Industrial control systems (ICS) across a range of critical infrastructure sectors have become highly-valued targets for various threat actors. In this field, financial and production losses are just the forefront of consequences, followed closely by the compromise of safety for facility workers and disruptions to end users. In order to maintain business continuity, enhance process efficiency and protect critical assets in the case of emergencies, it is critical for facilities to have a detailed inventory of assets and formulate strong defensive security capabilities.
There are specific techniques used to identify assets within industrial environments whilst avoiding disruption to processes. Creating an up-to-date inventory of assets can also highlight anomalies in connected devices, pinpoint operational problems and deliver full cyber-resilience for your systems. In terms of security - what it all boils down to is; it becomes incredibly difficult to effectively defend assets against threats when the scope is unknown, or visibility of the assets is limited - You can’t protect what you don’t know.
How to approach asset identification in industrial environments
Are you able to produce up-to-date and complete inventory of vendors, models, firmware versions and the configurations of your assets? If the answer is no, this could spark unnecessary and expensive complications further down the road. Knowing which assets operate within your facility and their current software specifications will allow for a deeper understanding of vulnerable surfaces - It’s all about knowing your systems better than anybody else.
To better understand which systems are in place, scanning techniques have been developed to scan for transmitted signals. Active scanning techniques used for traditional IT infrastructure requires interaction with devices within facilities, which can introduce disturbances to current operational processes in industrial environments. This is due to the age of many industrial facilities with fragile components as they are unable handle these intrusive requests. Passive asset scanning enables the user to identify facility hosts via observation of network traffic, without risk of interruption.
The benefits of utilising passive asset scanning techniques
The benefits of utilising passive scanning techniques extend further than simplify possessing a map of connected devices. Scanning can assist in three key areas:
- Identification of operational issues. This can include highlighting non-compliant data, unstable process values, incorrect process measurements or operators overwriting values.
- Ensuring devices are functioning correctly and optimally. Detection of misconfigured devices, the use of insecure protocols and issues with field device connectivity can be reported.
- Passive scanning can detect anomalies and deviation from security baseline, which could provide insight into undesired access and the interception of corrupt commands and payloads.
Amending these identified issues will improve your ICS network’s cyber resilience, reduce costs by averting potential downtime to systems and provide confidence knowing the assets have been analysed against major threats posing a risk against facility operations.
Based on knowledge and experience from past deployments, Applied Risk is able to execute a series of checks against an extensive library of threats to detect current weaknesses and vulnerabilities in your systems. As a result of mapping assets and recording vendors, software versions and other important device information, you will gain visibility of the assets that ensure the facility functions and in terms of security, the ability to evaluate the attack surfaces that may be presented to hackers. Considering that even if the majority of your control systems are secured extensively, hackers only need to successfully compromise one system with the correct access levels to be able to penetrate your networks.
Creating a plan of action
Once a greater understanding of your assets has been reached, it is then possible to introduce management of change processes to mitigate identified risks. This could include reducing unnecessary or trivial connections between devices, patch management, the segregation of networks and implementation of access levels to ensure low level devices do not have permissions to access sensitive data.
It is also important to formulate a response plan in the case of an attacker breaching security. In such an event, you will then be able to react swiftly against the existing threats according to your incident response plan, as an immediate response is necessary to ensure reliable and safe operations. This will in turn, minimise the damage caused by unnecessarily prolonging the asset identification process whilst facing a threat. Furthermore, appropriate defensive measures can be put in place for protection against future attacks.
As experts in the field of industrial control system security, Applied Risk utilises passive gathering techniques to help ensure no interruption to your business continuity. To better prepare you for emerging cyber threats, Applied Risk can provide complete and current identification of networked assets, ensuring enhanced visibility of your process control domain. Cybersecurity should enable your business to grow safely and we strive to provide a non-detrimental approach to securing your facility’s operations.
Learn more about OT asset discovery services here.