Unlike IT application, ICS (Industrial Control System) involves direct physical process that will affect human safety and impose environment impacts.
When we conduct ICS risk assessment, we must not just limited thoughts to cyber risks. Cyber risk is just one of the causes that affect the stability, manageability and operability of the ICS.
For impacts caused by cyber issues, are these due to general equipment fault rather than cyber attack? What about other physical damages like communication lines fails due to natural disaster, or machinery break down from wear and tear? The counter-measures shall then also address non-cyber issues for a comprehensive business continuity arrangement.