%20(1).gif?width=229&height=128&name=March%20Assets%20(500%20x%20280%20px)%20(1).gif)
%20(2).gif?width=227&height=127&name=March%20Assets%20(500%20x%20280%20px)%20(2).gif)
Summary
Asset visibility and the collection of detailed data from industrial environments is not “cybersecurity” in and of itself, but it is the foundation of most cybersecurity programs.
What is Asset Visibility?
Asset visibility refers to the ability to see and track assets within an industrial control system (ICS) environment. This includes both physical assets such as machines, devices, and sensors, as well as logical assets such as software, protocols, and data. Asset visibility is important for identifying and understanding the various components that make up an OT environment, as well as for detecting and responding to potential security threats.
Taking it further, OT asset management refers to the process of managing and maintaining the assets within an ICS environment. This includes tasks such as configuring and updating assets, monitoring their performance and availability, and ensuring that they are properly maintained and secured. OT asset management is an ongoing process that helps to ensure the reliability, availability, and security of ICS assets.
OT Asset Management Requirements
OT asset management requires deeper level asset data and an on-going understanding of the state of systems within the OT environment. Both OT asset visibility and OT asset management are important for protecting critical infrastructure, and integrating the two is a significant step towards security maturity for ICS environments.
To effectively achieve a thorough understanding of the OT environment and its present risks, security teams needed an automated approach to identify, monitor, and manage every asset, regardless of its connected state, and document appropriate changes. A single source of truth enabled a centralised cybersecurity and compliance program that drove the organisation’s operational goals. With this, they could centrally address configuration and change management, vulnerability and patch management, version control, security baselines, risk assessments, incident response, and compliance reporting.
Often, organisations attempt to gather additional asset information through manual walkthroughs of their sites, documented through multiple Excel spreadsheets. This provides a point-in-time assessment that may quickly become outdated and is prone to human error. While this may fulfil a compliance requirement, it is not very effective for improving security posture.
The Importance of Sufficient Data
If security analysts do not have sufficient data, it can be difficult for them to make confident decisions. Teams need to have detailed endpoint information (such as OS details, software installed, patches, open network ports, firewall rules, user accounts, and NICs). They also need historical context, such as data about the asset's past configurations, changes to the asset, and any previous security events that may have occurred. This can provide valuable context and help analysts understand the full scope of the current incident. Furthermore, this is the level of detail required to prove compliance with stringent regulations such as NERC CIP, as well as the level of awareness emphasized in all leading industry frameworks and hardening best practices.
Organisations should monitor their environments with a blend of passive, active, and manual data collection methods. These should be tailored to the OT environment, as traditional IT approaches can disrupt operational processes. Early examples of this have caused some concern around “active” data collection methods while “passive” monitoring emerged as the solution of choice. This approach involved monitoring network traffic without actively interacting with the devices on the network. By using network taps and spans, organisations could gain insight into the traffic on their networks without the risk of disrupting their OT assets. Passive monitoring provides a good understanding of network activities, but it is limited in scope and can sometimes infer incorrect details about the actual assets.
For deeper insights and to meet regulatory expectations, the industry has refined active data collection methodologies that meet OT requirements. These refined approaches are now recognised as both safe and effective for OT environments, ensuring optimal operational security. Active methods can gather details that passive monitoring can't, like the specific applications on a device, its firmware version, open ports, and more — data that is the bedrock of any security and compliance program.
Our Recommended Approach
Taking an integrated data collection approach, blending active and passive, is the best approach for getting the most trustworthy OT asset data for improving security posture and meeting increasingly stringent compliance standards.
Having a single source of truth for asset owners that combines people, processes, and technologies to aggregate all these methods is essential for OT security progress. Advancing cybersecurity maturity for OT with enriched, comprehensive, accurate, and up-to-date OT asset data is key to securing critical infrastructure and industrial operations in our evolving threat landscape.
