The five top reasons why spreadsheets are a bad choice for OT system inventories

A majority of asset owners tries to keep track of their OT infrastructure using spreadsheet applications such as Microsoft Excel. We explain the severe limitations of this approach for today’s complex digital environments.

1. Spreadsheets aren’t suitable for documenting essential OT configuration details

A simple table with little more than host names and IP addresses doesn’t make for a useful system inventory. Since the function and behavior of digital components is determined by their configuration, details on application software, operating system version, TCP/UDP listener ports etc. are essential. But such details cannot practically be coded and maintained in a two-dimensional table.

2. Spreadsheets aren’t suitable for mapping and maintaining component relationships

A system inventory that is nothing but a listing of components but no relationships between those components is basically not a system inventory in the first place because a system is more than the sum of its components. For example, to which network switch is a specific server, or PLC, connected? Which networks does a specific router connect? Which HMIs talk to a specific SCADA server? All important practical questions that cannot be answered easily when relying on simple spreadsheets.

3. Spreadsheets aren’t suitable for documenting personal responsibilities

A useful system inventory needs to tell the ICS engineer which individuals are responsible for the maintenance or operation of specific OT components. Identities, roles, and responsibilities need to be managed and mapped to components. A functionality that office tools were never designed for.

4. Spreadsheets don’t support change management

Need to know who installed that new software version, when the change was made, and what the previous version was? The spreadsheet doesn’t tell. A workflow for change management that guides employees step by step through structured change? Won’t happen.

5. Spreadsheets don’t support multi-user access

In today’s OT environments, more than one engineer needs to access the OT inventory. That’s why many choose to store spreadsheets with inventory information in shared folders in order to allow for multi-user access. Problem is, every user with folder access can modify absolutely everything, and no change tracking is possible. Remote access for contractors, restricted to cleared inventory parts only? Forget it.

All that’s missing in spreadsheet applications is supported by the myRIPE OT Management System, plus:

  • tracking of contractor laptops
  • automatic component configuration discovery
  • web-based client/server architecture with tight access control
  • powerful search functions
  • dynamic graphical network mapping in the Web browser
  • integrated secure file sharing portal.

