As part of a comprehensive IEC 62443 risk assessment, the Cetbix HLRA risk assessment enables your organization to evaluate the potential consequences of a cyber-attack on your facility or system. The Cetbix HLRA system helps identify the most critical areas within the facility that require appropriate remedial action. It also provides the capability to analyze any threats deemed potential violation of a control system, focusing on the severity of the potential damage. Utilizing IEC 62443 risk assessment standards, the Cetbix HLRA system allows you to assess risks related to the cybersecurity of operational technologies (OT) and laboratories. It aids in defining processes to mitigate those risks and facilitates the application of risk acceptance exceptions once top management has identified the most critical consequences for their business.
Cetbix HLRA is supplemented by a detailed analysis, a so-called low-level risk assessment. This assessment focuses on the specific vulnerabilities of the systems to be tested, in particular identifying the critical components of the infrastructure that could lead to the most serious implications.
The Cetbix HLRA risk is based on the following formula:
Risk = Threat x Vulnerabilty x Probability (Likelihood) x Impact
Cetbix HLRA assists in evaluating the consequences of risks to quantify them effectively. The solution provides a detailed analysis of existing countermeasures and identifies any vulnerabilities present. In other words, for each asset, Cetbix highlights the potential impact on the business if that asset is successfully attacked, emphasizing the worst possible consequences for the organization.
Modern industrial control systems require a comprehensive cybersecurity risk assessment that addresses the highest levels of management. For this reason, Cetbix's HLRAMS highlights several critical factors, including economic impact, health and environmental concerns, legal issues, funding, regulatory requirements, data leakage, reputational damage and information systems security. It goes beyond simply assessing the potential damage and consequences of a cyberattack and also identifies countermeasures that can be taken. More importantly, it enables organizations to quantify the risks associated with operational technology (OT) cybersecurity and assess the risks they are willing to accept or reject. In this context, identifying parameters that effectively quantify the potential damage is critical to understanding the potential impact.
To effectively utilize the HLRA on Cetbix, you can either customize it or use the standard IEC 62443 applicable for high-level risk assessments on Cetbix. The Cetbix HLRAMS includes models for conducting risk analyses aligned with the cybersecurity lifecycle, beginning with a macroscopic assessment of the potential impact of a cyberattack on an industrial control system.
Start by inventorying the network properties using the Cetbix OT inventory system. Then, apply the Cetbix risk assessment model to evaluate the plant, which involves assessing all possible consequences of an attack and estimating the resulting damages.
Conduct a preliminary high-level risk assessment to outline the key business rationale results. For the final high-level risk assessment, the Cetbix exemption and risk treatment model empower internal personnel to address cybersecurity issues, including random cyber incidents such as ransomware or DDoS attacks, as well as damages caused by human factors like social engineering.