Industrial Control Systems (ICS) and underlying Operational Technology (OT) infrastructure are becoming more complex and faces increasing threats that can disrupt operations and effect people safety. Operational challenges to maintain a robust and stable infrastructure and be proactive in detecting and mitigating threats, stretches many companies’ capabilities and reaction time. One area that is particularly challenging is “how to effectively mitigate and contain Cyber Security vulnerabilities in the infrastructure”.
Free Whitepaper Available for Download
Companies are facing increased pressures to improve current practices. Maturity of the process ranges from non-existing to a highly repeatable and secure process that are continuously adapting to deal with new vulnerabilities and speed to remediate. Often organizations are driven by internal or external compliance standards that demands a solid process to manage the risks and report status ongoingly.
Quick look at each of the 5 Phases
The section below provides a high-level insight into the overall process of Patch Management. A detailed discussion can be viewed in the Dexcent whitepaper on this challenging but very important OT operational process to maintain a robust infrastructure.
1. Ongoing Identification of Vulnerabilities in all Assets
The process starts with discovering and maintaining a comprehensive and up-to-date OT infrastructure Cyber Assets Repository. Typical scope should include all OT cyber assets in all segments of your infrastructure at all layers of the network (e.g., Purdue model layers 3.5 all the way down to layer 1). Asset categorization and criticality profiles should be in place to enable focussed risk assessments and prioritization.
You cannot assess risk or protect your environment without comprehensive view of all assets that may contain vulnerabilities that could be exploited by an adversary or threat agent. The process continues by performing regular ongoing asset Vulnerability analysis to identify the known vulnerability on all your cyber assets. If you are experiencing challenges with these capabilities in your environment, Dexcent can help you with comprehensive solutions.
2. Research and Analysis of Patches Available for Mitigation
The second phase in the process is to review and analyze all discovered vulnerabilities in your asset inventory. This includes criticality and applicability analysis to help identify risk and prioritize remediation activities. For certain control systems platforms (e.g., SCADA or DCS systems), the operating system or middleware application patches need to be validated and approved by the control systems vendor to ensure that the control systems software will not be adversely affected with the application of a particular patch to the underlying Operating System or dependant subsystems. Some industries are driven by compliance standards and requires detailed reporting and evidence of this process, which will support the follow-up activities towards remediation.
Here Dexcent can help with managed services that will address this requirement for all your identified assets with ongoing monthly researching, analysis and tracking, risk classification of vulnerabilities, evidence of applicable patches and identification of the vendor channels for securely obtaining the patch binaries, all wrapped-up in a single monthly report.
3. Securely Obtaining the Patch Binaries from Legitimate Sources
Here Dexcent can help with managed services that will address this requirement for monthly secure acquisition of all patches from all vendors for target assets and delivered to you in a secure and tamper resistant mechanism.
4. Applying Patches to Vulnerable Systems
5. Reporting Status Before and After
Dexcent with several years of experience in Industrial Control Systems (ICS) and having successfully delivered many industrial Cyber Security engagements, solutions, and operational services to our clients, has noted that most organizations approach Dexcent as a trusted partner which listens and respond with a value proposition that truly enhances their capabilities and help differentiate and prioritise where it matters most.
How can an organization effectively mitigate and contain Cyber Security vulnerabilities in the infrastructure? The process involves 5 phases listed in detailed in our Dexcent FREE White Paper called “Patch Management in OT Environments”, which can be downloaded below