Every Thursday, I summarize a podcast about cybersecurity so you can read it in about five minutes or less. This week features Sharon Brizinov, the principal vulnerability researcher with Claroty, who spoke with Lindsey O’Donnell-Welch of the Threatpost Podcast about security threats to industrial control systems. [Note: Questions and answers were edited for brevity and clarity.]
Lindsey O’Donnell-Welch: Can you talk a little bit about what types of challenges there are when it comes to patch management for industrial control systems?
Sharon Brizinov responded that his team at Claroty is responsible for finding vulnerabilities. So they assess different products from the security angle so the defenders can think ahead. Once the discover vulnerabilities, they prepare a proof of concept, write a report and send it to the vendor. From this point, the vendor needs to make sure the report is valid. And once they do that, the team works with them in order to fix the vulnerabilities. Sometimes the vendor asks for more information. Once the vendor has a pretty good idea of where the vulnerabilities are and how to patch them, they develop a patch or a new release with the fixed code. From this point, the team works with CERTs to distribute the information that new software releases and patches are out. The CERTs alert the community, specifically the industrial community, about the new vulnerabilities and the availability of patches.
To read more, click here to upgrade to premium!