- Products & Services
Security Updates
Security Products
Control Hardware
- Compliance
Mitigation Techniques
- Resources
- Company
- Contact
In control system terminology, patching indicates the process required to address a known weakness in a platform with the ability to have patches or software fixes applied. Platforms include operator interfaces, human machine interfaces (HMIs), computers, networking devices, and associated software loaded on these platforms.
Patches are typically electronic files with updated configuration information or executable processes that, when applied, correct a given weakness in the affected system. Patches are critical to the protection and security of a system and should be applied as soon as possible for many reasons.
Patch management is a methodical process that includes documentation, validation, backup and recovery, and a step-by-step tiered approach to the application of change on critical systems.
Since the public is informed of available patches through various means, including Microsoft operating system updates and antivirus definition updates that immunize systems from viruses, everyone has a freely available method to learn of control system weaknesses. Without a proven manageable process to validate and apply patches in frequent intervals, control systems are exposed and at risk of exploitation by hackers, disgruntled employees, or worse – terrorists.
Patch management is a methodical process that includes documentation, validation, backup and recovery, and a step-by-step tiered approach to the application of change on critical systems. The core of effective patch management is validating the change to ensure that patches and security enhancements do not disrupt system functionality. Validation should be performed in a lab or non-production environment on equipment and software that is representative of the production environment. Applying unvalidated patches could change security parameters of the control system that could stop communication between devices.
Upon effective validation, prior to application of patches to the actual production equipment, a sound backup and recovery or disaster recovery plan should be in place to backup device information and configurations. Since patches change the system or software from its original state, it is important to be able to restore devices to a previous working state in case a patch causes problems.
A tiered rollout is also effective. After lab validation is complete, apply patches to a unit which can be taken offline briefly. Then monitor for a period of time before rolling patches out to the remainder of the devices. This greatly reduces the risk of a change or patch causing disruption. Any issues may be identified prior to the application of patches in a very controlled, documented, and repeatable manner.
Patching critical industrial control systems involves the collection of known fixes or patches, validation of these changes, and then methodical application of patches in a controlled manner. The more frequently the process is repeated, the more up-to-date and secure the system will be.
FoxGuard Solutions specializes in the process of validating changes to industrial control system devices that have patching capability and can work with your team to identify a strategy that meets your needs while making your critical system less vulnerable to attack.