If you’ve studied best practices in cybersecurity before, you’ve had the importance of patch and updating your system beaten into your brain. We even listed patch management and installing upgrades in our “15 Step Guide to Securing Your Industrial Control System”. Patch management is a huge part of achieving cybersecurity, in our opinion, because it is simple, yet widely effective in deterring cyber-attacks.
Once a month, software companies published known vulnerabilities and problems with new updates and patches to remediate these issues. The majority of hacks that take place exploit these published vulnerabilities on systems that haven’t been patched or updated.
But industrial control systems, like those controlling our critical infrastructure, are typically not updated or patched after they are installed. An update or patch could potentially take a plant offline, which is unacceptable for industries like water and wastewater, power and energy. This leaves them exposed to threats that others have long since addressed and an easy target to hackers.
So how can you properly secure your industrial control system? Patching can lead to shut down and major faults in your system, but not patching leaves you vulnerable to hacks that could also take you offline. Our solution to this catch 22 is virtualization.
You can minimize the risks associated with patches and upgrades with virtualization because it allows you to test patches and updates, then quickly revert back to your prior system if you have problems.
A virtualized network creates a virtual machine that acts just like a real computer, but software executed on these virtual machines is separated from the underlying hardware. This means that viruses and malware that take place on a computer will not affect your virtual machine.
Virtualization allows you to perform updates, migrations and patch management with peace of mind. You can easily revert back to your old system if an update causes your SCADA system to crash or not function as required. It’s a simple yet effective patch management process from industrial control systems.
For more information on our cyber security services, visit http://www.frakesengineering.com/services/ics-cybersecurity/.