SYSTEMS, PROGRAM PRODUCT AND METHODS FOR PERFORMING A RISK ASSESSMENT WORKFLOW PROCESS FOR PLANT NETWORKS AND SYSTEMS

摘要

Systems (30), methods, and program code (101) to perform a cyber security risk assessment on a plurality of process control networks and systems comprising a plurality of primary network assets at an industrial process facility, are provided. An example of a system (30) and program code (101) can include an industrial and process control systems scanning module (51) configured to identify networks and systems topology and to execute system and network security, vulnerability, virus, link congestion, node congestion analysis to thereby detect susceptibility to know threats to define potential vulnerabilities; a threats to vulnerabilities likelihood and consequences data repository module (53) configured to determine a likelihood of each of a plurality of known threats exploiting identified vulnerabilities and to identify consequences of the exploitation to individual impacted systems and to overall plant operation; and a risk level evaluator module (55) configured to determine a risk level rating for any identified vulnerabilities and provide recommended corrective actions.