The right way to install patches for industrial control systems

Last Updated on 2018-05-10 Hits:2216

The root cause of many large-scale leaks is that the remaining unpatched devices on the network become loopholes in the entire network. For the Industrial Control System (ICS), patching the network is not just about upgrading the iPhone's app, but also upgrading the PC's software. Patch management is a time-consuming operation. In order to be able to play its due role, a complete operational test must be performed. By simulating the plant environment, verifying patch management helps energy companies manage patches in an effective manner to ensure that the system operates and protects the system from the latest known vulnerabilities.

As recently reported in the media headlines, cyber security breaches have caused major corporate losses, loss of customer trust, and harm to the credibility of the organization.

In 2014 alone, hackers stole more than 76 million records from the financial services firm JP Morgan Chase and stole more than 80 million customer records from health care provider Anthem.

In 2013 and 2014, due to the leakage of target data, the resulting network security related expenses exceeded US$162 million.

Although financial costs due to data leakage are surprising in any industrial sector, they are particularly serious in the energy sector. With only one hour of downtime, losses due to unproductive production can reach hundreds of millions of US dollars. There are even It may cause huge damage to the entire enterprise's production.

Cybersecurity Risk: Operations and Reputation

Energy companies are accelerating the implementation of comprehensive cyber security procedures and policies. In particular, oil and gas organizations have different management and power generation industries and are facing huge risks caused by loopholes in industrial control systems.

For example, an oil and gas company estimates that if a control system's human-machine interface (HMI) malfunctions and the system shuts down for two days without production, the damage to the organization is expected to be as much as $12 million.

This calculation weighs the risks of waiting for the next year to install cybersecurity measures instead of immediately implementing them. Taking into account the operational and reputational losses caused by the failure to implement security procedures, energy companies do not tolerate a slight delay in network security issues.

Under normal circumstances, the control equipment used by the energy industry is somewhat behind that of commercial networks. In the business environment, the system has completed the upgrading of software and hardware, and can effectively deal with current attacks, and these attacks are generally aimed at outdated systems or network of careless mistakes.

Patching industrial control system leaks

Patch management is a time-consuming operation. In order to be able to play its due role, a complete operational test must be performed. By simulating the plant environment, verifying patch management helps energy companies manage patches in an effective manner to ensure that the system operates and protects the system from the latest known vulnerabilities.

Self-service patch management

Self-service patch management is based on their own schedule, using the anti-virus program to implement the entire patching process. If you are using a Microsoft operating system, they rely on the patches provided by Microsoft and anti-virus software providers to personally test, confirm, and complete the final update.

Depending on the size of the factory, this work may be a heavy task. If a factory has only five computers on the control network, it is feasible to manually implement the updates on each of the calculations. In some areas of industrial facilities, there may be as many as 85 computers on the control network. If you upgrade one by one, not only the upgrade process takes a lot of time, but it also increases the risk of the process.

If you manually manage patches and ensure that all computer systems are upgraded, self-service patch administrators will assume 100% risk. If the patch unexpectedly requires system downtime, the company will reduce revenue due to these unplanned outages. Moreover, many "self-service" methods require USB drivers to copy patches to each computer system.

According to a recent survey conducted by Raytheon and the Penelope Institute on safe conduct, more than half (52%) of the survey responders have plugged USBs into computers during the past three months. .

In the fields of oil, gas, and power generation, there is always a concern: Potential and internal attacks. Using someone else's USB device, or leaving it in an unsafe area, may cause unrelated internal personnel to control the removable device. Connecting stolen USB devices to the control network can introduce malicious software into the network, which can cause significant damage to the system and operations.

When users turn to rely on trusted security service providers, these service providers can take the necessary measures to ensure that their entire supply chain is secure throughout the implementation of the upgrade service, so that they can basically eliminate the risks and will Its responsibility is transferred from the self-service implementer to the service provider.

Verified patch management

When choosing a third-party patch management solution, users can choose either a package solution or an integrated service. Vendors collect patches necessary for factory facilities based on operating system software and hardware, and share the upgrade patches to plant operators, who will implement the upgrades themselves.

This option reduces the amount of work required to identify upgrade patches, packages them, and upgrades on time. However, users are still responsible for the need to test these patches and eliminate any potential negative effects before deploying them.

Untested patches are unstable in an industrial control environment. Because there is no test, the operating personnel cannot predict how a particular system will respond to patches in the "original" state. In 2014, 10 out of every 12 operating system patches issued for industrial control systems needed to be modified for the actual industrial environment to avoid concurrent issues, downtime, or new vulnerabilities.

Verified patch management can run patches in a virtual field environment or a simulated factory environment in the lab to identify any incompatibility issues that may exist before the patch is actually implemented. This allows the operator to determine what alternatives are needed to ensure runtime and protect the system from network security attacks.

The figure shows a verified patch management system that is being tested in a network asset protection test lab. This process ensures that the control system network can remain online and secure after the official implementation of the patch upgrade.

Although virtual testing is more effective than non-testing with the help of vendor training, there are still some limitations in functionality, because sometimes the virtual environment does not reveal all problems in the factory environment.

A secure external lab environment with hardware and software that can actually be used for testing is the best way to ensure that the industrial control system obtains a validated patch every month. This process helps ensure that the industrial control system is secure and up-to-date, so that malware and malicious attacks cannot manipulate system vulnerabilities.

Failed patch strategy

Energy companies have already felt the negative impact of failed patch management strategies. At an energy company, its HMI uses an outdated operating system, and vendors no longer provide continuous patch upgrades.

Malware invades the system and affects production. In addition to reduced production and passive shutdowns, the company also needs to initiate investigation procedures to determine the cause of downtime. This in turn requires more manpower and further reduces productivity.

In order to avoid this kind of situation, enterprises should use the verified patch management system to regularly upgrade the system and manage outdated software and hardware; preventive life-cycle management can avoid time-consuming, laborious and costly Passive shutdown.

The

Protecting connected devices

As more technology is applied to the factory environment, it is more urgent to verify security configurations and patches to ensure a stable and reliable control system network. The security of interconnected devices in an industrial environment is different from that of protecting commercial data centers.

In addition, industrial companies must understand the challenges faced by information technology (IT) and operational technology (OT) in implementing strong cyber security strategies and the differences between the two. The field of OT security should be fundamentally different from the existing traditional IT detection systems.

Like other industries, ICS's cyber security is likely to gradually transition to hosted service practices rather than solutions provided by organizations or vendors. As industrial companies pay more and more attention to network security, they must realize that successful patch management is the cornerstone of security and high-production enterprises.