The need to secure Industrial Control Systems (ICS) has never been more acute, given the widespread and growing risk of cyber threats.
In fact, a recent report by EEF and AIG on cybersecurity for manufacturers found that 41% of companies do not believe they have access to enough information to even assess their true cyber risk.
One of the reasons? Many ICS networks lack a critical security capability — automated asset management. This is not surprising, since ICSs were designed and implemented decades ago, when cybercrime didn’t exist and these systems were isolated and segregated from the rest of the network.
Without an up-to-date and accurate inventory of ICS assets, including the automation controllers responsible for managing physical processes, it is virtually impossible to assess risk and apply effective defenses.
Moreover, automated asset management is important for operational reliability and safety, as it enables managers to track changes made to devices, prioritize threat mitigation efforts, restore misconfigured devices to a "known good" state, and plan maintenance and replacement schedules. Why is automated asset management is vital to ICS networks?
Eliminate Manual Error
Using manual processes for inventory management is both time-consuming and prone to human error. It often produces information that is missing, outdated, or erroneous.
In addition, this approach cannot cope effectively and accurately with the constant flow of new assets into a network. Inaccurate data creates security weaknesses and holes, which cyber-criminals can easily exploit.
The only way to ensure complete and accurate asset inventory is to automate the continuous discovery process. Automation delivers other major benefits. It enhances productivity and eliminates tedious tasks, like compiling and maintaining spreadsheets. With an automated solution, engineers can devote their time and knowledge to more important tasks.
Simplify Regulatory Compliance
In light of the growing number of cyber-attacks against critical infrastructures, such as the take down of Ukraine's power grid and the Dragonfly campaigns targeting the energy sector, new standards and regulations have been established. These govern the baseline cybersecurity measures that must be put in place to minimize risk to critical infrastructures, ensure public safety and operations continuity.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), for example, provides a set of industry standards and best practices to help organizations manage and reduce cybersecurity risk to critical infrastructures and the ICS on which they rely.
In order to provide comprehensive visibility into critical control assets and activities associated with them, NIST requires organizations to implement an asset management function for the purposes of identifying, inventorying and managing all physical devices and systems.
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) is a set of requirements designed to secure the assets required for operating North America's bulk electric system. Similar to NIST, one of the most important elements spanning all NERC CIP regulations is the identification of critical assets and critical cyber assets.
Compliance with NIST, NERC and similar regulations worldwide requires effective automated asset discovery and ongoing management of an asset inventory.
Improve Security
Automated asset discovery and management is essential for meeting the security needs of ICS networks. Unfortunately, most organizations don’t know what devices they have in different segments of their plants. A typical ICS network contains controllers (PLCs, RTUs, or DCS controllers) from a mix of vendors such as GE, Rockwell Automation, Siemens and Schneider Electric.
To build an effective security strategy, an organization needs to know the manufacturers, models, firmware versions, latest patches, and current configuration for each and every asset in the network. This is a tedious, manually intensive process, even in small environments.
An automated asset discovery and management system helps organizations prioritize assets that require upgrades, maintenance, and other operational initiatives such as identifying devices that are affected by newly issued vulnerability notices. This information ensures that the most critical vulnerabilities are remediated first.
Ensure Operational Continuity
In the event of a failure caused by a cyber-attack or human error, restoring affected devices to a "known good" state so that downtime is minimized is critical. Fast recovery requires accurate and up-to-date information about the device in question, including a complete history of changes, in order to understand what happened, when, and who might have been responsible.
An automated asset inventory can provide this much needed historical information for device recovery, enabling organizations to recover more quickly from cyber-attacks and unauthorized device changes, minimizing the impact on operations and security.
Asset management plays a central role within a comprehensive industrial cybersecurity program, since “You cannot secure what you don’t know about”. It provides the visibility needed to avoid being front page news -- for the wrong reasons.