Title: Survey on international standards and best practices for patch management of complex industrial control systems: the critical infrastructure of particle accelerators case study

Authors: Ugo Gentile; Luigi Serio

Addresses: Engineering Department, CERN, Geneva, Switzerland ' Engineering Department, CERN, Geneva, Switzerland

Abstract: Industrial control systems (ICSs) are control and data acquisition systems employed to control distributed assets with a centralised data acquisition and supervisory control. ICSs strictly rely on computer-based systems and on installed remote controllers, which are subject to a constant patch deployment to upgrade functionalities, to resolve security issues and to reduce potential flaws. The patch management is not a trivial process since it can introduce new vulnerabilities within the systems. A key factor to perform successful patch management is to comply with the recommendations provided by the international standards and by the best practices currently adopted in the industry. This paper surveys the few existing international standards on patch management and the best practices, currently adopted in industry, and evaluates the relevance of standards and the best practices to the context of critical infrastructures for particle accelerators.

Keywords: industrial control systems; ICSs; patch management; critical infrastructure; particles accelerators; critical computer-based systems; international standards.

DOI: 10.1504/IJCCBS.2019.098812

International Journal of Critical Computer-Based Systems, 2019 Vol.9 No.1/2, pp.115 - 132

Received: 23 Feb 2018
Accepted: 04 Dec 2018
Published online: 02 Apr 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article