Summary 185 issues: the first is that the blacklist must be continuously updated as new threats are discovered; the second is that there is no way to detect or block certain attacks, such as zero-days, and/or known attacks for which there is no available signatures. In con- trast, a "whitelist" solution creates a list of what is known to be good and applies very simple logic: if it is not on the list, block it. AWL solutions apply this logic to the applications on a host. In this way, even if a virus or Trojan does penetrate the control system's perimeter defenses and finds its way onto a target system, the host itself will stop that malware from executing-- rendering it inoperable. AWL is well suited for use in control systems, where an asset should have explicitly defined ports and services. In addition, there is no need to continuously download, test, evaluate, and install signature updates. Rather, the AWL only needs to be updated and tested when the applications used on the host system are updated. However, because AWL operates at the lowest levels of an operating environ- ment, it introduces new code into the execution paths of all applications and services on that host. This adds latency to all functions of the host, which may cause unac- ceptable delay for time-sensitive operations, and requires full regression testing.