Manufacturing companies are increasingly investing in routine patching or patch management to improve their response to cyberattacks.
However, patching can be complex and disruptive in manufacturing and related support systems where the primary mission is safety then availability. Continuity of data monitoring must be maintained to demonstrate drug manufacturing conformance and compliance, and the activity of patching has the potential to impact manufacturing.
This is why BioPhorum’s Cyber Security team has published Manufacturing Patching Practices: Safeguarding the Manufacturing Environment, which proposes mitigation practices that should be considered to support a successful program of patching within the manufacturing environment.
The actions are grouped into seven practices that will support a successful program of patching:
- Senior sponsorship
- Operating model
- Staff skillsets
- Process, procedures, and governance
- Cyber security risk
- KPIs and reporting.
Focusing on operational technology, the paper looks specifically at patch management fixes that address vulnerabilities on software and applications that are susceptible to cyberattacks, helping organizations reduce their security risks.
It identifies barriers that can make patching difficult (or even impossible) and proposes mitigation practices to consider when overcoming these barriers and the associated risks.
These practices are not intended to be sequential in how they are read or the timing by which they are addressed or implemented in a company. To be successful, an evaluation should be done across all these practices to some degree. The ‘when and how’ would be determined by each company and its maturity and resource capability.
Implementing these practices will allow a more standard approach to patching and reduce the cyber risks associated with unsupported operating systems and applications. They will also reduce downtime and bring a more standard way of managing communications when patches are released. Finally, they will allow shortened patching assessment and deployment timelines while providing guidance for plant managers to address the risks and benefits of patching.
The team’s next project will investigate ‘vulnerability management’ in manufacturing, focusing on remediation approaches, prioritizing vulnerability mitigation, maximizing the use of resources, and developing a standard vulnerability reporting dashboard. If you would like to be involved in this project, please contact email@example.com