Characterizing and Modeling Patching Practices of Industrial Control Systems
Industrial Control Systems (ICS) are widely deployed in mission critical infrastructures such as manufacturing, energy, and transportation. The mission critical nature of ICS devices poses important security challenges for ICS vendors and asset owners. In particular, the patching of ICS devices is u...
Gespeichert in:
| Veröffentlicht in: | Performance evaluation review 2017-09, Vol.45 (1), p.9-9 |
|---|---|
| Hauptverfasser: | , , , , |
| Format: | Artikel |
| Sprache: | eng |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 9 |
|---|---|
| container_issue | 1 |
| container_start_page | 9 |
| container_title | Performance evaluation review |
| container_volume | 45 |
| creator | Wang, Brandon Li, Xiaoye de Aguiar, Leandro P. Menasche, Daniel S. Shafiq, Zubair |
| description | Industrial Control Systems (ICS) are widely deployed in mission critical infrastructures such as manufacturing, energy, and transportation. The mission critical nature of ICS devices poses important security challenges for ICS vendors and asset owners. In particular, the patching of ICS devices is usually deferred to scheduled production outages so as to prevent potential operational disruption of critical systems. In this paper, we present the results from our longitudinal measurement and characterization study of ICS patching behavior. Our analysis of more than 100 thousand Internet-exposed ICS devices reveals that fewer than 30% upgrade to newer patched versions within 60 days of a vulnerability disclosure. Based on our measurement and analysis, we further propose a model to forecast the patching behavior of ICS devices. |
| doi_str_mv | 10.1145/3143314.3078524 |
| format | Article |
| fullrecord | <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3143314_3078524</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_1145_3143314_3078524</sourcerecordid><originalsourceid>FETCH-LOGICAL-c864-87be976f41c1fc4cf2aa52d649b442e80fbc9e1e07d5f6e4bd448e264de179d83</originalsourceid><addsrcrecordid>eNotj8tOwzAURL0AiVJYs_UPpPXjxo8linhUCgKJ7iPHvqZBaYLssChfD6FZjGZGGo10CLnjbMM5lFvJQf5pI5k2pYALsmJcyaK01l6R65w_GeNacLMidXVwyfkJU_fTDR_UDYG-jAH7uby5yR_-wzzpPGY6RrobwneeUud6Wo3DlMaevp_yhMd8Qy6j6zPeLr4m-8eHffVc1K9Pu-q-LrxRUBjdotUqAvc8evBROFeKoMC2AAINi623yJHpUEaF0AYAg0JBQK5tMHJNtudbn8acE8bmK3VHl04NZ83M3yz8zcIvfwF8qlB1</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Characterizing and Modeling Patching Practices of Industrial Control Systems</title><source>ACM Digital Library Complete</source><creator>Wang, Brandon ; Li, Xiaoye ; de Aguiar, Leandro P. ; Menasche, Daniel S. ; Shafiq, Zubair</creator><creatorcontrib>Wang, Brandon ; Li, Xiaoye ; de Aguiar, Leandro P. ; Menasche, Daniel S. ; Shafiq, Zubair</creatorcontrib><description>Industrial Control Systems (ICS) are widely deployed in mission critical infrastructures such as manufacturing, energy, and transportation. The mission critical nature of ICS devices poses important security challenges for ICS vendors and asset owners. In particular, the patching of ICS devices is usually deferred to scheduled production outages so as to prevent potential operational disruption of critical systems. In this paper, we present the results from our longitudinal measurement and characterization study of ICS patching behavior. Our analysis of more than 100 thousand Internet-exposed ICS devices reveals that fewer than 30% upgrade to newer patched versions within 60 days of a vulnerability disclosure. Based on our measurement and analysis, we further propose a model to forecast the patching behavior of ICS devices.</description><identifier>ISSN: 0163-5999</identifier><identifier>DOI: 10.1145/3143314.3078524</identifier><language>eng</language><ispartof>Performance evaluation review, 2017-09, Vol.45 (1), p.9-9</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c864-87be976f41c1fc4cf2aa52d649b442e80fbc9e1e07d5f6e4bd448e264de179d83</citedby><cites>FETCH-LOGICAL-c864-87be976f41c1fc4cf2aa52d649b442e80fbc9e1e07d5f6e4bd448e264de179d83</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Wang, Brandon</creatorcontrib><creatorcontrib>Li, Xiaoye</creatorcontrib><creatorcontrib>de Aguiar, Leandro P.</creatorcontrib><creatorcontrib>Menasche, Daniel S.