Skip to content

Asset Types and Classification

BreachSpider categorizes every asset by type. The asset type determines how the device is displayed on the dashboard, how SAGE contextualizes findings for that device, and which remediation guidance is most appropriate. Selecting the correct asset type ensures your findings, reports, and compliance evidence accurately reflect your environment.

PLC (Programmable Logic Controller)

The primary automation controller in a process. PLCs execute ladder logic, structured text, or function block programs to control actuators, valves, motors, and other field devices based on sensor inputs.

Examples: Siemens SIMATIC S7-1500, Siemens S7-1200, Rockwell Automation ControlLogix, Rockwell CompactLogix, Schneider Electric Modicon M340, Schneider Modicon M580.

Layer: OT. Remediated by: OT engineers, process control team, automation vendor. Patching considerations: PLC firmware updates typically require a maintenance window, process shutdown coordination, and sometimes vendor involvement. Many legacy PLCs cannot be updated at all.

HMI (Human Machine Interface)

The operator workstation used to monitor and control a process. HMIs display process graphics, alarm states, trending data, and allow operators to issue setpoint changes and commands to PLCs.

Most HMIs run Windows with a SCADA client application installed on top.

Examples: Siemens WinCC, AVEVA (Wonderware) InTouch, Inductive Automation Ignition, GE Digital iFIX.

Layer: OS (for the Windows operating system layer) and OT (for the HMI application software). Remediated by: IT team for OS patches, OT team for HMI software updates. Patching considerations: HMI workstations often run specific, validated Windows builds. OS patches must be tested against the HMI application before deployment to avoid breaking the operator interface.

SCADA Server / Historian

Central servers that collect, store, and distribute process data from PLCs and RTUs. Historians archive time-series data for trend analysis, regulatory reporting, and process optimization.

Examples: OSIsoft PI Server, AVEVA Historian, GE Proficy Historian, Honeywell PHD.

Layer: OS (server operating system) and OT (historian application). Remediated by: IT for OS patches, OT for application updates. Patching considerations: Historians often run continuously and cannot be taken offline without impacting data collection. Schedule updates during planned outages when possible.

RTU (Remote Terminal Unit)

Similar to a PLC but designed for remote, unattended field installation. RTUs communicate over radio, cellular, or satellite links to a central SCADA system. Common in electric utilities (substations), water systems (pump stations), and oil and gas (wellhead monitoring).

Examples: ABB RTU500, Schneider Electric SCADAPack, Emerson ROC800.

Layer: OT. Remediated by: OT engineers, often requiring a field visit or remote firmware update capability. Patching considerations: RTUs may be physically remote and connected over low-bandwidth links. Firmware updates can be time-consuming and risky if the link drops during transfer.

DCS (Distributed Control System)

Used in continuous process industries -- refineries, chemical plants, pharmaceutical manufacturing, power generation. A DCS combines controllers, I/O modules, and operator stations into an integrated system from a single vendor.

Examples: Emerson DeltaV, Honeywell Experion PKS, ABB Ability Symphony Plus (800xA), Yokogawa CENTUM VP.

Layer: OT. Remediated by: OT engineers with vendor support. DCS updates are typically coordinated turnaround events. Patching considerations: DCS systems are tightly integrated. Patching one component may require updating multiple dependent components. Vendor involvement is almost always required.

Engineering Workstation

The laptop or desktop used by OT engineers to program PLCs, configure HMIs, design control logic, and manage automation projects. Engineering workstations typically run Windows with vendor-specific engineering software installed.

Examples: A Windows 10 laptop running Siemens TIA Portal, a desktop running Rockwell Studio 5000, a workstation running Schneider Unity Pro.

Layer: OS (Windows operating system), OT (engineering software). Remediated by: IT for OS patches, OT for engineering software updates. Patching considerations: Engineering workstations are a critical attack vector. The Stuxnet malware propagated via Windows vulnerabilities on engineering workstations to reach Siemens S7 PLCs. Keep these machines patched and isolated from the internet.

Networking (Switch / Firewall / Router)

Network infrastructure devices in the OT environment, including industrial Ethernet switches, firewalls between OT and IT zones, and routers connecting remote sites.

Examples: Cisco IE3400, Cisco ISA3000, Moxa EDS-G508E, Hirschmann RSPE, Fortinet FortiGate (OT deployments), Palo Alto (OT deployments).

Layer: NETWORK. Remediated by: Network team. Patching considerations: Network device firmware updates may cause brief link interruptions. Schedule during maintenance windows and verify redundancy paths before updating.

Server

General purpose servers running in the OT DMZ, control center, or data center. These may host applications, databases, jump boxes, or remote access services.

Layer: OS. Remediated by: IT team.

Firewall

Dedicated firewall appliances protecting the OT perimeter or segmenting zones within the OT network.

Layer: NETWORK. Remediated by: Network security team.

Other

Use this type for any device that does not fit the categories above. Include a description in the notes field to help your team identify the device type.