OT Asset Management: Securing Maximum Agility
Asset visibility is essential to maintaining a secure operational environment while also providing real-time insights.
Asset visibility plays a vital role in operational technology cybersecurity. When organizations continuously inventory and classify assets in their facilities, it becomes much easier to protect the entire OT environment.
“Asset management is really the foundational layer of cybersecurity, and it’s a critical component for effective communication between executives and operations staff,” said Ben Miller, Dragos Vice President of Services. “When executives hear about new OT threats in the wild that could impact anything from gas crackers to safety instrumented systems, how can they even get their arms around the relevance of these emerging OT risks to their business if they don’t have an inventory of assets identified and classified?”
Effective asset management enables teams to discover latent vulnerabilities, insecure configurations, and rogue assets. With a comprehensive asset inventory, security teams can determine if new threats apply to their environments more quickly, and they can respond faster to security incidents as they unfold. A clear OT asset portfolio gives decision-makers better information for planning their cybersecurity roadmaps and complying with security and safety regulations. Plus, once assets are properly managed, performance and efficiency can be analyzed and improved, maximizing uptime and profitability.
Unfortunately, many organizations struggle to get a clear view of the OT assets running in their industrial facilities. According to the Dragos 2021 Year in Review report, 86% of services customers have extremely limited or no visibility into the assets in their OT.
“With a comprehensive asset inventory, security teams can determine if new threats apply to their environments more quickly, and they can respond faster to security incidents.”
“Some of the visibility challenges are probably technology-related, but there’s also a need to broaden asset owners’ definitions of what should be considered within an asset inventory,” said Miller. “Comprehensive asset inventories need to include all the components and devices that support your operational process, whether those components are physical or virtual, software or hardware; and it’s not just about noting the existence of the asset.
“To make the data actionable, you need to capture and regularly update its version, firmware status, and configuration state,” Miller said. “Beyond each individual asset, it’s also critical to understand the relationships they have with one another and the communication pathways they establish inside and outside of the organization.”
An effective asset management program enables asset owners and cybersecurity teams to efficiently:
- Discover, identify, and classify OT assets correctly
- Create and continuously update an asset inventory
- Operationalize asset visibility by leveraging its benefits to increase uptime and profitability
From a cybersecurity perspective, continuous OT asset visibility capabilities make it possible to discover connectivity and communications channels operators didn’t even know existed; pinpoint active threats operating quietly in the environment; and identify insecure configurations, latent vulnerabilities, and rogue assets.
In a recent whitepaper, Dragos identified 10 ways that asset visibility builds the foundation for effective OT cybersecurity:
- Asset visibility and management facilitates an understanding of what “normal” means in your environment.
- A well-structured program verifies all OT assets, including those belonging to the Industrial Internet of Things.
- You’ll be able to identify and visualize asset relationships and communication pathways.
- Security teams can detect threats with high signal and low noise ratios.
- You’ll spot rogue assets that you didn’t realize were on your networks.
- An asset inventory provides critical information for incident response.
- Managing assets properly enables efficient mitigation of vulnerabilities and threats.
- Configuration detection can help to supplement change management.
- Compliance reporting will be easier and more clear-cut.
- A well-executed program will help you justify security investments and plan cyber roadmaps.
A Successful Path to Asset Management
An OT-specific, methodical approach toward data collection and asset inventory creation is critical for a successful asset management program. Recording important information, such as software version, physical location, asset owner, and priority, enables many cybersecurity and performance optimization activities.
“Operational technology environments are increasingly targeted by adversaries who try to weaponize organizations’ own hardware and software against them to disrupt industrial process controls. Implementing forward-thinking cyber strategies can help deter, detect and mitigate such threats,” said Ramsey Hajj, Global Cyber OT Leader with Deloitte & Touche LLP. “Cyber threat identification, detection, and prevention controls can help address OT security risks with steps to increase device visibility, segment OT networks, monitor security for the OT environment, correlate security information from OT and IT networks, and establish security operations centers to support ongoing, proactive efforts.”
“Organizations that want to develop an OT-specific, methodical approach to asset management will need a structured plan to determine and execute data collection requirements.”
IT has a long history of asset management and asset inventorying, so the tools, frameworks, and practices around gaining asset visibility are very well tuned to IT use cases. However, OT has unique environmental challenges that need to be managed across industrial assets — and IT tools, integrations, and processes are not designed to meet these requirements. A few simple examples of IT asset visibility tools and tactics that don’t translate well to the OT environment include:
- IT might utilize forced reboots of desktop computers for patch installations, but in an industrial environment, rebooting a workstation could result in weeks of unplanned downtime and introduce significant safety risks.
- You cannot put an agent on a PLC, because they often run firmware or operating systems that are not compatible with agents.
- An IT administrator who performs a network scan using NMAP in an industrial environment runs the risk of knocking sensitive devices like older controllers offline, disrupting production.
- In traditional IT environments, it would be perfectly normal to use active scanning tools for asset discovery and monitoring, but in industrial scenarios, passive techniques are often preferred – if not required – because they’re much safer.
Organizations that want to develop an OT-specific, methodical approach to asset management will need a structured plan to determine and execute data collection requirements. One resource that many OT asset owners use to guide their development of an asset management program is the Collection Management Framework for ICS Security Operations and Incident Response.[PB1] It provides a prescriptive, impact-driven reference based on years of customer experience that’s uniquely suited for the realities of the OT environment.
Whether organizations leverage the Collection Management Framework or some other method, having a plan that’s uniquely suited to OT environments is key.
It’s Not Just About Security
Asset management provides the foundation for a more secure facility, and it’s also the first step toward real-time insights, end-to-end visibility, and scalable solutions to manufacturing challenges. Smart manufacturing solutions can create insights and augment human intelligence with artificial intelligence to help overcome complex challenges, address key business objectives, and boost visibility and performance across the digital supply network. Predicting machine downtime by analyzing performance trends and actively managing the workforce to track worker safety and performance data are two proven benefits.
According to a 2019 Deloitte and MAPI study, 86% of manufacturers believe that smart manufacturing solutions will be the main driver of competitiveness in five years, but the transformation of legacy operations can be daunting. Transforming the facility requires collaboration between manufacturing, supply chain, and IT. New technologies should be adopted and the organization should focus on becoming more insight-driven.
“Transforming the facility requires collaboration between manufacturing, supply chain, and IT. New technologies should be adopted and the organization should focus on becoming more insight driven.”
Deloitte, Dragos and an ecosystem of solution providers, technology innovators, and academic researchers are working together to demonstrate how smart manufacturing solutions can transform enterprises. One such endeavor is The Smart Factory @ Wichita, an experiential center with a fully functioning manufacturing production line where asset owners can be immersed in custom simulations to understand business challenges and see first-hand how cybersecurity is integrated.
“The benefits of effective asset management are significant – this isn’t just a conversation about cybersecurity, although that’s certainly one of the most important benefits,” Miller said. “Asset management historically was manual and tedious work, but continuous and automated monitoring enables higher accuracy, increased productivity, and more agility in your operations. That’s a big upside, especially given its critical role in managing risk across cyber and safety domains.” M
About the author:
Jennifer Halsey is Senior Industry Marketing Manager at Dragos, Inc.