Emerson Launches Patch Management Technology for Distributed Control Systems (DCS)
Emerson released a redesigned patch management system for improving cybersecurity on DeltaV distributed control systems (DCS), managing patches from Windows and McAfee.
Emerson recently announced the launch of its newest weapon in the battle against cybercriminals. The Integrated Patch Management System is designed to interface with Windows and McAfee antivirus and security software to manage the various patches and implement them onto DeltaV distributed control systems (DCS).
Concept map of how the Integrated Patch Management system fits into cybersecurity for integrated patch management. Image used courtesy of Emerson
Integrated Patch Management System
The Integrated Patch Management System is a completely redesigned software suite designed to keep DeltaV DCS secure while also taking some of the workload off system administrators.
The Integrated Patch Management System gives better insight into which systems will be impacted by a patch upgrade and how to roll out such changes. How many times has a “patch” been installed that ends up causing more trouble than fixes? It’s a relatively common problem, as software companies cannot anticipate every system and application customers use. They can only patch security holes they have found, like for the recent Log4j vulnerability.
Unexpected reboots, hardware conflicts, and network interruptions due to software updates can wreak havoc on automation systems. The Integrated Patch Management System removes some of the guesswork of how a patch will affect system performance, which gives plant engineers a better understanding of how to prepare and shift workloads.
In a recent press release, Ken Semph, cybersecurity program manager at Emerson said, “In today’s environment of continual cybersecurity threats, organizations are more focused than ever on ensuring that critical software is kept up to date. Integrated Patch Management enables plants to apply more patches, more easily and securely, and more often, to increase confidence in overall cybersecurity posture.”
The Integrated Patch Management system thoroughly tests new patches against multiple configurations of Emerson products to ensure each system will perform predictably with each update. Then, the patches are made available for the system administrator to implement on the DeltaV systems.
The DeltaV DCS already has some integrated cybersecurity functionality, such as this firewall-IPD. Image used courtesy of Emerson
At a glance, the system administrators can see which systems have pending updates and take the appropriate actions. Each patch also shows relevant system impact information, such as whether the system will need to be rebooted. New patches can be installed one at a time, or across multiple machines, and can be performed at the machine or remotely as needed.
Benefit to Industry
Specific software systems, such as many Windows operating systems, decide that their patch is more important than the work being performed. They take focus, download the patch, install it, and force a reboot, often without the operator’s consent.
All shutdowns cost money, scheduled or not. Planned shutdowns can reduce the downtime’s cost, so knowing when a system needs to install a patch and choosing when to install it can save money. The patches will need to be installed, else cybersecurity threats like ransomware can seriously damage a factory. The Integrated Patch Management system allows the impact of each patch to be understood and planned.
