The recently updated process sector safety instrumented system (SIS) standard IEC 61511 now requires that a "security risk assessment is carried out to identify security vulnerabilities of the SIS" . But how should such an assessment be approached, and what can you do to prepare for it?
There have been well publicized examples of cyber-security breaches in the public domain, including the 2017 National Health Service (NHS) "Wannacry" ransomware as an example. Perhaps less well known by the general public was the 2017 "Triton" attack on Schneider Electric's Tricon TMR safety systems on a Saudi Arabian Petrochemical plant. That led to an unplanned shutdown of the process rather than any major hazard, but it could easily have been a very different outcome.