In this presentation, a Project approach to Operational Technology Cyber Security is presented following broadly the ISA-TR84-00-09 methodology. The reason for following ISA-TR84 is to allow support to the Functional Safety Lifecycle while still utilising the technical and management recommendations of the IEC62443 Series which has gained global acceptance over the last decade.

The presentation will start from a greenfield scope and walk through the stages and activities a project requires to complete to allow all Cyber Security risks that may lead to a Failure on Demand occurrence. From there through Commissioning, discussion of how Cyber Security must integrate with Static and Dynamic Commissioning and the Certification Management System, into Operations and how the cyber countermeasures might have maintenance and measurement of effectiveness metrics monitoring.

Finally, the presentation will consider a significant change to the system, such as a large-scale obsolescence upgrade which may require a repeat of some earlier Project OT cyber security activities to ensure the system remains cyber-safe and continues to support the Functional Safety Lifecycle through to Decommissioning.