Keeping an accurate and up-to-date asset inventory list is a vital first step in any comprehensive cybersecurity program. You can’t protect what you can’t see, but unfortunately, lack of visibility into ICS assets is a common theme across industries worldwide. A 2017 survey by the SANS Institute found that 40% of ICS security practitioners “lack visibility or sufficient supporting intelligence into their ICS network”. To make informed decisions about how to prioritize spending and create security plans to safeguard its employees, reputation, and bottom line, an organization needs complete knowledge of its assets and their vulnerabilities.
When choosing an approach to identify assets, there are a few options. One is to use a method like random network scanning, which comes with some risks. If there is process interruption or system downtime, that leads to financial loss, and in more extreme cases, damage to the industrial environment or even employee injury may occur if safety controls are compromised. Another (less risky) way is through physical inspections, but this method is time-consuming, costly and error-prone.
Fortunately, there is a technique that can identify assets accurately, safely and cost-effectively. Passive network monitoring solutions are invisible to the network and have no impact on the process, collecting asset information such as type, version and location by listening to traffic already traveling through the network. Because of the automated and passive nature of this method, operators can continuously track asset information and behavior, which greatly increases the efficiency of a traditionally expensive operation like maintaining an accurate asset inventory.
Four business advantages of using passive network monitoring for asset inventory in ICS include:
- Significant Cost Savings
An efficient asset inventory procedure saves time, which saves money. Because the information is aggregated onto a single pane of glass, the asset owner has immediate access to the correct serial number, firmware version, and software version when talking to support staff. It even allows asset owners to easily evaluate the progress of maintenance activities to ensure vendors are fulfilling work orders on schedule and in compliance with network policies. Automating asset inventory also reduces the costs associated with physical inspections, including paying personnel to perform frequent site visits and vehicle maintenance expenses.
- Improved Incident Response
An accurate asset inventory list helps you plan effective incident response strategies. Once you know what assets you have, you can conduct thorough vulnerability and risk analyses to prioritize assets and spending and prepare contingency plans to curtail damage from any unexpected malfunctions that may occur. The detailed information that passive monitoring provides allows users to understand the source, target, nature and potential impact of a threat. It also keeps a historical record of this information, so that, should an incident occur, organizations have the necessary data at their fingertips to continuously improve response strategies to ensure employee safety and minimize financial damage from unexpected downtime.
- Simplified Standards Compliance
Passive network monitoring makes complying with standards such as the NIST Cybersecurity Framework, NERC CIP, and IEC 62443 easier by automatically extracting information necessary for compliance. An inventory list compiled by passive monitoring tools provides comprehensive details of each asset, including IP address, host name, vendor and model of the asset, OS version, firmware version of ICS devices, and the device modules’ information. All assets and their communications are also visualized in an interactive network map and grouped by device type and/or network. This provides users with a clear understanding of which devices sit in which part of the network, and how they are connected with each other and can easily be exported to include in compliance documents, resulting in an audit-proof asset inventory with minimal user effort.
- Better IT/OT Collaboration
IT and OT are very different departments with very different responsibilities. IT’s top priority is protecting data. OT’s top priority is protecting the availability and integrity of the industrial process. However, because of the widespread adoption of IT protocols in OT networks, today’s IT and OT departments must cooperate to protect their ICS network. CIOs and CISOs now have to accept responsibility for any unexpected downtime, equipment damage or safety hazards in their industrial environments caused by cyber incidents. A passive asset inventory solution improves the strategic alignment between the two functions by providing real-time visibility behind the OT firewall and establishing a baseline that they can work from to defend the network together.
An effective security strategy starts with visibility into your assets, and SilentDefense provides an asset inventory solution for ICS that is economically, operationally and technically feasible.
To learn how you can simplify the asset inventory process and benefit from these business advantages, schedule a consultation with a cyber resilience expert.