This group is the default community for every Energy Central registered member. We discuss and share a variety of topics related to the global power industry. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

Wand Waving - Patch Gap Analysis for Energy Utility

Source: Chris Thomas, Software Engineering Manager, FoxGuard Solutions

Arthur C Clarke once wrote that “any sufficiently advanced technology is indistinguishable from magic.”  I suppose software engineering should take it as a compliment that the latest in Patch Gap technology for the energy utility is being spoken of in such terms, but it nonetheless pains me to see the technical details glossed over like that.  If we’re to be doing any “wand waving,” someone should at least put on a robe and wizard hat and explain what’s going on.

Utilities are in various stages of implementing a patch management program that meets the NERC CIP-007 R2.1 standard for tracking, evaluating, and installing cyber security patches for IT and OT equipment on a 35 day schedule. Many utilities are relying on labor-intensive manually updated databases and spreadsheets to manage asset information and current patch levels. These methods can result in inconsistencies and errors.

Enter the “magic” of Patch Gap analysis which is broken down into two parts.  The first, which we’ll call “Asset Identification” gathers information on tracked assets using safe, non-destructive scripts.  This isn’t a broad-based scan of a network – carelessness like that can knock older, more sensitive systems off line – but a polite and intelligent identification of system state.

The results of the asset identification are encrypted and paired up with the vast catalog of patches and assets which are tracked as part of a Patch Availability Report.  This listing of “Available” patches forms the basis of the analysis yet to come.

The real magic of Patch Gap is in the relationships between patches.  You can think of the patches like the limbs, branches, twigs, and trunks (yes, trunks – plural) of a mangrove tree.  There might be more than one path from the leaf on the top of the tree to the ground and, when the tree grows a little, the path from the new-tallest-leaf to the ground might be very similar or very different.

Storing that kind of data in traditional database or – perish the thought – a spreadsheet, is essentially impossible so the ideal is to use a graph database to model it.  You’re probably more familiar with that technology than you think; it’s the same kind of database that underpins social networking sites like Facebook and LinkedIn. 

And just as LinkedIn can help you find the shortest path of contacts between yourself and Edward Snowden, Patch Gap can find the shortest path of patches between the current state of a system and its secure state.  The path, if you will, to the top of the mangrove tree.

There is, of course, a bit more to it than that.  There’s encryption, data transmission, anonymization, asset analysis, patch mining, patch identification, the problem of bi-temporal data, and a host of others besides.

But a magician never tells the audience exactly how the trick is done.

Emily  Bolinsky's picture

Thank Emily for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »