- LATEST BLOG POST
- echo $post_date ?>
- A decade of physical risks generated by industrial systems hacking is featuring a remarkable and worrisome acceleration. Indeed, it all…
- Read More
Any civil or military system, consists of nodes (Fig. 1) which receive, process or transform, and produce resources. The nodes are generally interdependent, as we shall see later in detail. By defining the system the context of the risk assessment is defined in compliance with ISO 310000.
The system’s architecture must be carefully studied by people who intimately know the system . Risk assessment experts can only offer support in this phase as they do not know the structure’s intricacies. However, they may, in specific cases, help customers to solve and simplify the model to reflect reality while remaining as simple as possible.
The study begins by defining all the types of primary nodes. Then, the secondary ones are defined (Fig. 2) and so on, depending on the required level of detail. This procedure can be repeated to the local, micro levels, understanding it could go down to nano, pico, etc. In a preliminary phase the definition will probably stop at secondary level. The scalability of the model will thereafter allow to zoom in one or other of the nodes (or all) to set details depending on the needs.
The system description is completed when the incoming resources, produced, processed, transported and the outgoing ones are listed in each node. In this phase it will be necessary to use engineering good sense and modelling tact in order to prepare lists compatible with the level of detail required by the customer and not to paralyze the work. The scalability of the system will eventually allow refining the descriptions.
The definition of the source of the resources and client-nodes allows processing in a reasonable manner the system’s interdependencies (internal-external).
Interdependencies between nodes (of given levels) have to be processed in a simple, but effective way, in order to avoid a “paralysis by analysis”.
Once the system is so defined it is easier to identify hazards on nodes and resources, thus setting up the first steps or a clean and well balanced risk and hazard register.