Asset Management and ICS Security

Thursday, December 7, 2017 @ 04:12 PM gHale


By Dana Tamir
Given the increase in cyber attacks against critical infrastructures in the U.S. and abroad, the need to secure Industrial Control Systems (ICS) has never been greater.

Unfortunately, ICS networks are difficult to secure since they lack basic, automated asset discovery and management capabilities, common in IT networks.

Most ICS networks were designed and implemented before the advent of cyber crime, and the availability of automated asset management capabilities. Without an up-to-date and accurate inventory of ICS assets, including automation controllers responsible for managing physical processes, it is virtually impossible to assess risk and apply effective defenses.

RELATED STORIES
Cyber Adds to Downtime Costs: ARC-SANS
IT/OT Convergence, a SANS Focus
ARC-SANS: Security Education for Industry
ROK: Security Backdrop to Connected Plant

Beyond security, asset management can play a pivotal role in maintaining operational reliability and safety, since it enables OT personnel to track changes made to devices, prioritize threat mitigation efforts, restore misconfigured devices to a “known good” state, and plan maintenance schedules.

As ICS networks grow, so does asset complexity. The number and variety of different devices, versions and firmware within a network, coupled with decades of consolidation and M&A activities, can become manually unfeasible to manage.

Curing a Blindspot
In contrast to IT networks, where automated asset management is a given, industrial networks track their assets the old-fashioned way — via a mix of manual processes, notes, and spreadsheets. This inefficiency makes it virtually impossible to perform reliable discovery, maintain up-to-date asset inventories, and track changes to assets over time.

Poor asset visibility is a basic and serious deficiency because it affects everything else in the network. Without knowing the type, model, location, functions, and current configurations of devices, organizations cannot monitor them to ensure operational safety and reliability. Manual monitoring in ICS networks is especially difficult since devices (mostly industrial controllers) are proprietary boxes with vendor-specific communication protocols.

Poor or non-existing monitoring inevitably means that organizations are unable to implement basic proactive security measures. For example, organizations cannot take snapshots of current configurations, allowing them to restore devices to safe configurations if an incident occurs.

So, here are three major pain points users suffer:

Limitations of manual inventory management: This is time-consuming and prone to human error. Frequently, this approach provides data that is outdated or erroneous, or simply fails to uncover any information. This inefficiency is risky since new assets and changes are added on a regular basis.

Complying with cyber security regulations: Industrial networks must comply with new standards and regulations regarding cyber security.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), for example, requires organizations to implement an asset management solution that can identify, inventory, and manage all physical devices and systems.

Securing assets: Ten years ago, cyber security was a non-issue for ICS/OT networks, which were totally isolated from IT networks and considered insulated from cyber threats. Today, one of the biggest problems facing critical infrastructures is the weakness of their security.

Automated asset discovery is vital for meeting the security needs of ICS networks. Unfortunately, most organizations don’t know what devices they have in different segments of the plant. A typical ICS network contains controllers (PLCs, RTUs, or DCS controllers) from a mix of vendors.

Asset Management
The foundation for securing industrial networks requires the following: Deep visibility into control plane communication protocols; the capability to scan the network, discover devices, inventory them, and snapshot their settings; and continuous monitoring of activity on devices to detect unauthorized changes.

Implementing automated asset discovery and management can ensure all of an organization’s assets are not just easy to identify and audit, but equally easy to update, restore and protect.

Dana Tamir is vice president of market strategy for industrial cyber security technology provider Indegy. She has held cyber security-related management positions with IBM/Trusteer, Imperva and Symantec.



Leave a Reply

You must be logged in to post a comment.