Brian Ahern, president and CEO, Industrial Defender (www.industrialdefender.com), says that “if we can run whitelisting on the mission critical server side, that allows us to address gaps from a patching perspective, because vendors can’t certify an operating system patch fast enough.” These patches usually takes six months to develop before they are ready for release.
Though whitelisting is an effective strategy for control system security, industry is still very early in its adoption of this tactic. Fewer than 5 percent of Industrial Defender’s customers have adopted this approach, but Ahern says there is increasing interest in it.
The downside to whitelisting, according to Ahern, is that it is “fairly invasive and does require compatibility and interoperability testing with the OEM vendor. As soon as you only allow certain applications to run, you need to understand the DLLs, executables, and what’s happening on a mission critical server so that, if it spawns another DLL, you’ll be able to understand that it’s allowed.”
>> Click here to read Automation World's full report: The Stuxnet Effect on Cyber Security