This website uses non-intrusive cookies to improve your user experience. You can visit our cookie privacy page for more information.

Cyber Security

Reducing the risk of a major accident often includes the application of E, C&I related plant and equipment to contribute to risk reduction. Therefore, the overall risk reduction may depend on the correct functioning of E, C&I systems.

In the context of cyber security these E, C&I systems are often termed Industrial Automation and Control Systems (IACS), Industrial Control Systems (ICS) or Operational Technology (OT).

Duty holders may operate a range of IACS, these typically include:

IACS are commonly programmable (software based) and may, therefore, be vulnerable to cyber threats, potentially leading to undetected faults, failure, downtime and ultimately an increased risk of a major accident occurring.

In this context, Cyber Security (CS) is a term used to define measures taken to protect IACS against threats to security through accidental circumstances, actions / events or through deliberate attack.

The threats can originate from the internet, corporate networks, maintenance activities, software upgrades and unauthorised access etc. with the potential to result in incidents with major health, safety or environmental consequences.

In relation to COMAH, the topic of cyber security does not cover protection of critical infrastructure (e.g. utility networks) or protection of information on corporate networks, but the HSE’s interpretation of current standards on industrial communication network and system security, and functional safety in so far as they relate to major hazards workplaces.

CS is therefore part of the overall safety of plant and equipment that depends on the protection of IACS.

Technical Standards and Guidance


Technical Standards

Industry Publications

HSE Operational Guidance

Other information

Updated: 2018-02-27