Recommended Practice for Patch Management of Control Systems [electronic resource].

Published:: Washington, D.C. : United States. Dept. of Energy, 2008.
Oak Ridge, Tenn. : Distributed by the Office of Scientific and Technical Information, U.S. Dept. of Energy.
Additional Creators:: Idaho National Laboratory, United States. Department of Energy, and United States. Department of Energy. Office of Scientific and Technical Information

Access Online

www.osti.gov

Availability

Finding items...

Restrictions on Access:

Free-to-read Unrestricted online access

Summary:

A key component in protecting a nation’s critical infrastructure and key resources is the security of control systems. The term industrial control system refers to supervisory control and data acquisition, process control, distributed control, and any other systems that control, monitor, and manage the nation’s critical infrastructure. Critical Infrastructure and Key Resources (CIKR) consists of electric power generators, transmission systems, transportation systems, dam and water systems, communication systems, chemical and petroleum systems, and other critical systems that cannot tolerate sudden interruptions in service. Simply stated, a control system gathers information and then performs a function based on its established parameters and the information it receives. The patch management of industrial control systems software used in CIKR is inconsistent at best and nonexistent at worst. Patches are important to resolve security vulnerabilities and functional issues. This report recommends patch management practices for consideration and deployment by industrial control systems owners.

Report Numbers:

E 1.99:inl/ext-08-14740
inl/ext-08-14740

Subject(s):

Engineering

Other Subject(s):

Note:

Published through SciTech Connect.
12/01/2008.
"inl/ext-08-14740"
Steven Tom; Dale Christiansen; Dan Berrett.

Funding Information:

DE-AC07-99ID-13727

View MARC record | catkey: 14104873