Vulnerability Management in ICS: Patching, Configuration, Devices & Quarantine

Instructor: Archna Khubchandani

Archna has a professional post graduate diploma in system management for programming, system analysis, & design.

This lesson explores vulnerability management in industrial control systems (ICS). You will mainly learn about patch management, configuration management as well as device removal and quarantine.

Vulnerability Management in Industrial Control Systems

ICS is essentially used in mission-critical infrastructure and industrial applications to effectively monitor and control remotely scattered systems. ICS devices are high-risk targets for attacks and exploitation which pose important security challenges for ICS vendors and asset owners. Vulnerabilities in ICS can be broadly classified into three groups, as shown in Figure 1.


Figure 1: Vulnerability Groups in ICS
Vulnerability Groups in ICS


Let us explore managing platform group-related vulnerabilities, which include Operating System (OS) and application patching, physical access control and security software.

Patch

You enjoy new features that are periodically added to WhatsApp and all our other favorite apps. Sometimes, you also face problems due to such updates. Same is the case with devices. Whether it is software or hardware, updates are necessary for various reasons. A patch is a quick, software update usually used as temporary solutions between full releases of a software package.

Patches may do any of the following:

  • Fix functionality issues
  • Add a new feature
  • Fix a bug
  • Install new drivers
  • Improve security by addressing security vulnerabilities

Configuration Management

Since an ICS is a complex system with numerous devices, software, and network, there is a need to track them. For this purpose, a Configuration Management (CM) system is used. It keeps track of various software, hardware, network addresses, and other related information in an organization's ICS. CM Software tools are available for these tracking tasks.

Elements to be Maintained by the Asset Owner of ICS under CM

  • A code library containing the most recent, stable, and working software used in ICS. It should also include configuration settings of network, database, and print servers. Any unauthorized access and changes to the working software should be prevented.
  • An archive code library of one or more revisions of the older production code in a secure location
  • An inventory of all equipment and schematic map of networks of ICS, which are made available only to authorized persons
  • An archive of code library, inventory list of equipment, and schematic map of networks in a separate server at a different physical location
  • Review and update of policies and procedures of CM at frequent intervals by the authorized staff
  • A Configuration Control Board to monitor, authorize, and control changes to ICS CM

Patch Management

A patch management program is centered on safe procurement, testing, and implementation of trusted patches to keep ICS more secure. It ensures that the ICS is up-to-date and is safeguarded against malware and hackers. It is applicable to all hardware and software components of ICS, in both Information Technology (IT) and Operational Technology (OT). Patches are necessary to help resolve security vulnerabilities and address functional issues.

Key Parts of Patch Management

  • Configuration management, keeping an up-to-date inventory of both IT and OT hardware and software
  • Creating hardened baselines of systems
  • Identifying patches for hardware and software
  • Evaluating criticality of patches
  • Testing patches before implementation
  • Obtaining patches securely by using best practices while downloading, virus scanning, and validating patches
  • Getting updates only from authenticated vendor sites
  • Insisting on vendor's digital signature for updates and publishing hashes via an out-of-bound communication path
  • Verifying configurations throughout asset lifecycle
  • Ensuring integrator security
  • Preparing backup and restoration items and plans

Device Removal and Quarantine

Implementation of a Quarantine network system ensures that only those devices, which comply with the security policies are allowed access to the main network. Non-compliant devices are quarantined or isolated from the network. Four elements of a Quarantine System, and their function are shown in Figure 2.


Figure 2: Quarantine Elements
Quarantine Elements


To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support