Why Patch Control Systems?
Industrial control systems (ICS) in critical infrastructure are high-risk targets for attack and exploitation. Consistently monitored patches & updates can help resolve security vulnerabilities, and functional issues and meet regulatory compliance requirements.
NERC CIP compliance regulations state that registered entities are required to have a patch management process for tracking, evaluating, and installing cyber security patches for their identified cyber assets of applicable systems.
Time and Resource Burden
Patch management can be time-consuming and very labor-intensive. Utilities can spend over $500,000 per year manually searching websites, receiving vendor notifications, calling vendors, and tracking patches.
Not all patches can be implemented without having catastrophic effects in a CIKR environment. Training internal teams to have the depth of knowledge necessary for validating and deployment is cumbersome and time-consuming. Keeping staff current on the changing compliance regulations can be a daunting undertaking.