Identifying and mitigating industrial security risks and enhancing the protection of people, property, and information are essential considerations for all industrial control systems (ICS). We provide ICS security owners Patch Management and Product/System Upgrade Programs to keep these systems current. Additionally, we communicate timely and actionable information through security advisories to drive awareness.
We recognize the importance of cybersecurity for industrial control systems. We continually invest to deliver security quality in our products to create a greater level of protection in our customer's systems. For this reason, we complement our security design, testing, and manufacturing processes with a continual improvement process. The process helps address and communicate risks we may learn about well after our products are put to use.
When product security vulnerabilities are reported, we have an incident response process to investigate, determine appropriate mitigations, and communicate timely information with our customers. We also actively work with research communities to identify and resolve vulnerabilities. We work with national response organizations, such as ICS-CERT, to communicate and notify the broader community. Our transparency is meant to drive awareness and encourage customers to make informed decisions on what steps they should take to improve their security.
Patch management qualification programs should include policies, processes, and procedures to help ensure safety, security, and operational integrity of industrial control products and systems. Microsoft releases a range of security updates, operating systems, and other software updates to help improve security. We qualify certain Microsoft updates for software that impact our products. We also encourage continued planning and investment throughout the development lifecycle. This planning helps you move toward newer products and technologies, as existing product support and availability ends, or as products reach an end to their useful life.
We collaborated with Cisco® to develop Converged Plantwide Ethernet (CPwE) Architectures to provide education, design guidance, and best practices. These documents provide design considerations to deploy a holistic defense-in-depth industrial security policy to help secure networked assets. Leverage the specific design considerations to help with the successful design and deployment of an Industrial Demilitarized Zone (IDMZ). You can use Cisco Identity Services Engine within industrial automation plant-wide architectures.