A Taxonomy for Contrasting Industrial Control Systems Asset Discovery Tools

Asset scanning and discovery is the first and foremost step for organizations to understand what assets they have and what to protect. There is currently a plethora of free and commercial asset scanning tools specializing in identifying assets in industrial control systems (ICS). However, there is little information available on their comparative capabilities and how their respective features contrast. Nor is it clear to what depth of scanning these tools can reach and whether they are fit-for-purpose in a scaled industrial network architecture. We provide the first systematic feature comparison of free-to-use asset scanning tools on the basis of an ICS scanning taxonomy that we propose. Based on the taxonomy, we investigate scanning depths reached by the tools' features and validate our investigation through experimentation on Siemens, Schneider Electric, and Allen Bradley devices in a testbed environment.