While stewards of factory floor control systems realize that these threats are possible, oftentimes they don’t know how to determine the extent of their vulnerability or how to deal with it. With the emergence of open networks and operating systems in today’s industrial environments, it is imperative that manufacturers take these threats seriously. Failure to do so could result in lost data, lost productivity or worse.
Let’s look at a real-life example. Just 10 minutes after the Slammer worm appeared on Jan. 25, 2003, nearly 75,000 computers (or 90 percent of all vulnerable hosts) were infected. Slammer—a worm that exploited a buffer overflow vulnerability in computers on the Internet running the Microsoft SQL Server or MSDE 2000 (Microsoft SQL Server Desktop Engine)—crippled computers and networks across the world. Six months before Slammer appeared, Microsoft released the MS02-039 patch designed to fix the buffer overflow and protect computers from a worm such as Slammer. If network administrators across the world had heeded the warnings and installed the patch, the Slammer worm would have had a much smaller impact on systems and networks.
Among those affected was PerkinElmer Inc. (www. perkinelmer.com), Wellesley, Mass., a leading manufacturer of scientific instrumentation and analysis tools targeting the health sciences and other advanced technology markets. The company has 10,000 employees in 125 different countries. According to Robert Ersoni, manager for global IT infrastructure at PerkinElmer, about 75 percent of the organization was affected by the Slammer worm over the course of three days, which caused outages at several of its manufacturing plants.
Automated solution
After Slammer, PerkinElmer realized it needed an automated patch management solution to protect its network and factory floor data. Ersoni and his team tested more than 10 different patch management vendors before making a selection. Today, PerkinElmer is using automated patch management software across the entire company on 7,500 different workstations. According to Ersoni, the company has not been impacted by any major worm or virus outbreaks since implementation.
While PerkinElmer has taken steps to improve its network security, many manufacturers have not implemented these security practices. So why do so many computers remain unprotected? The list of answers is fairly standard.
“My IT budget is so limited, I can’t afford to spend money on patching.”
Automated tools available today have greatly reduced the financial investment and manpower required for patching. Automated patching systems are not high-cost, and actually provide a significant return on investment when compared against the cost of lost productivity, reactive maintenance and liability. Companies using automated patching systems see fewer successful attacks and a significant decrease in network and system failures.
“I don’t have the time to patch all the computers on our network.”
In fact, an effective system can greatly reduce the time spent patching because administrators can automatically scan for vulnerabilities, identify which systems require fixes and push patches to the systems and applications that need them.
“Patches could potentially damage my existing applications.”
While the likelihood of a patch damaging a system is low, leading patch management solutions offer options for testing and rollback. In addition, some patch management solutions offer uninstall options for critical patches. The bottom line is that damage to existing applications is not likely to occur through patching.
As the PerkinElmer example demonstrates, manufacturers are just as vulnerable to attacks as other corporate and consumer computer users. Automated patch management has eliminated many of the cost and time-consuming issues associated with security management.
Mark Shavlik, [email protected], is president and chief executive officer of Shavlik Technologies, a Roseville, Minn., software security firm.
