The most important aspect of asset management is the starting point: awareness of what assets you have. This is especially true when the assets connect to your networks, as they're also potential cybersecurity vulnerabilities.
Because you can only respond to something about which you're aware, checking and managing the assets themselves is also the first step in the cybersecurity chain. In other words, knowing who and what is connected to your system allows you to determine what's connected that shouldn't be.
Fortunately, there are many tools available that can passively scan your wired and wireless networks on a regular basis to find all the connected devices. That information can then be compared against a database of what should be there, and issue alerts about any discrepancies. Almost everyone who does a first scan of their system, especially a wired system, finds something they didn't know was there and, in many cases, consuming significant bandwidth.
Similar tools are available to watch overall network health for changes in traffic patterns, and report the same over a standard interface, so proper actions can be taken before an event grows into an incident.
Compared to fixed networks, wireless networks offer some additional tools to effectively manage assets that can move, potentially transferring across access points or between physical networks. Because of these unique challenges, wireless sensor networks (WSN) tend to have more basic, built-in security features, as well as tools to keep track of moving assets. These include:
- IEEE 802.15.4 radio networks and specific protocols;
- AES-128 encryption for all communications within the network and the gateway;
- Individual device session keys to ensure end-to-end message authenticity, data integrity, receipt validation and secrecy (non eavesdropping by other devices in the mesh network) through data encryption; and
- Hop-by-hop cyclic redundancy check (CRC) and message integrity code (MIC) calculations to ensure message authentication and verification of the source and receiver of communications.
The above list reflects tools from a wireless perspective, but the same reasoning holds for all digital assets, particularly if they're able to communicate with one another via an RS-232/RS-485 serial connection, or a digital protocol such as one of the fieldbuses on which devices tend to “auto-negotiate” to announce their presence on a network, or a HART device that fires up once power is added.
I understand work is being done through a dedicated ISA-99 Working Group as well as some of the fieldbus consortia to address security vulnerabilities at the wireless and wired field sensor level. More on these developments when they're published.
The larger and more difficult asset management challenge is with IEEE 802.11 (Wi-Fi) devices as they seem to be everywhere. Being so prevalent means these devices are constantly moving in and out of different hotspots, and have the potential to connect to plant networks as well.
Both 802.11 and 802.15.4 employ the clear channel assessment (CCA) technique, which means they listen to the channel to make sure there are no ongoing transmissions before starting to send. This prevents collisions, but it also has the effect that if you're using a software-based network monitoring tool, you may not capture the true total picture.
Cybersecurity is a constantly changing landscape. However, not knowing what you're trying to manage compounds the problem. Asset management not only keeps an inventory of networked equipment, but it also provides information on the nature of each device and its capabilities, from which it's possible to infer expected behaviors under different conditions. Knowing what you have where is also an important step in being able to respond and react when something requiring intervention does occur.
“When it comes to security,” it’s often said, “asset awareness is the first step to a solution.”
About the author: Ian Verhappen