The Industry's Blind Spot: Why the OT Asset Inventory Problem Is Far From Solved

Klaus Mochalski and David Petrikat (AMDT) shed light on the blind spot in OT security: the asset inventory. Learn why traditional network scanners often fall short, why more than half of companies are still in the early stages, and how intelligent configuration management can instead provide a reliable foundation for true cyber resilience.

Duration:

28 min

Guest in this episode:

David Petrikat

Chief Strategy & Communications Officer AMDT

Summary

‍

Sound Bites

David Petrikat: “[...] You can only protect what you know. And if you want to be active in the OT security field and say, ‘I want to know all my attack vectors; I want to know what vulnerabilities I have.’ [...] Then the asset inventory is essentially thevery first step toward that.”

David Petrikat: “95% of all assets deployed in the industrial environment are not managed in an asset inventory. [...] While it may feel like asset inventory is a thing of the past, it’s still very much a relevant topic today.”

Klaus Mochalski: “We’re all familiar with the argument that assets in the OT sector are sometimes very old and, in any case, very durable. But conversely, that could also be a reason to maintain a good asset inventory, because the effort involved is much lower. There’s much less change involved.”

David Petrikat: “Asset inventory, in my view, is not static at all, [...] the dynamics in the shop floor are incredible. Every day, patches are applied, configuration changes are made, software updates are installed, and when it comes to the asset inventory, which is supposed to be relevant from an OT security perspective, it’s precisely these dynamics that need to be captured.”

Klaus Mochalski: “[...] Here we have to be honest with ourselves; we have to say that the solution isn’t a single tool, nor is it three tools, rather, the solution is tools combined with, let’s say, a certain amount of manual effort [...].”