ABB has unveiled a new cybersecurity solution which it claims will “make manual cyber asset inventories obsolete”.
The ABB Ability Cyber Security Asset Inventory is designed to reduce the time, cost and vulnerability associated with managing assets connected to online services – known as the ‘cyber inventory’.
Launched at PowerGen Africa in Johannesburg, the new solution will be available from September in the power and water industry before being rolled-out to all industries.
ABB says that automating the cyber security asset inventory process could save companies significant man hours. Susan Peterson-Sturm, ABB’s digital lead for Power and Water said, “Take an 880 MW coal fired plant with 8000 cyber assets. Manually maintaining its cyber asset inventory would require three employees working one to two days a week, the equivalent of around 48 hours weekly, 192 hours monthly, or 2304 hours annually. The automation through ABB Ability Cyber Security Asset Inventory significantly reduces labour costs as well as security risk.”
The new solution reduces system vulnerabilities by comparing behaviours. Peterson-Sturm added: “In order to defend an environment you must first understand it. Knowing expected normal behaviour will help spot anything out of the ordinary so rogue devices or applications can be identified. Expected behaviour, through documentation and performance data, is crucial in detecting anomalies.”
She explained that the new solution “functions across most major control systems in the utilities space without impacting operations. The solution improves the strategic alignment of IT and operations, providing real-time visibility enabling both teams to work together effectively to defend the plant network.”
Cybersecurity standards require operators of critical infrastructure to assess their security regularly. Typically, this is done every 12 to 24 months depending upon the corporate policy or national standard. To do this, an operator must first complete an inventory of the software, ports and services they have enabled within their control network.
ABB said that until now, there was no global automated tool available that could collect the information and create such an inventory for an operator’s environment, so they had to either maintain their inventory manually or use consultants to deliver the work. “Currently, most companies maintain their cybersecurity asset inventory in a manual way which is time consuming, expensive, and results in their inventory being incomplete,” said Peterson-Sturm.