</creatorcontrib><creatorcontrib>Shafiq, Zubair</creatorcontrib><title>Characterizing and Modeling Patching Practices of Industrial Control Systems</title><title>Performance evaluation review</title><description>Industrial Control Systems (ICS) are widely deployed in mission critical infrastructures such as manufacturing, energy, and transportation. The mission critical nature of ICS devices poses important security challenges for ICS vendors and asset owners. In particular, the patching of ICS devices is usually deferred to scheduled production outages so as to prevent potential operational disruption of critical systems. In this paper, we present the results from our longitudinal measurement and characterization study of ICS patching behavior. Our analysis of more than 100 thousand Internet-exposed ICS devices reveals that fewer than 30% upgrade to newer patched versions within 60 days of a vulnerability disclosure. Based on our measurement and analysis, we further propose a model to forecast the patching behavior of ICS devices.</description><issn>0163-5999</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNotj8tOwzAURL0AiVJYs_UPpPXjxo8linhUCgKJ7iPHvqZBaYLssChfD6FZjGZGGo10CLnjbMM5lFvJQf5pI5k2pYALsmJcyaK01l6R65w_GeNacLMidXVwyfkJU_fTDR_UDYG-jAH7uby5yR_-wzzpPGY6RrobwneeUud6Wo3DlMaevp_yhMd8Qy6j6zPeLr4m-8eHffVc1K9Pu-q-LrxRUBjdotUqAvc8evBROFeKoMC2AAINi623yJHpUEaF0AYAg0JBQK5tMHJNtudbn8acE8bmK3VHl04NZ83M3yz8zcIvfwF8qlB1</recordid><startdate>20170918</startdate><enddate>20170918</enddate><creator>Wang, Brandon</creator><creator>Li, Xiaoye</creator><creator>de Aguiar, Leandro P.</creator><creator>Menasche, Daniel S.</creator><creator>Shafiq, Zubair</creator><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20170918</creationdate><title>Characterizing and Modeling Patching Practices of Industrial Control Systems</title><author>Wang, Brandon ; Li, Xiaoye ; de Aguiar, Leandro P. ; Menasche, Daniel S. ; Shafiq, Zubair</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c864-87be976f41c1fc4cf2aa52d649b442e80fbc9e1e07d5f6e4bd448e264de179d83</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><toplevel>online_resources</toplevel><creatorcontrib>Wang, Brandon</creatorcontrib><creatorcontrib>Li, Xiaoye</creatorcontrib><creatorcontrib>de Aguiar, Leandro P.</creatorcontrib><creatorcontrib>Menasche, Daniel S.</creatorcontrib><creatorcontrib>Shafiq, Zubair</creatorcontrib><collection>CrossRef</collection><jtitle>Performance evaluation review</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Wang, Brandon</au><au>Li, Xiaoye</au><au>de Aguiar, Leandro P.</au><au>Menasche, Daniel S.</au><au>Shafiq, Zubair</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Characterizing and Modeling Patching Practices of Industrial Control Systems</atitle><jtitle>Performance evaluation review</jtitle><date>2017-09-18</date><risdate>2017</risdate><volume>45</volume><issue>1</issue><spage>9</spage><epage>9</epage><pages>9-9</pages><issn>0163-5999</issn><abstract>Industrial Control Systems (ICS) are widely deployed in mission critical infrastructures such as manufacturing, energy, and transportation. The mission critical nature of ICS devices poses important security challenges for ICS vendors and asset owners. In particular, the patching of ICS devices is usually deferred to scheduled production outages so as to prevent potential operational disruption of critical systems. In this paper, we present the results from our longitudinal measurement and characterization study of ICS patching behavior. Our analysis of more than 100 thousand Internet-exposed ICS devices reveals that fewer than 30% upgrade to newer patched versions within 60 days of a vulnerability disclosure. Based on our measurement and analysis, we further propose a model to forecast the patching behavior of ICS devices.</abstract><doi>10.1145/3143314.3078524</doi><tpages>1</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0163-5999 |
| ispartof | Performance evaluation review, 2017-09, Vol.45 (1), p.9-9 |
| issn | 0163-5999 |
| language | eng |
| recordid | cdi_crossref_primary_10_1145_3143314_3078524 |
| source | ACM Digital Library Complete |
| title | Characterizing and Modeling Patching Practices of Industrial Control Systems |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-06T14%3A50%3A26IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Characterizing%20and%20Modeling%20Patching%20Practices%20of%20Industrial%20Control%20Systems&rft.jtitle=Performance%20evaluation%20review&rft.au=Wang,%20Brandon&rft.date=2017-09-18&rft.volume=45&rft.issue=1&rft.spage=9&rft.epage=9&rft.pages=9-9&rft.issn=0163-5999&rft_id=info:doi/10.1145/3143314.3078524&rft_dat=%3Ccrossref%3E10_1145_3143314_3078524%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |