Can’t Protect What You Can’t See – Asset Identification In OT
Technologies and the use of these in industrial systems where data and control commands rapidly flow between networks is a norm now. Making sure these systems are protected from potential threats is becoming (in addition to safety) a core requirement.
Share This Article:
There are many well-known detective and preventative strategies to achieve this. Asset identification is a key foundational requirement before any of those strategies having a decent chance to be effective.
Understanding Asset Identification
Asset identification refers to the process of cataloguing and classifying all digital and physical components within an organisation’s network. These assets include hardware (servers, routers, switches), software (applications, databases), data repositories, and even personnel. The goal is to create a comprehensive inventory that provides visibility into the organisation’s attack surface.
Why Does Asset Identification Matter?
Risk Assessment and Prioritisation
Asset identification enables organisations to assess the risk exposure associated with each component. Not all assets are equal; some are more critical than others. By identifying and categorising them, security teams can prioritise efforts and allocate resources effectively.
For instance, a vulnerable web server on the border between an ICT and OT network could allow for a launch point/vector to provide lateral movement. Asset identification allows organisations to focus on securing the former first.
Reducing Attack Surface
The larger an organisation’s attack surface, the more vulnerable it becomes. Unidentified or unmanaged assets create blind spots that attackers can exploit. By identifying all assets, organisations can reduce their attack surface by implementing proper security controls and monitoring.
Standards Compliance
Many standards (such as NIST 800.82, IEC 62443 etc.) mandate asset identification and management as a key part of their foundational control requirements.
Incident Response and Recovery
During a security incident, rapid response is crucial. Asset identification ensures that incident response teams know what they’re dealing with. Knowing the location of critical assets allows for targeted containment and recovery efforts.
Lifecycle Management
Assets have lifecycles: acquisition, deployment, maintenance, and retirement. Accurate identification facilitates effective lifecycle management. Outdated or unsupported assets can become security liabilities.
Challenges in Asset Identification
Shadow Technology
Employees often introduce unauthorised devices (shadow technology) into the OT network. These assets remain hidden from official inventories, items such as Wi-Fi hotspots, Vendor laptops, LTE modems etc can provide a direct connection into otherwise largely segmented and secured operational networks.
Automated Discovery
The use of automated scanners is also not always appropriate depending on their implementation correct placement and operation of these tools will avoid any potential issues.
Current Leading Practices for Effective Asset Identification
Tagging and Categorisation
- Assign tags or labels to assets based on their criticality, function, and location.
- Use a consistent naming convention.
Collaboration
- Involve all teams across IT, OT, security, and business units in asset identification. Their combined knowledge ensures accuracy.
Regular Audits
- Conduct periodic audits to validate the asset inventory. Remove obsolete or unauthorised assets.
Integration with Vulnerability Management
- Link asset identification with vulnerability assessments. Prioritise patching based on asset criticality.
Conclusion
Asset Identification in Operational Networks is a key recommendation of many standards. Having an experienced internal team or a partner who understands the implementation and assurance against these standards can be critical in understanding how an organisation is performing.
As a foundational control, asset visibility should tie into existing asset management strategies and should align with other known asset management system standards such as ISO 55001.
Technologies and the use of these in industrial systems where data and control commands rapidly flow between networks is a norm now. Making sure these systems are protected from potential threats is becoming (in addition to safety) a core requirement.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.