By Walt Boyes
This is part of a blog series. Please read Part I here.
Our hero has been trying his very best to follow rule number one: you cannot measure what you cannot see, and you cannot protect it either. Unfortunately, and as you might expect if you have been in a similar position, he continues to have problems with his OT asset inventories.
He started with a spreadsheet, but that quickly became unmanageable when he started to enter only a fraction of the devices, switches, computers, controllers, and smart instruments on the plant site. So, he divided up his spreadsheets by plant unit. It was still very unwieldy. It may be that nobody had ever realized just how many devices were networked together, from Level Zero up. He kept finding things like mystery modems, devices that were not supposed to be on the network, devices that were no longer supported by the vendor, and devices that had absolutely no documentation at all. He found field instruments and analyzers that were connected directly to plant networks instead of through control system busses. It was hit or miss. They were just there. Sometimes they were so covered with plant dirt, paint, and crud that their nameplates were no longer readable or even visible. So, what is this strange electronic device, and what is it doing on your network? You can’t just take it out and take it apart to look at it. It might be important, and if you destroy it, it might be impossible to replace it.
Watch: OTbase Product Variants
Our hero decided to move to a database. He dumped his spreadsheets into the database to populate it with something. Now he could sort his data. Immediately, he kept finding what appeared to be errors in the database. Devices in the database were not exactly the devices in his networks.
He realized that his inventory lists, and now his inventory database, were not very useful. He needed more than a list of devices and IP addresses, or HART or Fieldbus or Profibus connectivity. And he realized that just going around the plant with a cellphone camera taking pictures of faceplates and, if he could find them, serial number plates and device serial numbers was not getting him where he wanted to be: he still had extremely limited visibility into the OT networks and the devices on them.
Click here to learn more about the quintessential tool for driving the digital transition in operations technology
He needed something better, with more context, and the ability to automatically update his asset inventory. He needed a functional description of every asset, its ISA-95 functional context (work cell) and a well-defined list of criteria on every device: manufacturer, make and model number; hardware version; serial number; firmware version/installed software; IP and MAC addresses, plus network connectivity; I/O modules along with model, serial number and firmware version; product lifecycle stage; and exact geolocation down to the cabinet level.
He also needed the ability to include file attachments such as drawings and manuals in the database, as well as a set of additional fields that could be defined after he had his asset inventory up and running.
Many of you can identify with our hero and his almost heartbreakingly difficult mission.