Why Patch Control Systems?

Industrial control systems (ICS) in critical infrastructure are high-risk targets for attack and exploitation. Consistently monitored patches & updates can help resolve security vulnerabilities, and functional issues and meet regulatory compliance requirements.

Compliance Burden

NERC CIP compliance regulations state that registered entities are required to have a patch management process for tracking, evaluating, and installing cyber security patches for their identified cyber assets of applicable systems.

Time and Resource Burden

Patch management can be time-consuming and very labor-intensive. Utilities can spend over $500,000 per year manually searching websites, receiving vendor notifications, calling vendors, and tracking patches.

Training

Not all patches can be implemented without having catastrophic effects in a CIKR environment. Training internal teams to have the depth of knowledge necessary for validating and deployment is cumbersome and time-consuming. Keeping staff current on the changing compliance regulations can be a daunting undertaking.