Convergence between Information Technology (IT) and Operational Technology (OT) networks requires a wide approach in order to ensure proper visibility and security. Find out here some fundamental tips for a proper asset inventory. This article is edited in collaboration with Tenable.
The OT risk exposure
The need to control OT processes to optimize business has led to a series of integrations and connections that expose OT systems to IT risks and vice versa.
As a result, integrated tools for visibility have become even more critical to ensure these two fields are efficiently protected, avoiding a siloed approach.
On the other hand, OT systems are not at the same level as IT systems in terms of security. These systems are usually older, have not been updated over time and are not part of an organized, structured context in terms of networking and data flow organization.
IEC 62443 best practices
Following the IEC 62443 best practices, all the Life Cycle phases required by industrial control systems can be covered by starting from Cyber Security Risk Assessment, Vulnerability Assessment and detection, and maintaining security over time against OT-related threats within an organized and systematic framework like the one found in management systems.
Across the three main phases dictated by the IEC 62443 scheme (Assess, Implement and Maintain), it is possible to obtain substantial results only when asset inventory is as accurate and detailed as possible.
Recommended in-depth study:
OT networks feature much longer system life cycles, lack of shared inventory and scarce visibility of the changes made to the devices compared to corresponding IT systems.
Unfortunately, there are often many devices connected to the company network for which there is no information (temporary access points left active by maintenance technicians, laptops, Internet of Things devices). These devices are often poorly configured and can become wide-open entryways for malicious attackers.
3 Tips for Asset Inventory
1. Vulnerability Identification
To solve any related issues, an absolutely indispensable piece for the cybersecurity risk assessment is a vulnerability identification tool able to search the endless vulnerability databases available online for the ones that correspond to the devices that are actually in the network being analyzed, separating them by category and prioritizing them by degree of danger.
Recommended in-depth study:
2. Active Approach
Taking inventory and classifying devices meets the first security rule: You can’t protect what you don’t know.
For this reason, a solely passive approach does not guarantee the necessary level of visibility. It is not always easy to capture all OT traffic, and not all OT devices communicate with each other.
3. Detection Technology
The choice of the detection technology is indeed fundamental. It is strongly recommended to implement only tested and patented technologies, which give visibility of all the devices in the network and allow you to classify them and obtain information on their status, their configuration, any changes in configuration and vulnerability in order to reach the goal of end-to-end cybersecurity. Click here to find out more about our recommended detection technologies.
Do you need immediate assistance in regard to Industrial Cyber Security?
Do you want to contribute to our page? Follow us on Linkedin
Go back to the blog