This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2018 ICS Cyber Security Conference! (View the full conference website here)  (You can Register for ICS Cyber Security Conference Here
Monday, October 22 • 1:30pm - 2:15pm
How NOT to Patch Critical Systems

Sign up or log in to save this to your schedule and see who's attending!

Patching critical systems can be a double-edged sword. The application of patches may mitigate known cybersecurity threats or support the increased safety, availability and reliability of our systems. They may also adversely impact our systems by interrupting operations or critical processes. Patches represent a point of resistance for systems that are designed to run continuously; but what if there were ways to avoid patching?

The application of a patch may not be the only mitigating technique for reducing cybersecurity risks. Mature security management programs provide additional opportunities for reducing risk aside from installing patches. Cybersecurity standards often account for the inability or non-necessity of installing patches to critical systems with the inclusion of appropriate levels of due diligence and understanding. Detailed knowledge of systems and the changes represented by patches may allow for correspondingly more specific, almost surgical, mitigation techniques.

Security management programs should be purpose built from the ground up to mitigate security risks; particularly those that are self-inflicted. We need to move beyond knowing what we have and reacting to threats and toward intelligent defense-in-depth strategies that also include passive and indirect protection methods. FoxGuard will discuss mature security management program elements specific to critical infrastructure and provide examples of how NOT to patch while managing cybersecurity risk.


Roger Rademacher

Solutions Architect, FoxGuard Solutions
Roger Rademacher has over 20 years as an IT Professional, Systems Engineer and self-proclaimed Security Evangelist. Roger has been working to secure Department of Defense and Critical Infrastructure using comprehensive vulnerability management practices and helps drive the development... Read More →

Monday October 22, 2018 1:30pm - 2:15pm