Critical Infrastructure Security
,
Governance & Risk Management
,
Operational Technology (OT)
Cybersecurity Is a Key Consideration
If software is eating the world, cloud computing is eating infrastructure. Look no further than a push for cloud-hosted alternatives to Supervisory Control and Data Acquisition systems.
See Also: From Ancient Myths to Modern Threats: Securing the Transition from Legacy to Leading Edge
Traditionally, SCADA systems have been the antithesis of cloud: heavily localized, air gapped and monolithic. But not anymore, said the U.K. National Cyber Security Center. “During engagement with industry, the NCSC has noticed a clear shift in the attitude toward using the cloud for industrial applications,” the cybersecurity agency said Monday.
Where once the operational technology world dismissed cloud computing out of hand, “organizations are now looking to the cloud for solutions,” the center said in guidance it published to inform a risk-based assessment of the advantages and disadvantages of cloud SCADA.
Cloud-hosted SCADA presents both opportunities and challenges for OT organizations, the agency said. While the flexibility and scalability offered by cloud platforms can enhance resilience and enable the adoption of new technologies, the NCSC warned that a shift to the cloud fundamentally alters traditional management and security boundaries, necessitating careful consideration of connectivity models and access control mechanisms.
Cybersecurity should be a major consideration, the NCSC said, and it urged organizations to review its cloud security guidance.
The cloud SCADA guidance also addresses concerns surrounding data sensitivity and emphasizes the importance of implementing adequate security controls, including encryption measures for data at rest and in transit.
The NCSC advises OT organizations to collaborate closely with cloud service providers and SCADA vendors to ensure that security needs are met effectively.
Organizational readiness is a key focus of the guidance, and the NCSC highlights the importance of assessing the availability of necessary skills, policies and processes to support a shift to the cloud.
The guidance recommends that OT organizations invest in building internal expertise or consider engaging managed service providers with cloud-specific skills to support their migration strategy.