How long can we afford having critical infrastructures that use unpatched SCADA systems, the EU’s cyber security Agency ENISA asks? ENISA argues that the EU Member States could proactively deploy patch management to enhance the security of SCADA systems.
Much of Europe’s critical infrastructure resides in sectors such as energy, transportation, water supply. These infrastructures are largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems (a subgroup of Industrial Control Systems (ICS). In the last decade SCADA technology has gone from being isolated systems into open architectures and standard technologies that are highly interconnected with other corporate networks and the Internet.
We have identified several best practices and recommendations regarding patching that can improve the security posture of SCADA environments, from which we would like to mention the following:
The Executive Director of ENISA, Professor Udo Helmbrecht remarked: “Although patch management is not a silver bullet to resolve the security issues of SCADA systems it is nevertheless important that organisations establish a patch management policy. The European Union or the Member States could increase the awareness of patches through enforcing patch management when new requirements for devices are established.“
For full report
Background: EU Cyber Security Strategy,