Timely patch management is a key requirement in ensuring the continued safe operation of control systems. For this reason, NERC CIP-007 R3 requires that utilities implement a Security Patch Management program for tracking, evaluating, testing and installing applicable cyber security software patches for all Cyber Assets within the Electronic Security Perimeter.
Many of Eaton's grid automation system solutions are based on Microsoft technology. Microsoft publishes security updates for its operating systems and applications on a regular basis. However, the deployment of a security update is a costly operation that can result in disruption of service. The decision that a utility needs to make is whether the cost of the update outweighs the risk faced from a potential attack stemming from an unpatched system.