Automated cybersecurity asset inventory solution unveiled

Recently at PowerGen Africa in Johannesburg, ABB unveiled ABB Ability Cyber Security Asset Inventory, designed to reduce the time, cost and vulnerability associated with managing assets connected to online services: the so-called ‘cyber inventory’. ABB Ability Cyber Security Asset Inventory will be available from September 2018 for customers in the power and water industry before later being rolled out to all industries.

Cybersecurity standards require operators of critical infrastructure to assess their cybersecurity regularly. Typically, this is done every 12 to 24 months depending upon the corporate policy or national standard. To do this, an operator must first complete an inventory of the software, ports and services they have enabled within their control network. Until now, there was no global automated tool available that could collect the information and create such an inventory for an operator’s environment, so they had to either maintain their inventory manually or use consultants to deliver the work. Currently, most companies maintain their cybersecurity asset inventory in a manual way, which is time-consuming, expensive and results in their inventory being incomplete.

The new ABB Ability solution significantly reduces the need for any manual collection and formatting of asset data. It automatically captures changes in the inventory and updates the industrial cyber asset inventory. Users benefit from an evergreen view to support vulnerability assessment efforts.

For the first time, operations and security teams always have up-to-date cyber asset inventory, helping them to make better decisions about cybersecurity, life cycle and asset management. ABB says that automating the cybersecurity asset inventory process could save companies significant man-hours.

“Take an 880 MW coal-fired plant with 8000 cyber assets,” said Susan Peterson-Sturm, ABB’s Digital Lead for Power and Water. “Manually maintaining its cyber asset inventory would require three employees working one to two days a week — the equivalent of around 48 hours weekly, 192 hours monthly or 2304 hours annually. The automation through ABB Ability Cyber Security Asset Inventory significantly reduces labour costs as well as security risk.”

The new solution reduces system vulnerabilities by comparing behaviours. Peterson-Sturm added: “In order to defend an environment you must first understand it. Knowing expected normal behaviour will help spot anything out of the ordinary, so rogue devices or applications can be identified. Expected behaviour, through documentation and performance data, is crucial in detecting anomalies.

“ABB Ability Cyber Security Asset Inventory functions across most major control systems in the utilities space without impacting operations. The solution improves the strategic alignment of IT and operations, providing real-time visibility enabling both teams to work together effectively to defend the plant network.”

ABB Ability is a unified, cross-industry digital capability that combines deep domain expertise from device to edge to cloud, with unmatched experience in connectivity.

Image credit: ©stock.adobe.com/au/hansenn