To Improve Cybersecurity, Don’t Wait on Firmware and Software Updates
July 27, 2021
By Tad Palus, Senior Global Product Manager, Rockwell Automation
One of the key ways to help protect your organization against nefarious actors and cyberattacks is proactive firmware and software management.
Keeping your firmware and software up to date isn’t a one-off exercise. It’s a process. And manufacturers are well advised to adopt version updates as they become available.
Especially as more manufacturers implement digital strategies to improve operational efficiency, reveal data-driven insights, and use cloud-based technologies, maintaining firmware and software is increasingly critical.
Align with Global Security Standards
Lifecycle management is a major part of standard recommendations to mitigate current and future cybersecurity vulnerabilities for industrial automation and control systems.
ISA/IEC 62443-4-1 includes requirements for securely developing and maintaining products used in industrial automation and control systems. These requirements apply to new or existing processes for developing, maintaining, and retiring hardware, software, or firmware.
And while the requirements apply to the developer and maintainer of a product, and not to the integrator or user of the product, it’s in your best interest as a manufacturer to be sure your systems comply.
But how do you stay on top of all the firmware and software installed across your enterprise? And how do you make sure you don’t miss updates, so your systems remain compliant?
Having a plan in place is important. But a mix of tools and support from your technology providers can also help you more easily manage your software and firmware.
Stay Informed, Stay Current
Keeping track of firmware and software versions comes with its frustrations. Chances are, you don’t have central visibility into what versions are used across your plants. And deploying new versions, such as when you’re updating firmware one device at a time, can be a burden.
Fortunately, new and completely free tools can greatly ease firmware and software management.
Using a firmware management tool, you can quickly see what versions are installed on your industrial control devices and review the latest versions available. You can also flash update one or multiple devices in one session. And you can see information like announcements, release notes and the lifecycle stage of your devices all at a glance.
A software management tool can provide similar relief for managing your automation software. The tool can give you visibility into what software you have installed and their versions, as well as if updates are available and where you can get them.
In addition to these tools, your technology provider can also help simplify version management. At Rockwell Automation, for instance, we recently updated our version lifecycle policy to help you more proactively keep active products current.
By going to the Product Compatibility and Download Center (PCDC), you can now quickly assess the statuses of your firmware and software products, along with their version lifecycles. Version Lifecycle statuses fall into four categories:
- – Preferred – This is the latest and recommended version of the software or firmware. By adopting this version, you can be confident Windows OS support was established by policy at release. This version is also given priority to resolve both cybersecurity and functional anomalies, and for Windows OS patch qualification.
- – Managed – If you can’t adopt a preferred version due to hardware dependencies, this version can be adopted. This software or firmware may be updated to maintain recommended Windows OS support and is given priority for patches to mitigate cybersecurity anomalies.
- – Limited – This indicates support is available, but the version is not current. It is available for phone and self-assist support. However, this version may be running on outdated (and unsupported) Microsoft OS. This version is not given priority for anomaly resolution.
- – Retired – This indicates you can find information on PCDC about the version, but it is no longer downloadable. Phone and self-assist support are available. This version will not receive any cybersecurity or functional patches to address anomalies.
https://www.rockwellautomation.com/en-us/company/news/blogs/keep-firmware-software-current.html
