"How long can we afford having critical infrastructures that use unpatched SCADA systems?" the EU’s cyber security Agency ENISA asks, and advises EU Member States to proactively deploy patch management to enhance the security of SCADA systems.
Much of Europe’s critical infrastructure resides in sectors such as energy, transportation, water supply. These infrastructures are largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems (a subgroup of Industrial Control Systems -ICS). In the last decade SCADA technology has gone from being isolated systems into open architectures and standard technologies that are highly interconnected with other corporate networks and the Internet.
A consequence of this transformation is the increased vulnerability to outside attacks. One way to enhance the security of SCADA is through the application of patches.
ENISA has identified several best practices and recommendations regarding patching that can improve the security posture of SCADA environments, such as increase in depth defence through network segmentation to create trusted zones that communicate using access controls, and hardening the SCADA systems by removing unnecessary features.