SCADA ‘in the cloud’: new guidance for OT organisations
During engagement with industry, the NCSC has noticed a clear shift in the attitude towards using the cloud for industrial applications.
Where this has previously been a commonly dismissed topic due to the potential risks, many operational technology (OT) organisations are now looking to the cloud for solutions.
Today the NCSC has published new guidance on cloud-hosted Supervisory Control and Data Acquisition (SCADA). We hope it will encourage OT organisations to make a risk-informed decision on migrating SCADA solutions to the cloud, with cyber security as a key consideration.
This guidance does not aim to dictate that cloud is the right (or wrong) approach for OT organisations. Rather, cloud migration must be informed by each organisation’s unique risk profile and specific technical requirements. Although cloud-hosted SCADA has some unique risks, securing a cloud platform is a shared problem with IT. As such this new guidance should be used in conjunction with the existing cloud security guidance.
The current state of play in OT can make the path to securely implementing a cloud migration challenging. Our new guidance identifies 3 critical areas you need to assess before deciding on a SCADA cloud migration:
- Understanding your business drivers and cloud opportunities.
- Organisational readiness.
- Technology and cloud solutions suitability.
You also need to consider the impact of challenges OT organisations face such as the reliance on legacy equipment, on-premises solutions, and monolithic software packages.
If you do choose to implement cloud-hosted SCADA, you should refer to the NCSC’s using cloud services securely guidance to ensure your cloud services are configured in a way that meets your security needs.
This guidance should allow you to harness the benefits and opportunities of a cloud platform whilst keeping cyber security at the forefront of your decision. We’d like to thank the various industry bodies, CNI operators and vendors within the SCADA community, whose knowledge and expertise contributed to the development of this guidance.
If you’d like to share your feedback, please get in touch using your usual NCSC contact. Otherwise, our Enquiries team would be pleased to pass your comments on to us.
David G
Cyber-Physical Security Architect, NCSC
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.