Common Challenges in OT Asset Discovery (and How to Overcome Them)

OT asset discovery is a foundational activity for understanding risk, resilience, and operational dependencies in industrial environments. In practice, it is rarely straightforward.

Operational technology environments tend to be complex, long-lived, and shaped by operational priorities rather than documentation or visibility. This creates a set of recurring challenges that can limit the accuracy or usefulness of asset discovery efforts if they are not addressed deliberately.

This article outlines the most common challenges encountered in OT asset discovery and explains practical ways to mitigate them without disrupting operations.

Legacy equipment and documentation gaps

Many OT environments include equipment that has been in service for decades. PLCs, HMIs, sensors, and controllers may have been installed long before asset management or cybersecurity were considered.

In real industrial environments, documentation is often incomplete, outdated, or missing entirely. Asset lists may exist only in spreadsheets, engineering drawings, or the knowledge of long-serving staff. Firmware versions, communication protocols, and network dependencies are frequently undocumented.

This creates two related problems:

• Assets are missed entirely during discovery.
• Assets are identified, but without sufficient context to assess risk or criticality.

Mitigation strategies include:

• Treating documentation as a starting point, not a source of truth.
• Combining multiple discovery inputs, such as passive network monitoring, switch configurations, and engineering workstation data.
• Validating findings with operational staff who understand how systems are actually used.

Asset discovery in these environments is often iterative rather than one-off, gradually improving accuracy as gaps are identified and resolved.

Fear of disruption in live environments

OT systems are designed for availability and safety. Any activity perceived as intrusive can raise understandable concerns about downtime, process instability, or safety incidents.

A common pattern in operational environments is a reluctance to run scans or introduce new tools because of past incidents or vendor warnings. This can lead to asset discovery being postponed or avoided entirely.

The key mitigation is selecting discovery methods that align with operational constraints:

• Passive discovery techniques observe existing network traffic without sending probes or requests.
• Data collection can be scheduled during stable operating periods.
• Changes to network infrastructure are kept minimal and reversible.

Clear communication about what a discovery activity does and does not do is equally important. When scope and impact are well understood, resistance often decreases.

Segmented or air-gapped networks

OT networks are frequently segmented to reduce risk or meet safety requirements. Some environments remain fully air-gapped, while others use controlled data transfer mechanisms or one-way gateways.

As a result, no single vantage point provides complete visibility. Asset discovery tools deployed in one segment may only see a fraction of the environment.

In practice, this often leads to partial inventories that appear complete but are not.

Mitigation approaches include:

• Mapping network zones and conduits before starting discovery.
• Deploying discovery sensors or collection points in multiple segments where appropriate.
• Accepting that some assets may only be visible through local data sources rather than centralised tools.

The goal is not always total visibility in one step, but a clear understanding of where visibility exists and where it does not.

Vendor-managed systems

Many OT assets are installed, maintained, or monitored by third-party vendors. This includes control systems, safety systems, remote access solutions, and specialist equipment.

In operational settings, vendor-managed systems are often treated as “black boxes”. Access may be restricted, credentials unavailable, or responsibility unclear.

This can result in entire asset groups being excluded from discovery or recorded with minimal detail.

Practical mitigations include:

• Clarifying asset ownership and responsibility at the outset.
• Requesting asset information as part of routine vendor engagement, not as a special security request.
• Documenting known unknowns where access is genuinely not possible.

Even limited visibility is preferable to assuming that vendor-managed systems are fully understood or risk-free.

Turning discovery challenges into manageable processes

OT asset discovery is rarely a single, clean exercise. It reflects the realities of long-lived systems, operational risk, and organisational boundaries.

Across multiple environments, a consistent observation is that the most effective approaches prioritise safety, transparency, and incremental improvement over completeness.

Practical strategies that help include:

• Starting with passive, low-risk discovery methods.
• Accepting incomplete visibility as a temporary state rather than a failure.
• Revisiting discovery regularly as systems change and access improves.
• Treating asset discovery as an operational process, not just a technical task.

When these principles are applied, asset discovery becomes a reliable foundation for risk management, rather than a disruptive or one-off activity.

All OT Asset Discovery Articles