Skip to content
NEW: ISASecure Site Assessment Program for OT Cybersecurity Learn More
About Press Documents & Forms Contact Join

All Aboard the ACSSA, First Stop - Risk Assessment (October 22, 2025)

As asset owners for industrial sites continue to work on implementing and improving cybersecurity for their facilities. The Automation Control System Site Assessment (ACSSA) program offers a formal method for evaluating the cybersecurity posture of these facilities, assessing the organizational maturity for the operator as well as service providers and the technical security controls for the system under evaluation, covering IEC/ISA 62443 parts 2-1, 2-4, 3-2 and 3-3. This offers significant improvements and standardization compared to previous assessment approaches, but many don't know how best to start preparing.

Enter the cybersecurity risk assessment. ISA/IEC 62443-3-2 provides a comprehensive method to analyze industrial systems, identify critical assets, segment them into security zones, and assess the effectiveness of planned cybersecurity controls.

This process is key for determining the scope of evaluation for an ACSSA study including all boundaries to the system and external connections.

Additionally, it helps determine the required security level targets and security controls for each zone, and provides the backbone for many aspects of the evaluation. Attendees will be introduced to the ACSSA program, the cybersecurity risk assessment process, and how a risk assessment can be used to best prepare for an ACSSA evaluation.

KEY TAKEAWAYS:
✔️ Learn about the new Automation Control System Site Assessment (ACSSA) Program
✔️ Learn best practices for conducting cybersecurity risk assessments
✔️ Receive practical guidance on streamlining and prioritizing security activities
✔️ Identify the best ways to prepare for ACSSA assessments 

Date: Wednesday, 22 October 2025
Time: 9:30 - 10:30 a.m. EDT U.S.
Price: Free

Patrick-O-Brien

Patrick O'Brien, exida LLC

Patrick O’Brien is the Assistant Director of Engineering at exida, LLC, where he helps lead a team of engineers in delivering functional safety, cybersecurity, and alarm management services. He has led cybersecurity risk assessments, training courses, and other lifecycle activities for many different applications, including oil and gas, specialty chemical, critical infrastructure, machinery, and robotics. In addition to his cybersecurity role, he also provides consulting services in the areas of process safety, functional safety, and machine safety.

He is a coauthor of Implementing IEC 62443: A Pragmatic Approach to Cybersecurity and the principal author of the CCPS concept book Managing Cybersecurity in the Process Industries – A Risk-based Approach. Patrick represents exida on the International Society of Automation Global Cybersecurity Alliance (ISAGCA) and Exida is an ISASecure member.