Cybersecurity Asset Management: What You Need To Know
What OT Assets Do I Have That Need Protection?
There are several types of Operational Technology (OT) devices; some resemble computers, while others have no physical similarities. Furthermore, there are many combinations and configurations of these OT devices, and they all have different and specialized functionalities. Even the smallest industrial devices (i.e., sensors) have been computerized with Internet connections to transmit readings back to control systems from anywhere. These technologies are found in several industries, including oil, gas and chemical, power and energy, industrial manufacturing and maritime, with the primary difference being the processes supported and the designs of the Industrial Control Systems (ICS) that support those processes.
The most common OT devices that need full visibility to minimize cyber risks include:
- Engineering Workstations (EWS) are OT devices that are extremely similar to traditional computers. They are used to make program changes to computerized control system devices and components. These devices are typically desktop towers, rackmount servers, virtual machines or laptops that run Microsoft Windows or Unix-based operating systems.
- Supervisory Control and Data Acquisition (SCADA) or Distributed Control System (DCS) typically offer very similar functionality to EWS from a programmatic perspective, but they can also contain controller logic, provide process historical repositories for trending and analysis or function as process alarm management devices.
- Human-Machine Interfaces (HMI) are computer-based technologies, but they are not always like traditional IT computers. HMIs are designed to provide operations personnel with a screen to view or control the processes that are being managed by the ICS. While many HMIs look like traditional computers or touchscreens, many also have the physical appearance of an industrial or proprietary component.
- Programmable Logic Controllers (PLC) commonly have computer programs stored in their ROM drives that are designed to perform complex operations based on sensor inputs or human operator commands. For example, PLCs can open valves to release pressure in tanks based on maximum thresholds, or timing events.
- Remote Terminal Units (RTUs) are like PLCs with limited capabilities, making them the least computer-like on this list. Typically RTUs are used as media conversion (think from serial to Ethernet communication), or as devices to extend PLC footprints. When we compare RTUs to our list of computer components, we see that only a subset applies.
How to Manage Your Cyber Asset Inventory Accurately
It’s common for organizations to maintain some form of automated asset inventory management for their Information Technology (IT) systems. So, if you deploy asset management systems on your IT networks, why aren’t you deploying them in your OT environments as well?
The most common reason organizations don’t invest in deploying automated asset management tools in OT environments is that the tools used in IT are highly intrusive and require agents to be installed on the end devices, i.e., computers and servers. Until recently, there was not an option to gather detailed asset information without these intrusive techniques. However, this is no longer the case. There are highly specialized technologies on the market today that passively collect asset information directly from the network traffic. (For you IT experts, think data packet captures.) You can now safely purchase passive OT monitoring technologies that minimize attack vectors by performing asset discovery, vulnerability management and much more.
Can Cybersecurity Asset Management Tools Keep My Organization Secure?
Anytime a new technology is introduced into your control system environment, there is the possibility of adding vulnerabilities and additional exposure to cyber threats. Asset management technologies are no exception. However, new technologies are designed with security posture and protection in mind. It is unlikely that a company that sells a security product has not already been audited and had to report the compliance results to their customers. Reputable technology providers should be able to produce a certificate of security compliance with their technologies in addition to references of past performance.
ABS Group: Your Cybersecurity Asset Management Partner
Asset Discovery and Management is an essential part of all information security frameworks, including the NIST Cybersecurity Framework, BIMCO v3, ISO-IEC 27000, NERC/CIP and IEC62443. You must know all of the assets on your attack surface before you can adequately protect them.
Our Asset Management service offerings include:
- Real-time visibility of your network and individual devices so you can understand and assess your complete attack surface adequately.
- Native communication protocols to query IT and OT devices in your ICS environment.
- Identification for asset owners and/or administrators who are responsible for risk posture and incident response.
- Streamlined IT and OT asset management processes and increased Configuration Database Management (CMDB) accuracy.
- An agentless option that deploys small, lightweight sensors on network segments with devices that need monitoring.
- Smart polling for operating systems and active querying to safely collect control device configurations.
- Installation of asset monitoring technologies as either virtual machines or physical devices.
- 24/7/365 monitoring for rogue devices and changes to existing assets, including periodic asset inventory reporting.