WHY PATCH CONTROL SYSTEMS?
Industrial control systems (ICS) in critical infrastructure are high-risk targets for attack and exploitation. Consistently monitored patches & updates can help resolve security vulnerabilities, functional issues and meet regulatory compliance requirements.
NERC CIP compliance regulations state that registered entities are required to have a patch management process for tracking, evaluating and installing cyber security patches for their identified cyber assets of applicable systems.
TIME AND RESOURCE BURDEN
Patch management can be time consuming and very labor intensive. Utilities can spend over $500,000 per year manually searching websites, receiving vendor notifications, calling vendors and tracking patches.
Not all patches can be implemented without having catastrophic effects in a CIKR environment. Training internal teams to have the depth of knowledge necessary for validating and deployment is cumbersome and time consuming. Keeping staff current on the changing compliance regulations can be a daunting undertaking.