As easy as it was to blame operators for not keeping their systems up to date, patching and updating the software that runs large-scaled industrial machinery or touches the grid is no easy thing. Automated patches were still big no-nos inside critical infrastructure networks. Often any software updates to these systems need to be approved at high levels, and often only occur during narrow maintenance windows or when it is safe to pull systems offline—which can easily mean once or twice a year. Even critical patches, like the one Microsoft had rolled out for EternalBlue’s underlying bugs that
...more
