9.1. Introduction

Managing cybersecurity in an industrial control system (ICS) involves an important proactive phase, which consists of implementing measures to reduce the likelihood of an attacker generating damage to the system. This approach is described by the risk management process of ISO 27005. In order to be able to concentrate efforts and resources on important aspects, the first step is to carry out an analysis of the risks that the installation or system runs, and those that it causes to its environment.

When considering the cybersecurity of an industrial installation, one must consider two types of risk analysis: that of the control–command system or that of the physical system. The first is a risk analysis of the industrial information system, which will be carried out using an analysis method developed for information systems; the second is a so-called “industrial” or operational safety risk analysis, for which a method such as that described in Chapter 8, such as a Preliminary Hazard Analysis (PHA) or a Hazard and Operability Study (HAZOP), will be used. These two analyses are of course not independent, since the consequences of an attack on the ICS can trigger a dangerous scenario in the physical part.

Several approaches are then possible to assess risk for the overall system:

• – carry out risk analysis for the industrial information system and consider loss of control over the installation as an impact, the severity of this loss of ...