You’ve heard the same idea, probably a dozen different ways.
You can’t manage/secure/control/measure what you can’t see.
It’s a simple idea that is fundamental to any cybersecurity program but one that is still problematic within OT today. The first step in optimizing any system is to understand its parts and interconnections by making the system components visible. Only when the system components have become visible, can they start to be managed.
For IT and OT environments alike, asset management is comprised of collecting data, enriching data, providing context and connecting it to decision-making. Asset management enables the transparency required for system monitoring, vulnerability management, threat detection and incident response.
But when it comes to how assets get monitored and what data is collected, OT asset management (OTAM) and IT asset management (ITAM) requirements begin to diverge. We’ll look at some of these nuances first, then their impact on security decision-making.
While big picture principles of asset management persist across IT and OT environments, ultimately OT environments are more unique, teams get built differently, and organizational priorities diverge.
There are possibly disastrous consequences to mismanaging an OT environment that don’t exist on the other side of the perimeter. Disruption or downtime isn’t just costly to resolve and rebuild, but it also can have a significant impact on operations, production, brand name, and even safety.
Remember the classic CIA Triad? While IT security prioritizes confidentiality, OT security optimizes for safety via availability. Suddenly, that “time to repair” KPI takes on new urgency.
While predictability is core to IT modernization, OT environments are often built with less consistency and greater hardware and software complexity. These environments are also often more distributed and less connected than IT instances.
OT environmental performance is very sensitive to traditional IT security tactics, including anything that potentially disrupts or diminishes performance, such as continuous scanning.
IT asset management is largely about determining network presence, capturing location, system health, and a limited level of depth of detail around system configuration and software.
Successful OT asset management requires a much richer level of data to be effective. And it’s not simply a case of more operational data, which is always good, but foundational asset information that security and compliance teams can’t get any other way.
Mature IT environments are typically supported by a dedicated team, including security specialists. OT environments are often built and managed by smaller, scrappier teams with professionals filling multiple roles at once. Their focus is operational continuity, and they don’t have the time or training to become an OTAM specialist, and they certainly don’t have access to the modern orchestration and automation tools their IT peers use every day.
Add all these differences up, and we can begin to see why OTAM is so different and difficult. We see teams facing the same complex threats, determined enemies, and regulatory pressure as their IT peers. But they’re also responding inside environments and organizations built for different priorities.
That’s the bad news. The good news is that the right mix of people, process and technology can level the playing field for OT security teams and give them the ability to create a single source of OTAM built on granular customization around environmental specifics.
The unique requirements of OT asset management mean teams need more information and more ways to get at it. They also need to be able to quickly and effectively use this data to automate decision-making and generate compliance documentation, as required.
To capture as much OTAM data as possible, organizations typically use one or more collection methods in combination. In fact, our recent global OT survey found that organizations rely on passive, active, and manual data collection methods about equally.
They’re seeking what might be called a single source of OT truth to serve as an input to other key benefits, including broader visibility into the environment, faster remediation of tickets, and a better understanding of risk.
So, where IT organizations might standardize around one single method, optimizing for consistency in OTAM is less effective. Each approach is useful, but no single tactic is sufficient on its own to establish that single source of truth.
While multiple, overlapping monitoring methods give security teams an information-rich, context-informed view of OT assets, it creates its own challenges.
As it turns out, that consistency prioritized by IT can play a big role in making OTAM better. The more methods we can aggregate, the better this information can be collated and standardized, the more precise our ability to detect and respond gets.
OT experts know their environments best, which is why they deserve tools built by people who have faced those same choices and challenges. Industrial Defender helps OT security and operations teams aggregate all four collection methods into a single source of OTAM truth, giving them the visibility and control they need. Benefits of our solution include:
No matter where you are on your OTAM modernization journey, we’re ready to help you take the next right step. Learn more about our OTAM solution here: https://www.industrialdefender.com/solutions/ot-asset-management
Sign up for our newsletter and receive the latest on ICS cybersecurity, product updates and more.
Sign up for our newsletter to receive the latest
Industrial Defender news, updates and content.