Join Klaus Mochalski and Westermo’s CISO Niklas Mörth to explore why OT patch management differs from IT. Discover the challenges of safety, the importance of system baselines, and alternative mitigations like zero trust to keep your critical infrastructure secure.
Keywords
OT Security, Patch Management, Incident Management, Cybersecurity, Critical Infrastructure, Vulnerability Assessment, Best Practices, Vendor Management, IEC 62443, Zero Trust
Sound Bites
Klaus Mochalski: "Patch management is an exercise that we have solved many years ago. Some would argue decades ago, but in OT, for some reason, it still seems to pose a challenge in day-to-day operations ."
Niklas Mörth: "[...] Human health and safety is always kind of the primary thing you're working with. I mean if you're in transportation and you're running a train you need to really make sure that the doors are closed and so on and braking works etc. So, your main focus is not just keeping the system up ."
Niklas Mörth: "[...] If you introduce a new functionality, all that verification you did from a safety point of view is invalid. So, you kind of need to restart that process, which is extremely cumbersome and costly. So that also prohibits a lot of patching [...]"
Klaus Mochalski: "So certification, basically with many security solutions that are certified you may not have an up-to-date certified update, but you may have an update which actually solves the security issue. So, it's an either-or problem. Do you remain certified, or do you remain secure? "
Niklas Mörth: " [...] It's really really important in an OT setting to actually have a really good baseline on how your system looks and actually grade your assets and then when the vulnerability comes in look at say what is the actual functional impact here [...]"
Klaus Mochalski: "So if you know your systems very well and you're faced with a vulnerability on a certain device you could also isolate it by other means like by configurational means. So, in an extreme case you can pull the plug, [...] and you can only do this if you understand what pulling a certain plug means [...] "
Niklas Mörth: "You could start working with firewalls more say less like an IT kind of deep impaction packet inspection firewall and rather go like you know whitelisting stuff because you know this is what actually is going to flow in this network. Everything is I mean just block it. It shouldn't be there "
Klaus Mochalski: "[...] We discovered a number of unknown vulnerabilities and we immediately disclosed it following like the responsible disclosure procedure with different manufacturers. And it was so interesting how different the responses were. Like some were very happy and they even gave us like a medal afterwards. Others they didn't react at all at first and then they got angry [...]"
Niklas Mörth: "The incident might be caused by an unknown vulner ability you don't you didn't know about it beforehand but you can probably assess it and see that okay it's similar to this one and then you can use treatments that you have decided on for those type of vulnerabilities in that incident management [...]"
Klaus Mochalski: " [...] Understanding what you have is much more I would say a satisfying exercise because it gives you an understanding also in terms of operational processes and then it again helps you increasing the security of your systems. "
Chapters
02:05 Challenges in OT Patch Management
07:30 Best Practices for Patching in OT
10:39 Vendor Considerations for OT Systems
19:58 Patch Management's Role in Incident Response
23:46 Getting Started with Patch Management
