Patchwindow

In the process industry, installations run continuously. Installations can go for many months without maintenance stops, which is important for the continuity of production. After all, starting up the installation, as well as stopping it in a controlled and safe manner, often takes several days. Halting production is expensive and if the organization is part of a chain process, other companies are most likely directly involved because they no longer receive supplies or can no longer sell their products.

Restarting a computer because it has been ‘patched’ is not an option. Within these environments, alternative ‘patch’ strategies must be devised that fit within the organization’s continuous business operations. This is different from an IT environment, where a patch round is carried out in the evening, or if necessary during the weekend, to bring all operating systems and applications up to date.

An additional step is required within OT: system suppliers must approve patches in advance. If an organization does not do this, a supplier cannot guarantee that the SCADA system, for example, will continue to function and may not even provide support for unapproved patches. This results in always having to wait for approval and then also for a suitable window when these patches can be implemented. Before a patch is introduced to the production environment, it is first installed and tested in the organization’s own test environment.

Some of Hudson Cybertec’s customers have sufficient redundancy in their systems because they run as ‘hot standby’. After approval by the system supplier and extensive testing, they choose to first ‘patch’ a standby system and make it ‘live’ after the test run. This ensures a running environment to fall back on. If the patched system is stable, other systems can be patched. If issues surface that hinder a proper rollout, they will be rolled back. This will result in a phased patch rollout.

Other customers do not have this redundancy and have set up procedures to roll out patches in a structured and responsible manner. Regardless of how patching is done, it is very important that good agreements have been made within the organization to ensure patch procedures can always be followed safely and responsibly, without disrupting business continuity.

Source: Process Control, 4-2024

HUDSON CYBERTEC

In the spotlight

Monitoring your OT environment is essential. You know what is happening on your network and see to what extent you are compliant with various cyber security standards and laws and regulations.

IEC 62443 Standard

The IEC 62443 standard offers your organization tools to improve the digital security and safety of your IACS environment. Implementation of the standard improves the cybersecurity level of your organization's OT / ICS / SCADA environment.

The IEC 62443 is the international cybersecurity standards framework for operational technology (OT). The framework consists of a collection of standards, technical reports and related information for securing Industrial Automation and Control Systems (IACS).

read more

Hudson Cybertec’s IEC 62443 Competence Center has extensive experience with this standard. We play an active role in the development of the standard, actively promote it internationally and have developed a training program around the IEC 62443.

read more

It is becoming increasingly important for organizations to be able to demonstrate that the digital security of the OT environment is in accordance with standards frameworks. It is therefore possible to certify (parts of) your IACS environment according to IEC 62443.

read more

If you want to know more about this standard and need training on how to apply it within your own organization or at your clients, Hudson Cybertec has a number of very interesting training courses for you.

read more

The IEC 62443 standard provides organizations with tools to improve the digital security and safety of OT / ICS / SCADA environments.

read more

How digitally safe is your organization?

Curious about the possibilities? Please contact us!

Contact us

Newsletter

Sign up for our newsletter. We will keep you posted on the latest developments in our cybersecurity services.

  • This field is for validation purposes and should be left unchanged.