ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Update the ABRCA Root CA Certificate for the ICSP Neural Scanning Station

book

Article ID: 219520

calendar_today

Updated On:

Products

Industrial Control System Protection

Issue/Introduction

The Appliance Birth Registration Certificate Authority (ABRCA) root CA certificate is the ultimate root of trust for all appliance certificates that Symantec products use. Symantec has created a new ABRCA root CA certificate to replace the one expiring in December 31, 2021. The new certificate will have an expiration date of December 31, 2037. 

The continued operation of your ICSP Neural Scanning Station requires that you complete the following actions in a timely manner. The ICSP Neural Scanning Station will require a software upgrade to version 6.1.4 to ensure proper certificate validation to enable full feature functionality. 

Resolution

Backup ICSP Neural Keys before Upgrading

Each ICSP Neural scanner station has a unique pair of encryption keys. The ICSP Neural Enforcement driver relies on the ICSP keys to ensure that a USB device is
scanned and validated only by the scanner station which is dedicated to your infrastructure.  As a best practice, we strongly recommend that you create a backup (export) of the keys and to store them in a secure location before performing any upgrade or troubleshooting methods.

To Export the ICSP Keys file:

1. Log on to the ICSP Web Interface (https://ICSP_Neural_IP_Address)
2. Navigate to the SCAN page
3. Click on the Import / Export Key File tab
4. On the Export Key File section, click Download Key File
5. Save the file to a secure location of your choice

Upgrading Internet Connected Devices

Customers that have ICSP Neural Scanners connected to the internet and have the Automatic Updates feature enabled will automatically receive this update when it is released but will need to reboot the device in order to complete the update. To ensure your Internet connected device is set to receive automatic updates, please follow the steps in the “Upgrading a scanner station which is connected to the network” section of the Upgrading the ICSP Neural Scanning Station document attached to this article.

This document also provides examples of what you may observe on the Software Updates page of the Local Web Console or the ICSP Neural Scanning Station screen once the version 6.1.4 software update is available and automatically downloaded.

Upgrading Off-line Devices

Customers with disconnected ICSP Neural Scanners will need to perform a manual upgrade by a USB Device.  You can follow the steps found in the “Upgrading a scanner station which is not connected to the network” section of the Upgrading the ICSP Neural Scanning Station document attached to this article.

Consequences of an Expired Appliance Certificate

If the appliance certificate expires, certain appliance-to-back-end communications flows that use the appliance certificate for authentication might stop working correctly, including:

  • Appliance certificate updates
  • Licensing automatic updates
  • Product and Definition updates
  • Diagnostics and Heartbeat uploads
  • Scanner and Malware event uploads

Other issues, yet to be identified, might also occur.

Consequences of an Expired Appliance Certificate

In the unfortunate event that you do not update the ICSP Neural Scanner to version 6.1.4 before the December 31, 2021 deadline and are experiencing issues with the scanning station, you may have to manually update the software using a USB storage device.  If this occurs, you can follow the upgrade steps found in the “What shall I do if the offline update installation fails?” section of the Upgrading the ICSP Neural Scanning Station document attached to this article.

Additional Information

 

Attachments

Upgrading the ICSP Neural Scanning Station_1631164506654.pdf get_app