Patching is useless most of the time, industrial control systems (ICS) security expert tells Senate committee.
By J.M. Porup
Patching security vulnerabilities in industrial control systems (ICS) is useless in most cases and actively harmful in others, ICS security expert and former NSA analyst Robert M. Lee of Dragos told the US Senate in written testimony last Thursday. The “patch, patch, patch” mantra has become a blind tenet of faith in the IT security realm, but has little application to industrial control systems, where legacy equipment is often insecure by design.
The Senate committee hearing highlighted the gulf between information technology (IT) and operational technology (OT) security, and how few of the lessons learned in the IT security space carry over to industrial security.
To read the entire article, please click here.