是否修补OT系统——风险管理和工厂业务连续性中的日常难题.pdf

《是否修补OT系统——风险管理和工厂业务连续性中的日常难题.pdf》由会员分享，可在线阅读，更多相关《是否修补OT系统——风险管理和工厂业务连续性中的日常难题.pdf（16页珍藏版）》请在三个皮匠报告上搜索。

1、CYBERSECURITY OF OT/SCADA SYSTEMSTO PATCH OR NOT TO PATCH OT SYSTEMS-DAILY DILEMMAS IN RISK MANAGEMENT AND PLANT BUSINESS CONTINUITY1234567Vulnerability Identification in the OT/SCADA systems and security updates managementAccording to the ISA/IEC 62443-1-1 standard dedicated to the cybersecurity of

2、 industrial systems,avulnerability is defined as A flaw or weakness in the design,implementation,operation or management of asystem that can be exploited to violate the systems integrity or security policy.From a practical point ofview,published information on vulnerabilities is assigned to specific

3、 system components,both operatingsystems,applications and industrial devices(or more precisely,their firmware).When considering technological objects,it is worth remembering that they are a mixture of differentclasses(especially in the case of larger objects such as compressor stations and nodes),fo

4、r example we are dealing with OT/SCADA industrial devices(e.g.PLC controllers,HMI panels),SCADA applications,networkINTRODUCTION*Source:https:/information-devices,servers,computersoftwareoroperatingsystems known from office networks.This creates a verywide range of potential vulnerabilities.Historic

5、ally,thefirstavailableinformationonICScomponent vulnerabilities dates back to 1997,whenonly two vulnerabilities were published.However,thepicture has changed significantly since then.1234567Vulnerability Identification in the OT/SCADA systems and security updates managementSTATISTICSCurrently,thousa

6、nds of new vulnerabilities are identified per year for OT/SCADA components.More than 60%of newly identified OT/SCADA component vulnerabilities in 2024 were assigned a severityscore(CVSS)of high or critical.Numbers of OT components vulnerabilities published in 2014-2024*Information based on:https:/ d