Accurate and thorough visibility into operational technology (OT) assets serves as the bedrock for solid OT cybersecurity. Organizations need a trustworthy lay of the land that maps all operational assets in their industrial environments in order to effectively identify misconfigurations, manage vulnerabilities, and quickly understand which current threats are relevant to their business.
This blog is the second in an ongoing series to explain the different roles that OT asset visibility plays in a well-functioning industrial cybersecurity program. The previous post tackled how asset visibility gives an organization crucial insight into typical OT activity and workflows in their facilities. Understanding normal provides important context for monitoring and threat detection, as well as change management and incident response.
This time we discuss how an asset visibility program supported by automated collection makes it easier to accurately and continuously verify the industrial assets that are running in your environment.
The Pain in Managing an OT Asset Inventory
Many organizations depend on a tangled mess of manual and isolated collection processes to gather a loose inventory of OT assets. Most frequently this is tracked in Excel spreadsheets or Visio workflows that note asset purchases made over the years or assets identified during annual facility walkdowns.
This type of tracking takes up valuable resources to maintain across numerous OT production facilities. More crucially, it is prone to missing rogue assets and is almost always out of date.
78% of organizations admit that they do not have a complete inventory of the control system devices running in their industrial environments
SANS 2021 Survey: OT/ICS Cybersecurity
This means the cybersecurity team can never really be sure that the inventory is accurate. The true value of continuous visibility is that an updated asset inventory can become a source of real-time truth in monitored environments.
Sometimes there may be light automation thrown into the mix with limited collection mechanisms that are not specifically built for visibility in industrial environments. These solutions rarely provide a full scope of coverage.
Financially driven asset management systems are more concerned about tracking asset costs for writing off capital purchases rather than fully understanding the environment. Some systems developed by OT vendors might only handle assets within that single vendor’s purview. Other systems scrape information through offline configuration analysis that misses valuable information that comes from real-time communication of assets.
Few of these limited options provide the kind of comprehensive and unified information necessary for effective cybersecurity operations. When done well, OT asset visibility for ICS cybersecurity provides insight into not just the existence of an asset (including details like vendor, model, firmware version, etc.), but rich contextual information like which other assets it’s communicating with and prioritized vulnerabilities with guidance.
What You Need in an OT Asset Monitoring Solution
An OT-specific monitoring solution should be able to do the heavy lifting of tracking configuration states, versions, and mapping relationships between assets, presenting an accurate picture of the assets in use rather than just a laundry list of purchased asset models.
This allows organizations to validate asset lifecycles on retired and decommissioned assets, as well as find hidden rogue assets that have never been listed on the purchased asset spreadsheet.
Next up in our series, we’ll discuss how visibility can help to not only verify assets but also map and visualize the relationships and communication pathways they have with one another.
Ready to put your insights into action?
Take the next steps and contact our team today.