Thursday, December 19, 2024
Homecyber securityNCSC Released an Advisory to Secure Cloud-hosted SCADA

NCSC Released an Advisory to Secure Cloud-hosted SCADA

Published on

SIEM as a Service

Operational Technology (OT) is a technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS). 

OT is different from IT in that OT prioritizes safety, reliability, and availability, while IT focuses on information confidentiality, integrity, and availability. 

The convergence of OT and IT increases system vulnerabilities, which can be addressed by adopting sound risk management principles. 

- Advertisement - SIEM as a Service
Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

The NCSC published cyber security design principles to help architects and designers produce secure, resilient OT systems.

Cloud-hosted supervisory control and data acquisition (SCADA)

Critical considerations for OT organizations migrating Supervisory Control and Data Acquisition (SCADA) systems to the cloud while acknowledging the growing adoption of cloud-based SCADA solutions for various functionalities, from data processing to full control of physical assets. 

It emphasizes the importance of a risk-based decision-making process, highlighting cybersecurity as a core concern. 

SCADA systems are critical for monitoring and controlling physical infrastructure, making them prime targets for cyberattacks, especially for organizations managing Critical National Infrastructure (CNI).

Legacy SCADA systems were isolated (air-gapped) from external networks. At the same time, current solutions rely on logical separation and controlled access, whereas cloud-based SCADA requires maintaining and monitoring these limitations in the new environment.

It further aids in decision-making: understanding business drivers and cloud opportunities, assessing organizational readiness for cloud migration, and evaluating technology and cloud solution suitability for the specific use case. 

Understanding the business drivers and cloud opportunities

It emphasizes understanding the different deployment models (full migration, hybrid with/without cloud-based control, cold standby) to assess the unique risks associated with each.

By recommending leveraging cloud-native services for a more secure architecture and to gain a centralized view of hosted services, it highlights the importance of using Software Defined Networking (SDN) and monitoring it for unauthorized changes.

The cloud offers features like automated scaling, failover, and disaster recovery for resiliency, which emphasizes the importance of considering break-glass recovery solutions for critical functions.

Centralized remote access and identity/access management are seen as opportunities offered by cloud-hosted SCADA while  integrating a Privileged Access Management (PAM) solution and using cloud-native secrets management. 

It also discourages relying on lower-trust domains for authentication and recommends using the cloud’s Key Management Service (KMS).

Readiness of Organizations

Before migrating OT to the cloud, organizations need to assess their cloud readiness, including having the proper skills, people, and policies in place.

Cloud migration requires a skill set different from that of on-premises OT management, where organizations can build these skills internally or leverage a managed service provider (MSP).

Migrating to the cloud often involves increased connectivity, so OT security policies need to be reviewed to ensure they can handle this new landscape.

Shared services and third-party integrations used with cloud-hosted SCADA systems need careful consideration to maintain data integrity and security.

Using an MSP introduces another attack surface, so organizations must understand the MSP’s security controls and how they will provision the cloud environment (limited services, tenancy, or separate environment).

Cloud environment ownership and root administrator privileges are crucial, and if the MSP owns the underlying cloud accounts, a compromise could impact multiple customers.

The technical considerations for migrating SCADA systems to the cloud emphasize the importance of understanding software suitability and legacy hardware limitations.

Legacy monolithic architectures and protocols may require additional security measures, like containerization and VPNs. 

The cloud migration decision should consider latency requirements and data sensitivity whereas edge computing and zero-trust architecture principles are also potential solutions.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify...

Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace

Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the...

Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email...

BADBOX Botnet Hacked 74,000 Android Devices With Customizable Remote Codes

BADBOX is a cybercriminal operation infecting Android devices like TV boxes and smartphones with...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify...

Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace

Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the...

Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email...