Securing critical infrastructures and OT environments against attackers, requires more than anywhere else to think like them, especially because OT still provides a garden full of low hanging fruits. Where, in traditional IT environments, patching, even if not always easy, is doable and it has become a main priority in IT security trainings to point out the importance of keeping up with patch levels. Unfortunately, patching in OT environments is much harder for many reasons, i.e. due to incompatible hardware or missing approval from asset owners.
In this session we will talk about OT Patch Management Best Practices like inventory management, definition of criticality levels and the prioritization of patch deployment.