Building Bridges, Collaborating and Discovering Assets to Identify

Often in larger manufacturing organizations there are corporate offices, and they are responsible for not only corporate offices but also plants, mills, satellite offices. Depending on the maturity of the organizations and maturity of the environments and the overall age of the organization the plants, mils and satellite offices operate independently of each other. In recent years and with cyber awareness on the continuous rise it is important to identify all assets owned by the organization at large.

One of the most common misconceptions in Operational Technology (OT) environments is “we do not have to worry; it is not connected to the network.” This is most commonly not true, or it is a case of situational connectivity. It leads organizations with blind acceptance, which at the end of the day you cannot protect what you are unaware of.

There is a growing need for proper identification of all assets owned by organizations centralized. It is important to build relationships with plants, mills, and satellite office leaderships and have full top-down buy-in to have leadership support in order to successfully identify all assets in sites. This often time shines light on assets that are thought to not be connected to the network and one gets to the explanation of “well sometimes we plug it in to get updates, or for remote vendor support”.

It can be as simple as starting conversations with plant, mills and satellite office staffs by asking “What keeps you up at night?” Understanding in OT availability is priority the responses normally are centered around downtime. From an asset identification the conversation can start a chain reaction of asset discovery. When reviewing priority devices, if walking around look at devices connected or in the area of the equipment. By building the rapport through genuine questions this will open the door for more informative questions to be had and assets to be identified.

Asset identification in OT starts with meaningful conversations and pairs with through documentation. Document all discoveries that come through the sit-down conversations and begin to build a roadmap and plan for gathering the newly discovered assets in a centralized location. It is imperative that visibility is not just given at the corporate’s level but that the plants, mills, and satellite offices could go in a view what is in each site but with respective visibility with limitations around the roles of who can change the information ingested.