|OT and IT professionals have different approaches in patch management / Photo Credit: Blue Planet Studio (via Shutterstock)|
The purpose of a patch is to address security gaps, rectify errors, and extend features and the functionality of systems, according to Richard Bejtlich and Peter Meivers of TechRadar, an online publication on technology. When it comes to patch management, there exists a stark difference in the language of IIoT for OT and IT professionals. IT professionals pursue patch management with vigor. Their enthusiasm is seen on “Patch Tuesday” when they introduce weekly improvements to a system’s functionality and security.
Patches can be pre-configured and tested using automated software such as a unified endpoint management (UEM) system. These patches can be deployed overnight, automatically powering up systems. They are also rebooted and shut down before users arrive the following morning. Thus, endpoint users are faced with little to no disruption, while the new updates repel illegal attempts to access the devices of users. Meanwhile, OT staff are facing an uphill battle with patch management. While OT professionals acknowledge the rise of cyber threats and need for regular patching, their ability to respond is hindered “by complex multi-vendor environments in continuous operation.”
OT professionals are unable to take control systems offline for patching and rebooting. Hence, many analysts, including IDC and Gartner, IT and OT companies within IIoT must formulate more “cohesive policy-based procedures,” which can be used to set up a viable defense against challenges. Such defenses include cybersecurity training and supervision. This can be achieved by bridging the language differences between IT and OT staff.
“Just take devices in industrial production, these must be recognised as endpoints in a similar vein to PCs and smartphones,” Bejtlich stated. Many OT devices are PC-based, giving organizations a huge opportunity to develop uniform safety procedures to detect vulnerabilities as soon as possible. At this point, patch management becomes a significant part of a “wider war on system vulnerabilities.”
This way, appropriate patches can be developed based on the severity of the risk and network requirements, which help reduce disruptions. Now is the time for IT and OT professionals to embrace one language on IIoT. Therefore Both parties should advocate for shared procedures and policies on IIoT vulnerability management.