Identifying and addressing OT asset visibility gaps in the beverage industry

The beverage industry operates within a highly automated environment, driven by complex Operational Technology (OT) systems that include programmable logic controllers (PLCs), human-machine interfaces (HMIs), SCADA systems, and industrial IoT sensors. Such interconnected assets often guide and control processes like mixing, bottling, and packaging, ensuring precision, efficiency, and safety. However, as production environments become more digitized, asset visibility gaps have emerged and expanded leading to the emergence of critical security and operational challenges.

Unlike most IT environments, where endpoints and servers can be easily discovered and monitored, OT ecosystems often include legacy systems, OEM/vendor-managed components, and air-gapped networks that were never designed for connectivity or cybersecurity in the first place. For beverage manufacturers striving to meet consumer demands while maintaining quality and meeting compliance requirements such as NIS2, lack of OT asset visibility can lead to production disruptions, compliance violations, and heightened cyber risk.

Today’s blog explores why visibility gaps emerge, their implications, and the strategies beverage industry players can adopt to identify and close these gaps effectively.

Before we start, in case you missed our last blog post, here is a quick summary:

A reactive, disorganized approach to OT security reporting is a recipe for disaster. To truly improve, organizations must move beyond simply documenting reporting requirements and create a structured, proactive system to cover all reporting needs across OT security functions in a comprehensive manner aligned to compliance mandates and OT security standards such as IEC 62443. You can read this post on OT Security Reporting essentials here. 

Why asset visibility is essential for the beverage industry

Beverage plants depend on real-time operational accuracy, from raw material intake to finished goods packaging. Asset visibility underpins this by enabling:

· Inventory management: Knowing what assets are deployed across lines ensures efficient maintenance and lifecycle planning.

· Risk assessment: Identifying vulnerable devices before attackers do.

· Incident response: Rapid isolation of compromised systems in case of a cyberattack.

· Compliance: Meeting regulatory and industry requirements such as ISA/IEC 62443, NIST CSF, and in Europe, NIS2.

· Addressing security issues before they escalate

· Preventive maintenance

· Decision making on assets  

Without adequate visibility, plants operate in a blind spot where they cannot accurately monitor device health, firmware versions, or network communications, a scenario that cyber attackers exploit.

Common visibility gaps in beverage manufacturing

· Legacy systems with zero network footprint: Many beverage plants still run legacy PLCs and control systems with proprietary protocols that are incompatible with modern discovery tools. These systems often lack authentication, making them both invisible and vulnerable.

· Shadow OT assets: Temporary installations, contractor-owned devices, or IoT sensors can enter the environment without proper registration. For instance, a vendor adding a smart valve controller for efficiency monitoring might bypass the IT/OT approval process.

· Vendor-managed components: Original Equipment Manufacturers (OEMs)/ vendors frequently maintain remote connections to machinery for diagnostics. If these remote-access devices are unmanaged, they create hidden access points. Such interactions may also leave ports open that may be discovered by bad actors during a recon attack.

· Air-gapped assumptions: Beverage manufacturers often assume their OT environments are isolated from external networks. In reality, business integration (MES, ERP) and remote maintenance open backdoors, leaving some assets unaccounted for. I have participated in many OT security risk and gap assessments where we saw many connections and communications emerging from environments that were supposed to be air gapped.

· Multi-site complexity: Large beverage brands operate multiple production sites across regions, each with unique configurations and IEC 62443 Security and Maturity Levels. Lack of standardized visibility processes across plants magnifies risk.

Impact of OT asset visibility gaps

The consequences of poor OT asset visibility go beyond security:

· Production downtime and operational continuity risk: Unknown device failures can halt operations unexpectedly.

· Quality control risks: Undetected misconfigurations can impact product quality or cause recalls.

· Regulatory non-compliance: Frameworks like IEC 62443 and NIS2 mandate inventory and risk assessment of assets.

· Increased cyber-attack surface: Ransomware and state-sponsored attacks often exploit blind spots in OT networks.

· Degraded ability to respond to an incident

· Delayed recovery from a cyber incident

Here is a a real-world example. A beverage manufacturer experienced a six-hour production halt when a PLC failed during peak production season. Post-incident analysis revealed that the PLC firmware had a known vulnerability, but because the asset wasn’t documented in any inventory, the patch was never applied. By the time the PLC shut down it was already too late. The delay in production cause millions of Euros of losses and had an impact on the stocks the beverage manufacturer was shipping across the globe.

Challenges in achieving adequate OT asset visibility

Achieving comprehensive OT visibility is harder than in IT due to:

· Non-disruptive requirements: Beverage production lines cannot afford downtime, so active scanning methods common in IT may disrupt control systems.

· Diverse protocols: Proprietary OT protocols like Modbus, PROFINET, and EtherNet/IP require specialized tools for discovery.

· Security concerns: Adding monitoring agents to OT devices can violate vendor warranties or introduce new vulnerabilities.

· Cultural chasm: IT and OT teams often operate in silos, with different priorities, toolsets and understanding levels.

