Asset Discovery and Inventory- Why is it so important?

With attention to recent industrial cyber attacks such as the Ukrainian power grid attack in 2015 or the Triton/Trisis Malware attack in 2017, it is becoming more and more important to identify and remediate vulnerabilities in Operational Technology (OT). This […]

Asset inventory

With attention to recent industrial cyber attacks such as the Ukrainian power grid attack in 2015 or the Triton/Trisis Malware attack in 2017, it is becoming more and more important to identify and remediate vulnerabilities in Operational Technology (OT). This is also extended to key critical infrastructure industries such as Oil and Gas. The bitter truth is that a lot of companies struggle to manage effectively their OT Cyber Security risks. Mitigating the risk of cyberattacks is a meticulous process that requires extensive hardening mechanisms. The process entangles obtaining full visibility of all assets, establishing secure connectivity to every asset and protecting each asset with current patches and antivirus signatures.

Why you should have an eye on your assets

The convergence of IT and OT operations tend to be effective which provides greater control over each function in the manufacturing process and eases the decision-making process. Along with these perks comes a wider range of Cyber Security threats.

In reference to the ISA 99 Purdue model, the level 0 (Process Level) and level 1 (Basic Control) constitute a larger amount of assets such as field devices, sensors, Distributed Control Systems (DCS), Programmable Logic Controllers (PLC), Safety Instrumented Systems (SIS). These assets are often not assessed during a Cyber Risk Assessment.

The level 2 (Area Supervisory Control) constitutes the endpoints such as Human Machine Interface (HMI), engineering stations, servers, routers, switches, etc. The vulnerabilities associated with level 2 are often assessed and are well known.

Maybe you think that it is too much effort to assess the assets of level 0 and 1 during your Cyber Risk assessment. What a dangerous thought.  The vulnerabilities in level 1 and level 0 have the highest importance as they are responsible for delivering safe and profitable production. The presence of proprietary protocols, systems and architectures make asset discovery and inventory more difficult, which in turn increases the complexity of vulnerability and risk management.

Asset inventory
Fig 1. Vulnerabilities reported to ICS-CERT since FY 2010*

*Source: https://www.us-cert.gov/sites/default/files/Annual_Reports/NCCIC_ICS-CERT_2016_Annual_Vulnerability_Coordination_Report_S508C.pdf

The vulnerabilities reported to ICS-CERT are steadily increasing with every year which indicates with every vulnerability being found, it requires more and more effort to manage and remediate them.

Start with your asset inventory today

The first step in developing a security concept is to know what devices, equipment, and systems exist and how they are configured. The challenge of mapping all the assets have been overcome with the help of modern-day asset inventory tools which also provide information about the vulnerability that comes along with every asset. It also provides detailed information about current system configurations, firmware versions, operating systems, etc.

Without the aid of automated tools, the prospect of evaluating whether each asset is up to date with its firmware can be a daunting task. The vulnerabilities can change with every upgrade or change to the system and therefore, a regular and automated update of the vulnerability database is important to identify new vulnerabilities. A comprehensive, up-to-date asset inventory is pivotal in developing a security concept for Industrial Control Systems (ICS) network. The shortage of skilled Cyber Security personnel makes the asset inventory management process more complex as it takes an enormous effort to keep the database up to date. The complete automation of these tasks is effective, and it provides an effective way to manage the assets. Once the assets are known, a proper and effective Cyber Security strategy can be developed.

Asset discovery and inventory are a must in your plant security program

A plant security program should constitute asset discovery and inventory combined with a risk-based approach which can be invaluable for companies in managing their risks. Automated asset discovery and management is the first step for ensuring operational continuity, reliability, and safety. Keeping an up to date asset inventory helps also to perform the vulnerability assessments more effectively which is focused on risk reduction. With the new vulnerabilities coming up every day, it is becoming more and more important to know the assets better than the adversaries, as they say, “Prevention is better than Cure”.

Are you struggling too with managing your OT Cyber Security risks? Contact me (Ashok.Sadasivam@de.yokogawa.com) and we will find the right solution for you!


Picture credits: WrightStudio-stock.adobe.com

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top