Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

The Role of Asset Management in ICS Network

Most industrial Control Systems (ICS) were designed and implemented decades ago. Therefore they lack basic asset discovery and management capabilities common in IT networks.

Most industrial Control Systems (ICS) were designed and implemented decades ago. Therefore they lack basic asset discovery and management capabilities common in IT networks.

Process industries have traditionally struggled to maintain an accurate asset inventory. According to a survey of 185 process industry professionals performed by TechValidate for Intergraph, 61% of owner-operators “lack complete confidence in their ability to find information needed to support response to an emergency.” More than half spend 20-80% of their time just finding and validating plant information, including conducting walk-downs. 

With the growing risk of cyber threats, many process industry organizations are looking to secure their ICS networks. However, without fully understanding the assets in scope, it is impossible to do a risk assessment and apply effective defenses.

Why ICS Networks Lack Asset Management

Unlike the highly evolved world of IT networks, where automated discovery solutions and very sophisticated asset management practices are a given, industrial networks often rely on a patchwork of manual processes, notes and spreadsheets. Many plants have been storing facility information across various disjointed engineering information systems and struggle to gain a full picture of their assets. As older operational professionals leave the workforce, it is becoming even more difficult to track changes to these assets over time.

What’s Needed to Implement Asset Management in ICS Networks

ICS network asset management is typically deficient in three key areas — discovery, maintaining an accurate up-to-date asset inventory and tracking changes to assets over time.

Automated asset discovery is key to securing these networks. Identifying new assets that have been deployed, or retired assets that have been decommissioned, provides the visibility needed to protect them and helps prioritize security efforts. Since the deployment of these networks is always accompanied by documented changes to the original design, it is impossible to rely on the blueprints.

A typical ICS network contains controllers (PLCs, RTUs, DCSs) from a mix of vendors such as GE, Rockwell Automation, Siemens and Schneider Electric. Each of these technologies comes with a different set of requirements and challenges. It’s difficult to plan maintenance projects and design effective protections without knowing what type of assets are in scope. A comprehensive asset inventory, that includes information about the manufacturer, current firmware version, latest patches and current configuration, enables better ongoing management of these devices. It can also support backup and recovery in case there is a need to restore devices. 

Meanwhile, inventory management is usually performed using manual processes for tracking changes, which are often inaccurate and error prone. With continuous changes being made to these networks over time, the only way to ensure a complete and accurate asset inventory is to implement an automated and continuous discovery process. This also ensures new assets are identified as they appear on the network, and helps track and validate that assets were properly deployed or retired.

Conclusion

Automated asset discovery and management is the first step for ensuring operational continuity, reliability and safety. Without it, it’s impossible to know what devices exist, when and what changes are made to them, and how to restore them to a “known-good” state. It also plays a key role in planning maintenance projects, deploying defense mechanisms, and carrying out effective incident response and mitigation efforts. 

Related: Learn More at SecurityWeek’s ICS Cyber Security Conference

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

ICS/OT

Serious vulnerabilities found in Econolite EOS traffic controller software can be exploited to control traffic lights, but the flaws remain unpatched.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...

ICS/OT

Vulnerabilities in GE’s Proficy Historian product could be exploited for espionage and to cause damage and disruption in industrial environments.

ICS/OT

A hacktivist group has made bold claims regarding an attack on an ICS device, but industry professionals have questioned their claims.

ICS/OT

Vulnerabilities in industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to OT networks.