Most of the Industrial Control Systems (ICS) that we are seeing today were designed and implemented more than a decade ago. That is the reason why most of these systems lack basic asset discovery and management capabilities common in IT networks. Though process industries have traditionally struggled to maintain an accurate asset inventory, according to a survey, 61 percent of owner-operators lacked complete confidence in their ability to find the information needed to support response to an emergency. Whereas, more than half spend their time just finding and validating plant information, including conducting walk-downs.
As cyber threats are rapidly increasing, organizations are trying hard to secure their ICS networks. However, without understanding the assets completely, it is not an easy task to perform a risk assessment and apply effective defenses. A report by AIG and EEF on cybersecurity for manufacturers states that over 41 percent of facilities don’t believe that they have access to enough information to even assess the true cyber risk.
Even today, most of the ICS networks available lack a critical security capability and an automated asset management feature. However, this is not surprising, as ICSs were designed and implemented a long time ago, when cybercrimes were not even known to exist. Moreover, these systems were isolated and segregated from the rest of the network for offering a better user experience. Without having a precise inventory list of the ICS assets, it is nearly impossible to assess risk and apply effective defenses.
Manual Error
Relying on traditional manual processes in inventory management is both time-consuming and error-prone, which could lead to information that is missing, outdated, or erroneous. Moreover, such an approach cannot cope effectively and accurately with the constant flow of new assets into a network. Inaccuracy of the data is the key reason for security weaknesses and loopholes that cyber-criminals can easily exploit. One of the simplest and widely used methods to ensure complete and accurate asset inventory is by choosing to automate the continuous discovery process. Automation delivers other major benefits such as enhancing the productivity while eliminating tedious tasks like compiling and maintaining spreadsheets.
Regulatory Compliance
The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) defines a set of best practices and industry standards to help organizations reduce and manage cybersecurity risk. To provide visibility into some of the critical control assets and associated activities, NIST requires organizations to implement an asset management function for identifying and managing all physical devices and systems within a facility.
