safeguards-such as relief valves and current overload relays-that are not vulnerable to the cybersecurity threat vector. Where inherently secure safeguard design is not feasible, the appropriate cybersecurity countermeasures must be deployed.

Q. What types of automation and process industry professionals would benefit most by reading the book?

A. The book will be useful to a wide range of automation and process industry professionals, including:

  • Instrumentation and control system engineers and technicians
  • Network engineers
  • Process safety, health and safety, cybersecurity, and maintenance personnel
  • Executives focused on risk reduction

Q. Why does the cover of your book depict springs and gears? How are they related to the content of the book?

A. The book shows how to evaluate each cause and safeguard in a "node" to discover if the consequence can be generated by a cyberattack. If a consequence is vulnerable to a cyberattack, then you can select a Security Level Target for the zone where the cause and safeguard reside or you can modify or redesign the cause and safeguard so they are not vulnerable to the cyberattack. The modifications or redesign involves choosing a different type of technology to remove the cyberattack vulnerability. In many cases, the redesign or modification might involve a device with a spring or gear instead of a microprocessor.


ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:


About the Author
Simon Lucchini, CFSE, MIEAust CPEng (Australia), serves as a Chief Controls Specialist and Fellow in Safety Systems at Fluor Canada. Through his more than 23 years in the petro-chemical industry, Lucchini has broad expertise and experience in operations/maintenance, corporate engineering, and project engineering. For the past 16 years, he has worked in the Control Systems Department at Fluor Canada. He is the Fluor Fellow in Safety Systems Design and also the chief controls specialist based at Fluor’s Calgary, Alberta Canada office. He has written papers on safety systems for various industry and academic venues, including two chapters in the 2017 Bela Liptak Instrument & Automation Engineers’ Handbook. Lucchini is currently the Safety Systems Committee chair of ISA’s Safety & Security Division, within which he produces web articles on matters of importance for the safety systems industry. He is also an active contributor to local control system networks that include a number of global oil & gas operators.


Connect with Simon


About the Author
Edward M. Marszal, PE, is president and CEO of Kenexis. He has more than 20 years of experience in the design of instrumented safeguards, such as SIS and fire and gas systems. He is an ISA Fellow, former director of the ISA safety division. Edward is the co-author of two ISA books, Safety Integrity Level Selection and Security PHA Review for Consequence-Based Cybersecurity. He is an ISA84 expert.


Connect with Edward



Joel Don
Joel Don
Joel Don is an independent content marketing, social media and public relations consultant. Prior to his work in marketing and PR, Joel served as an editor for regional newspapers and national magazines throughout the U.S. He earned a master's degree from the Medill School at Northwestern University with a focus on science, engineering and biomedical marketing communications, and a bachelor of science degree from UC San Diego.

Related Posts

How to Use HVAC Digital Twins for Better Facility Operations

Digital twins provide improved visibility by facilitating planning, preparedness and predictions. Many pe...
Emily Newton Sep 19, 2023 8:00:00 AM

Get Involved With ISA During Volunteer Month

Can you guess how many volunteers it takes to operate the ISA Society? See the answer at the end of this ...
Marty Bince Sep 15, 2023 8:00:00 AM

Manufacturers Must Reduce Risk of Upstream and Downstream Supply Chain Attacks

Supply chain disruptions are among the most pressing issues for today’s manufacturers. While geopolitical...
Emily Newton Sep 12, 2023 12:38:32 PM