Industrial Control System (ICS) Cybersecurity Risk Methodology Webinar

3 March, 2021

Many operators are not prepared for the changing cyber threats commonly encountered today. Unlike IT systems that can be easily refreshed and patched, industrial control system (ICS) assets face other unique challenges and solutions. Assessments for cyber risks of enterprise IT environments are relatively mature and many industry standards can be used. Unfortunately, cyber risk assessments for ICS environments are still far from maturity. Many companies are unfamiliar with the cyber-related vulnerabilities, threats and risks to their field operations.


BBA received funding from NRCan’s Canada Cyber Security and Critical Energy Infrastructure Program (CCEIP) to develop a risk methodology for ICS environments.

By establishing a methodology that helps identify and evaluate ICS cyber risks, we provide a supplement for companies to use in addition to established processes and methodologies that help control cyber risks of enterprise IT environments. This will assist companies with better visibility, awareness and protection on rising cyber risks that are threatening their operational environment.

Download our report to learn more.

BBA ICS Cybersecurity Experts

José Alvarado

José Alvarado, P.Eng., GICSP

Department Manager, ICS Cybersecurity

Mr. José Alvarado has sound experience in several engineering fields, particularly with renewable power generation control projects and integrating industrial IP networks and SCADA systems. He also participated in upgrading control and telecommunication systems including design, technical specifications and commissioning within the scope of several utility, and oil and gas projects. José developed further expertise in implementing communication protocols, and programming and commissioning soft PLCs, RTUs, networking devices, loop controllers and HMIs. He also implements data acquisition and telecommunication systems.

When BBA expanded into the oil and gas market in 2012, Mr. Alvarado relocated to Western Canada to assist in organizing and launching the new Calgary office. Currently, he coordinates and leads BBA’s national Industry 4.0 Cybersecurity initiative within the ICS Cybersecurity group.

Paul Haughey

Paul Haughey, CISSP, CET, PMP, GICSP

Automation and ICS Cybersecurity Specialist

Mr. Haughey graduated from the Telecommunications Technology program at the Northern Alberta Institute of Technology. He has over 35 years of experience specializing in industrial control system design and in programming and commissioning a variety of systems. He has worked on projects in the oil and gas, manufacturing, power utility, pipeline, oil sands, off shore, water/wastewater treatment, rendering, and food and beverage sectors.

Paul has led several cybersecurity projects assisting clients in meeting NERC CIP regulatory requirements, developing incident response plans, performing assessments, gap analyses and remediation and developing internal compliance programs using the NIST framework and IEC 62443. He also has extensive experience working on safety instrumented systems, HMI/SCADA, programmable logic controllers (PLCs), remote terminal units (RTUs), software development and embedded systems. He has built a number of custom automation solutions using embedded controllers and IoT platforms.

In addition, he has taught distributed control systems (DCS) classes at the local college. Paul established two automation companies over the past fifteen years and is currently working at BBA in Calgary, Alberta, as an automation and ICS cybersecurity lead.


Across the country, our experts can
help you tackle your greatest challenges.