It’s critical for the security of your manufacturing business to keep security patches up to date with hardware and software. However, frequent patching (or “updating”) can slow down your servers, cause headaches, and create high maintenance costs.
Unfortunately, your factory’s security is only as good as a device or software that fails to update. Hackers love to exploit loopholes with automated bots that crawl for backdoors into business networks. Some of the most substantial and damaging data breaches were only possible because someone failed to update their software.
OT and IT as One
In the past, manufacturers relied solely on their IT department to handle cybersecurity threats. Today, the overlap between OT (operational technology) and IT (information technology) has complicated how we handle vulnerabilities in the plant. Nowadays, you must make patch management a part of your OT plan.
What You Resist, Persists
Many manufacturers remain reluctant to develop and utilize a well-planned OT patch management strategy. Unfortunately, these stubborn industrial players have been victims of the worst cyberattacks. For example: the 2017 ransomware attack that cost Merck more than $600 million.
Don’t ignore patching just because it’s a speed bump in your production or processes. This would put you at significant risk and could ultimately cost you your business.
Lifecycle Management
Educate key stakeholders about your security patching plan by including it in your overall lifecycle management process. By raising awareness and gaining buy-in, you’ll enable a more strategic and sound patching plan.
Stay Agile
Vulnerabilities are constantly being discovered in software. It’s kind of like the history of science; what is fact, is later proven false. Hackers are consistently surprising software developers and security experts.
Therefore, it’s important to build systems that can be quickly patched.
The Slow Down
Yes, patching can slow your servers periodically and may even temporarily bring systems down. This is why most operators will schedule updates during after-hours. But if you’re a “lights out” manufacturer, you may not have that luxury.
It can be even trickier with IoT integrated factories, which usually require operators to manually download and install patches. If you’re manufacturing embedded systems, it’s a whole other ball game.
More examples: In 2015, Chrysler recalled 1.4 million vehicles to patch a security vulnerability. In 2017, Abbott Labs had to send 465,000 pacemaker patients to a clinic for a security update.
Utilize a patch management strategy to schedule how often you install updates and ensure the most efficient server performance. With a connected factory, it will be much easier to pinpoint timing around when you should run updates.
Patch Strategy
There will inevitably be some strain on your servers, but with a calculated approach -- you can minimize downtime and maximize security.
Here are a few tips for your patch management strategy:
- Plan patches in groups. In this way, you can apply specific patches only to devices approved for them, but also set specific schedules to avoid excessive downtime.
- Test before rolling out with a staging environment that will mimic the production environment. Digital twins are excellent tools for this.
- Schedule patch deployments. As we’ve noted throughout, a good schedule will minimize downtime. In case you have to reboot a system or server, you should have plenty of time to prepare for any interruptions.
- Always be auditing! Continually test patches after they’ve been applied. For a set time after a patch is rolled out, continue to confirm that everything is running as normal.
Patch Skeptics
Unfortunately, in specialized industries such as manufacturing, many are hesitant to install patches. Some forego it altogether, in fear of poor testing and subsequent problems. If it’s not broken don’t fix it, right? Wrong. When it comes to tech, you have to stay ahead of the hackers, essentially playing a game of security chess.
You risk much more by resisting to patch, than installing a potentially buggy update. Besides, these days the big vendors, from Microsoft to Cisco, are extremely thorough about testing before releasing patches. Issues with updates have become much less common than in the past.
So how secure are your most trusted systems? Unless you have a security expert constantly researching and evaluating all software and equipment… then your systems are probably not very secure.
Even with expert help, there is always another new vulnerability discovered.
You’re best bet? Keep patching.