Today the DHS ICS-CERT published their second update for
their control system security alert for the Meltdown and Spectre CPU vulnerabilities.
The alert was originally
published on January 11th, 2018 and updated on 1-16-18.
The update provides links to three new vendor notification documtents:
• Emerson
(account required for login);
• General Electric (account required
for login, reference ID 000020832); and
The Schneider security notification has probably the most
reasonable guidance that I have seen to date:
“Schneider Electric is actively
monitoring vendor research into these vulnerabilities to determine appropriate
actions to be taken. At the time of this publication, information is being
updated rapidly and the impact of proposed mitigations and patches remains
unclear. Many of the initial mitigations proposed by hardware and operating
system vendors indicate a high level of potential performance impact, Schneider
Electric recommends caution if mitigations or patches are applied to critical
and/or performance constrained systems. If you elect to apply recommended
patches or mitigations in advance of further guidance from Schneider Electric, we
strongly recommend evaluating the impact of those measures on a Test &
Development environment or an offline infrastructure.”
Posts
No comments:
Post a Comment