For operators and owners of power generation systems, maintaining compliance and guarding against evolving cyber security threats represent critical, continuous imperatives. So it’s vital to quickly apply patches and fixes when vulnerabilities are identified. However, for resource-constrained operations teams, these patch validation, testing, and deployment efforts can present a number of challenges:
As part of the program, GE will test and validate antivirus (AV) and host intrusion detection (HID) signature updates as well as operating system (OS) patches. First, we’ll verify whether these new releases apply to your environment, and based on that, we’ll establish a list of candidates for testing. GE’s staff then test applicable updates in controlled, representative lab environments that offer safeguards against intrusion and tampering. Through this testing, we determine whether updates adversely affect the functional operation of the control system, related interfaces, or system communications. Based on our findings, we can exclude any updates that may introduce performance or availability issues. If a given patch is excluded, we provide documentation to support this exclusion.
Once patches have been tested and validated, we make them available to customers via a secure web portal. We provide cumulative updates so that your organization can stay completely up to date with the latest releases, even if an earlier update wasn’t applied. By delivering these complete, scripted packages, we make it easy for your team to incorporate updates into your transfer and change management processes.
The Patch Validation program is available as a stand-alone offering. Through the program, we deliver scripted files that automate the deployment of patches and antivirus updates. In addition, your organization can deploy these patches using Baseline Security Center. Baseline Security Center brings centralized management to the deployment process, reducing the need to run patch deployment tools locally on each system being patched. By harnessing these combined offerings, your team can enjoy even greater speed and efficiency gains.
The Patch Validation program helps your team more quickly and consistently apply patches and other mitigation tactics, so you can more effectively safeguard your environment and adhere to cyber security best practices.
With this program, you can more consistently and comprehensively comply with a number of government and industry cyber security standards, including North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), Nuclear Energy Institute (NEI) 08-09, and ISA 99/IEC 62443.
By employing the program’s validated, pre-packaged updates, your organization can avoid the potential risks of implementing patches that can have a negative impact on production environments.
By harnessing these services, your internal teams can reduce the time they spend on laborious efforts like patch testing. Plus, they can deploy tested and validated patches that have been proven to run in a similar environment—and so reduce the trial, error, and remediation efforts associated with implementing untested patches.