Most industrial Control Systems (ICS) were designed and implemented decades ago. Therefore they lack basic asset discovery and management capabilities common in IT networks.
Process industries have traditionally struggled to maintain an accurate asset inventory. According to a survey of 185 process industry professionals performed by TechValidate for Intergraph, 61% of owner-operators “lack complete confidence in their ability to find information needed to support response to an emergency.” More than half spend 20-80% of their time just finding and validating plant information, including conducting walk-downs.
With the growing risk of cyber threats, many process industry organizations are looking to secure their ICS networks. However, without fully understanding the assets in scope, it is impossible to do a risk assessment and apply effective defenses.
Why ICS Networks Lack Asset Management
Unlike the highly evolved world of IT networks, where automated discovery solutions and very sophisticated asset management practices are a given, industrial networks often rely on a patchwork of manual processes, notes and spreadsheets. Many plants have been storing facility information across various disjointed engineering information systems and struggle to gain a full picture of their assets. As older operational professionals leave the workforce, it is becoming even more difficult to track changes to these assets over time.
What’s Needed to Implement Asset Management in ICS Networks
ICS network asset management is typically deficient in three key areas — discovery, maintaining an accurate up-to-date asset inventory and tracking changes to assets over time.
Automated asset discovery is key to securing these networks. Identifying new assets that have been deployed, or retired assets that have been decommissioned, provides the visibility needed to protect them and helps prioritize security efforts. Since the deployment of these networks is always accompanied by documented changes to the original design, it is impossible to rely on the blueprints.
A typical ICS network contains controllers (PLCs, RTUs, DCSs) from a mix of vendors such as GE, Rockwell Automation, Siemens and Schneider Electric. Each of these technologies comes with a different set of requirements and challenges. It’s difficult to plan maintenance projects and design effective protections without knowing what type of assets are in scope. A comprehensive asset inventory, that includes information about the manufacturer, current firmware version, latest patches and current configuration, enables better ongoing management of these devices. It can also support backup and recovery in case there is a need to restore devices.
Meanwhile, inventory management is usually performed using manual processes for tracking changes, which are often inaccurate and error prone. With continuous changes being made to these networks over time, the only way to ensure a complete and accurate asset inventory is to implement an automated and continuous discovery process. This also ensures new assets are identified as they appear on the network, and helps track and validate that assets were properly deployed or retired.
Conclusion
Automated asset discovery and management is the first step for ensuring operational continuity, reliability and safety. Without it, it’s impossible to know what devices exist, when and what changes are made to them, and how to restore them to a “known-good” state. It also plays a key role in planning maintenance projects, deploying defense mechanisms, and carrying out effective incident response and mitigation efforts.
Related: Learn More at SecurityWeek’s ICS Cyber Security Conference