When updating your computer security, why patch?
Why should you be concerned about applying security patches to the computers in your manufacturing zone? Simply put, because no buffer zone provides a perfect security solution for your automation system. The reality is that in order to operate your manufacturing plant, data and people need to move between enterprise and manufacturing zones.
Why should you be concerned about applying security patches to the computers in your manufacturing zone? Simply put, because no buffer zone provides a perfect security solution for your automation system. The reality is that in order to operate your manufacturing plant, data and people need to move between enterprise and manufacturing zones. With this movement comes the possible transport of viruses, worms or other undesirable payloads. These undesirables can negatively impact the operation your manufacturing systems.
While the installation of a buffer zone in a manufacturing environment provides an excellent barrier to block direct attacks from the outside, no buffer zone provides a perfect security solution for your automation system. This is why you patch.
A buffer zone that forces all traffic to originate or terminate within it makes it very difficult for an attacker to communicate directly with your manufacturing zone. However, as intruder software becomes more sophisticated, more “Trojan horse” attacks take place where attackers gain a foothold in the enterprise network, and then gain access to a resource communicating with a computer in the buffer zone. From there, the attackers take control of a computer inside the manufacturing zone.
Many successful exploits could have been prevented with existing patches. In many cases, patches for the vulnerability existed more than six months before the attack occurred. For this reason, it is essential to keep computers in the manufacturing and enterprise zones up to date — the simplest, most effective security mitigation strategy. It also is essential to develop an elaborate and rigorous process for managing patches.
Nevertheless, patching computers in the manufacturing zone poses its challenges, especially with regard to downtime. Ironically, more manufacturing downtime results from poor or missing patch management processes than was caused by the exploitation of the vulnerability being patched. This is the primary reason why disabling automatic patch updates is considered a best practice in the manufacturing zone.
Installation should be scheduled for a time when the potential for lost production is minimal, and it should always be done by personnel who are trained on the equipment and process so that recovery from a failure can be handled as quickly as possible. It is crucial to have a backup image of all software loaded on all critical systems and a disaster recovery plan to back out any updates made to return the facility to an operational state quickly.
In most cases, downtime can be averted with well-designed patch management. A well-designed patch management process includes the following important steps:
1. Assess and create an inventory of all managed and unmanaged assets, including equipment, processes, security policies and assigned personnel. This step helps you understand what you have in place, where your risks might be, and who is qualified to help.
2. Identify whether updates are available for your installed application software or operation system, and if they are relevant to your production systems.
3. Evaluate each software update against a well-defined process to determine its business value versus the risk of deployment. The benefits to the business can include lowering the risk associated with a known security threat, increasing productivity, increasing reliability and better product quality. Then test it to be sure it works in your system.
4. Manually deploy the verified software update. The first part of this step is to communicate to users and administrators in advance about the pending update, allowing everyone to be prepared in the event of an unexpected consequence resulting from the installation. The second part of this step is the distribution of the updates to the impacted computers.
The convergence of manufacturing and enterprise networks provides greater access to manufacturing data, creating greater agility in making business decisions. At the same time, it also brings challenges and exposes manufacturing assets to the security threats that were traditionally found only in enterprise. The increased exposure resulting from this convergence means that now, more than ever, computers used in manufacturing need to be treated with the same level of security update rigor as those used in the enterprise.
Michael Bush has been the manager of FactoryTalk Services at Rockwell Automation since Oct. 2004. Bush is a recognized speaker, presenter and author in the area of automation security.