Next-generation corporate architectures promise to give us more cost-effective methods for leveraging the value locked up in isolated legacy systems, but the problem is that many of these system components were not originally designed to provide the protection required in such an open environment.
Safety and reliability concerns have always driven production systems administrators to be paranoid about protecting automation systems from hypothetical intruders, but traditional protection measures are completely inadequate in an integrated enterprise. Typically, we relied on security features in application software because of unique manufacturing requirements. Now, infrastructure, including operating systems that were designed originally for standalone operation, is also under attack by sophisticated and persistent cyber-attackers from around the globe. Any networked production system running a commonly used operating system is vulnerable, but access methods beyond the network connection must be considered as possible vulnerabilities.
Higher risk has changed the cost-benefit balance dramatically for system maintenance. Until recently, there was little benefit from installing software updates, as long as systems were getting the production job done.
Almost without exception, manufacturing companies are trying to find a new balance between risk and benefits, and a collaborative effort is required. No single organization is in a position to develop, implement, and manage a production system security strategy. In general, the business Information Technology (IT) organizations have the knowledge about security vulnerabilities, protection methods and management processes. Their experience comes from managing a large number of networked personal computers containing valuable corporate intellectual property. However, they seldom have knowledge of production systems situations and priorities, even though they are likely to be called on to audit and protect plant networks.
Production administrators know the requirements and priorities of operations, as well as the state of production systems, but typically have insufficient knowledge of complex and changing security technologies and practices. This is causing many manufacturers to re-think IT support strategies for production systems. This is often a slow process due to political and budget implications, and a cross-functional team is a fast path to a better solution.
Once we realize that most successful attacks exploit vulnerabilities that have fixes available, the line of defense is clear: focus immediately on a collaborative security patch management strategy for developing methods to deploy fixes faster. This involves production systems administrators working closely with business systems IT to adapt corporate-wide knowledge, practices, and tools to production environments.
Relative to business systems, patch management is more problematic for production systems where fixes cannot be automatically pushed onto systems. Instead, patches must first undergo considerable analysis and testing offline. Then patches can be rolled our gradually, and carefully tested on the production system before being placed on-line.
Patch Management Tools
Patch management tools offer the possibility of automating patch management and monitoring. This is important for closing the vulnerability window, minimizing risk and avoiding disruption. Tools are available from a variety of sources, and each tool has slightly different capabilities. Some deploy and monitor the installation of updates to operating system and applications; others check for vulnerabilities.
Formal security patch management has become an important enterprise-wide practice. Accordingly, it should be managed using cross-functional teams, where best practices and knowledge can be shared and then adapted to the needs of each area of the business, for a better quality result.
Bob Mick, firstname.lastname@example.org, is a vice president at ARC Advisory Group.