· Its just not a priority: If everything is functioning well, then why bother?

How can asset visibility gaps be identified?

Here are a few recommended steps from Shieldworkz.

Step 1: Establish a governance framework

Create a cross-functional OT security governance team that includes plant managers, IT security, and engineering staff with adequate knowledge levels. This team should define:

· Ownership of OT assets.

· Processes for asset onboarding and decommissioning.

· Managing patches and security needs

· Policies for third-party and vendor-managed devices.

You can always rely on a standard like IEC 62443-2-1 provide guidance on defining roles and responsibilities.

Step 2: Conduct an initial asset discovery

Start with a baseline inventory using non-intrusive methods. Two primary approaches:

· Passive Network Monitoring: Deploy sensors or solutions such as Shieldworkz NDR that analyze mirrored network traffic (via SPAN ports or TAPs). These tools can detect devices, communication patterns, and firmware versions without disrupting operations.

· Configuration-Based Discovery:
Extract asset lists from PLC programming software, historian databases, and vendor documentation.

While attending to the discovery process, prioritize critical production lines and high-impact assets such as bottling PLCs, pasteurizers, and CIP (Clean-In-Place) systems.

Step 3: Identify Blind Spots

Compare discovered assets with existing documentation to locate:

· Unmanaged Devices: Assets not present in the official inventory.

· Firmware Discrepancies: Devices running outdated versions.

· Unusual Communication Flows: Unexpected IP addresses or protocols.

Create a visibility gap report categorizing findings into critical, moderate, and low impact.

Step 4: Implement Continuous Monitoring

Visibility is not a one-time exercise. Deploy an OT-aware monitoring solution such as Shieldworkz that supports:

· Deep protocol inspection for industrial traffic.

· Automatic asset updates when new devices connect.

· Alerting for unauthorized changes or suspicious activity.

Shieldworkz NDR aligns with IEC 62443-3-3 and NIST CSF Detect function.

Step 5: Integrate OT and IT Asset Management

Beverage manufacturers often maintain separate IT and OT inventories. Integrate these into a centralized CMDB (Configuration Management Database) to enable:

· Holistic risk assessment across IT/OT boundaries.

· Streamlined incident response.

· Better compliance reporting.

Step 6: Secure Remote Access

Audit vendor remote access channels. Implement:

· Jump Servers for controlled connections.

· Multi-Factor Authentication.

· Session Recording for accountability.

Document all remote-access devices and their owners in the asset inventory.

Step 7: Train and align teams

Asset visibility requires collaboration between IT and OT personnel. Conduct awareness sessions on:

· Why asset inventory matters for production continuity.

· How to report new device additions.

· Compliance and regulatory implications.

· Best practices and standards to be followed 

Technology enablers for OT asset visibility in beverage plants

Passive OT Security Tools

Solutions like Shieldworkz specialize in passive traffic monitoring to build accurate inventories without disrupting processes.

Industrial Protocol support

Ensure tools support industry-standard protocols used in beverage automation, such as:

· Modbus TCP (for mixers and bottling lines).

· PROFINET (common in European plants).

· EtherNet/IP (for filling and packaging systems).

Integration with MES/ERP

Link OT inventory with production management systems for real-time context on asset performance and risk.

Compliance and regulatory drivers

Several regulations and standards emphasize OT asset visibility:

· IEC 62443: Requires maintaining an inventory of all assets within the security zone.

· NIS2 (EU): Mandates risk assessment and reporting for essential entities, including beverage manufacturers.

· ISO 27001 and 22301: For broader information security and business continuity planning.

In addition to cyber and safety incidents, failure to comply can lead to penalties, loss of certifications, and damage to brand reputation. Make sure your infrastructure assigns adequate attention to its compliance goals.

Future trends in OT asset visibility for the beverage industry

· AI-Driven Discovery: Automated classification and anomaly detection using machine learning.

· Edge Computing Integration: Real-time asset visibility at the production line level.

· Unified IT/OT SOC: Security Operations Centers capable of monitoring both environments for comprehensive threat detection.

In the beverage industry, where efficiency, quality, and safety are paramount, OT asset visibility is no longer optional, it is a strategic imperative. By systematically identifying and addressing visibility gaps, beverage manufacturers can:

· Reduce cyber risks.

· Prevent unplanned downtime.

· Ensure compliance with evolving regulations.

The journey begins with a clear inventory, sustained through continuous monitoring, collaboration between IT and OT, and adoption of purpose-built technologies. As the industry continues to embrace digital transformation, visibility will be the foundation of resilience and competitive advantage.

So, what are the key takeaways?

· Visibility gaps often originate from legacy systems, shadow assets, and vendor-managed components.

· Non-intrusive methods like passive network monitoring are critical for initial discovery.

· Compliance frameworks such as IEC 62443 and NIS2 make OT asset visibility mandatory.

· Continuous monitoring and IT/OT integration are essential for sustained visibility.

· Engage Shieldworkz OT Asset Specialist teams through a consultation to secure your assets

Lastly don’t forget to reach out to Shieldworkz for a free consultation on asset visibility.