The Background and The Challenge
Operational Technology (OT), and specifically Industrial Control and Safety Systems (ICSS) Assets for this Oil and Gas Company Upstream Division and their Affiliate Companies, were managed exclusively with spreadsheets. It became clear that the present solution was not sustainable for the future demands of the global workforce, with increasing OT/ICS Assets a new solution was required for managing vulnerabilities effectively and securely. Some specific reasons for this requirement were shared below;
- An increasing number of managed assets will lead to more inaccuracies within the existing spreadsheets.
- The current solution is not easy to manage.
- Only the current state of the inventory is shown, no version history.
- Excel does not allow assets to be linked, and relationships between them cannot be displayed.
- Insufficient change-log tracking capability.
- No dashboards or effective overviews for the asset owners.
- No workflow management possibilities, therefore, no traceability of approvals
- No compliance management aligned with international standards.
Furthermore, this Energy Company is currently introducing Continuous Threat Detection (CTD) as their main threat detection system. With the CTD system in place and the data it gathers, asset management can be brought to a new level.
With respect to the current situation, the users (of the spreadsheets) were largely unsatisfied with its usability. Early reviews of current processes and procedures have illustrated the lack of satisfaction originates from the following reasons:
- Spreadsheets are very static in their nature – no contextual information or overall view of the asset is possible.
- Compliance management is a manual and therefore time-consuming task.
These problems identified became more centric when it came to the consideration of introducing a new Asset Management system. In the following sections, details of the relevant assets, personnel and organizational structure, data requirements, surrounding technological ecosystem and special requirements are provided.
To seize this opportunity and remedy the above-mentioned deficits, it was decided to introduce an off-the-shelf proven OT/ICS Asset Management system which would ensure that the company can continue to grow and expand with the correct use of assets.
Why Consider Change to Adopt an External Supplied OT Asset Management System?
By implementing the Asset Guardian OT/ICS Asset Management system, the client was able to keep a more organised inventory of all hardware, software, and network assets while also providing them with contextual information such as the relationship between assets. It also allowed them to keep track of their assets’ overall performance, which gave them data back that allowed them to make sure assets were being utilised efficiently and any necessary changes were able to be made.
Asset Management System Goals and Objectives
The project’s main motivation is to implement an Asset Management solution that paints a holistic picture of the complete asset inventory and provides features such as license management and compliance management. An essential future demand is the connection to CTD and the possibility of mutual data processing. Key objectives of the project are:
- All relevant OT/ICS asset information is collected in a central location.
- Assets can be linked and with that, their relationships are reproduced.
- The environmental structure can be reproduced.
- A log of all asset changes can be displayed and an audit trail.
- Compliance and vulnerability management can be tracked are implemented.
- Automated processing of data acquired from CTD.
Asset Guardian Solutions Ltd was selected as their Global partner. The AG Solution was already working effectively on several of their Affiliate Business Unit Assets. With a focus on:
- Streamlining the compliance of their Industrial Control and Safety System (ICSS) Software assets.
- Managing configuration, change requests and version control more effectively and securely to maintain operational continuity and safety.
- Utilising other advanced Asset Guardian module software capabilities covering:
- Obsolescence Lifecycle Management
- Cyber Security Management.
The Asset Guardian Process Control Systems Asset Management software was deployed on-premises server local to the Affiliate Asset site, acting as a central repository. With the option for connecting back to their Global Asset Management system (also Asset Guardian) located at their Group Headquarters to effectively manage global OT/ICS Asset Vulnerabilities, Standards and Compliance. By having the lead server in place and in sync with global follower local AG server instances (AG Sync), reliable communications between the Asset Guardian client and the local server are always maintained using the local infrastructure. AG Sync then works invisibly in the background to keep the leader and follower servers synchronized, ensuring local and global views are up-to-date and efficient.
Asset Guardian now allows this Major Oil and Gas Company greater visibility and allows their local Asset Affiliates to manage the following areas more effectively across their OT and ICS systems landscape:
- OT/ICSS Asset management.
- Configuration change management and software version control.
- Compliance management and disaster recovery.
- User access and password control.
- Secure repository with the capability to streamline Disaster Recovery.
- Secure audit trail.
- Hardware and bypass control and fault logging.
- Obsolescence and inventory management and risk assessment.
- Cyber security management (including vulnerability tracking and patch management).
Assets are the building blocks within Asset Guardian, and they allow all data to be structured and grouped into logical sets for specific sites, systems, and machines. Each asset on the Affiliate site allows clients to keep track of all their software, change requests, fault logs, documents, hardware, correspondence, design reviews, forces, bypass and overrides, and all passwords.
Their new Global Asset Guardian OT/ICS Asset Management System has allowed this Major Oil and Gas Company to simplify and streamline its management of process software change process. In addition, they have a fully implemented secure and compliant change request workflow with a full audit trail.
Thanks to the Asset Guardian software, each site now has an effective and safe Disaster Recovery process ensuring operational continuity, including software version control and a secure repository, with user access control, for all data and documents including log faults, overrides and obsolescence data (aligned to IEC 62402).
A cyber security management system (CSMS) is now in place aligned with IEC 62443. Security patches are managed for all systems with an inventory of all devices on their control networks. In addition to this, the Global Energy Client can now manage risks associated with interconnected devices, track strategies to mitigate risk and track the installation of software, configuration, and patches across all devices. With OT systems becoming more sophisticated, they have proactively taken steps to effectively manage all Cyber Security threats in accordance with National and international Regulations.
Finally, the implementation of the AG Obsolescence Manager provides a structured approach that will allow the Oil and Gas client Operator to meet the requirements of IEC 62402 and to:
- Store their software and hardware assets in one central location.
- Monitor expiration dates for all equipment in addition to service contracts with software manufacturers.
- Ensure the correct versions of the software are in use.
- Plan strategies through a thorough risk assessment and prioritise accordingly.
- Maximise the return on investments.
With the Asset Guardian 5-step approach to obsolescence life-cycle Management, this Oil and Gas Major can now effectively plan, generate the bill of materials, assess risk and impact, derive strategies, and review and monitor all obsolescence management processes cost-effectively and efficiently.
About Asset Guardian Solutions Limited
Asset Guardian Solutions Limited (AGSL) allows you to safely manage the security and integrity of your company’s Operational Technology (OT) devices, inventory data and associated software back-ups. Your data is easily accessible in one central repository, which can be fully customised to reflect your existing workflows, whilst meeting the required engineering standards, industry guidelines and regulatory requirements.
The development of the Asset Guardian (AG) software began more than 20 years ago when a group of innovative, experienced control system engineers were tasked by a major power generation company to develop a tool capable of organising and managing the changes made to an industrial control system, as the result of a major upgrade.
These same engineers are still employed by Asset Guardian Solutions Limited (AGSL) today and draw on several decades of combined experience working in Industrial Automation and Control System (IACS) environments to continually enhance AG’s features and functions.
Our software has seen continual development in 2 ways. Firstly, with regard to the international standards, industry guidelines and national regulations used to promote the safety, security and integrity of critical infrastructure. And secondly, with feedback and requests from existing users. Our experience and close relationships mean that we understand the issues and challenges of managing OT systems from the perspective of an IACS engineer.
Today we support customers in several industry sectors, including Oil and Gas upstream, midstream and downstream; nuclear and conventional power generation; renewables; the chemical process industries and pharmaceuticals; in addition to several others.
For more information, please contact:
Suzanne Campbell: AGSL Marketing Manager / Tel: +44(0)131 376 3500, Email: email@example.com.