Friday, October 4, 2024
Homecyber securityNCSC Released an Advisory to Secure Cloud-hosted SCADA

NCSC Released an Advisory to Secure Cloud-hosted SCADA

Published on

Operational Technology (OT) is a technology that interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), and Distributed Control Systems (DCS). 

OT is different from IT in that OT prioritizes safety, reliability, and availability, while IT focuses on information confidentiality, integrity, and availability. 

The convergence of OT and IT increases system vulnerabilities, which can be addressed by adopting sound risk management principles. 

- Advertisement - EHA
Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

The NCSC published cyber security design principles to help architects and designers produce secure, resilient OT systems.

Cloud-hosted supervisory control and data acquisition (SCADA)

Critical considerations for OT organizations migrating Supervisory Control and Data Acquisition (SCADA) systems to the cloud while acknowledging the growing adoption of cloud-based SCADA solutions for various functionalities, from data processing to full control of physical assets. 

It emphasizes the importance of a risk-based decision-making process, highlighting cybersecurity as a core concern. 

SCADA systems are critical for monitoring and controlling physical infrastructure, making them prime targets for cyberattacks, especially for organizations managing Critical National Infrastructure (CNI).

Legacy SCADA systems were isolated (air-gapped) from external networks. At the same time, current solutions rely on logical separation and controlled access, whereas cloud-based SCADA requires maintaining and monitoring these limitations in the new environment.

It further aids in decision-making: understanding business drivers and cloud opportunities, assessing organizational readiness for cloud migration, and evaluating technology and cloud solution suitability for the specific use case. 

Understanding the business drivers and cloud opportunities

It emphasizes understanding the different deployment models (full migration, hybrid with/without cloud-based control, cold standby) to assess the unique risks associated with each.

By recommending leveraging cloud-native services for a more secure architecture and to gain a centralized view of hosted services, it highlights the importance of using Software Defined Networking (SDN) and monitoring it for unauthorized changes.

The cloud offers features like automated scaling, failover, and disaster recovery for resiliency, which emphasizes the importance of considering break-glass recovery solutions for critical functions.

Centralized remote access and identity/access management are seen as opportunities offered by cloud-hosted SCADA while  integrating a Privileged Access Management (PAM) solution and using cloud-native secrets management. 

It also discourages relying on lower-trust domains for authentication and recommends using the cloud’s Key Management Service (KMS).

Readiness of Organizations

Before migrating OT to the cloud, organizations need to assess their cloud readiness, including having the proper skills, people, and policies in place.

Cloud migration requires a skill set different from that of on-premises OT management, where organizations can build these skills internally or leverage a managed service provider (MSP).

Migrating to the cloud often involves increased connectivity, so OT security policies need to be reviewed to ensure they can handle this new landscape.

Shared services and third-party integrations used with cloud-hosted SCADA systems need careful consideration to maintain data integrity and security.

Using an MSP introduces another attack surface, so organizations must understand the MSP’s security controls and how they will provision the cloud environment (limited services, tenancy, or separate environment).

Cloud environment ownership and root administrator privileges are crucial, and if the MSP owns the underlying cloud accounts, a compromise could impact multiple customers.

The technical considerations for migrating SCADA systems to the cloud emphasize the importance of understanding software suitability and legacy hardware limitations.

Legacy monolithic architectures and protocols may require additional security measures, like containerization and VPNs. 

The cloud migration decision should consider latency requirements and data sensitivity whereas edge computing and zero-trust architecture principles are also potential solutions.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Doppler Launches ‘Change Requests’ to Strengthen Secrets Management Security with Audited Approvals

Doppler, the leading platform in secrets management, today announces the launch of Change Requests,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Microsoft, DOJ Dismantle Domains Used by Russian FSB-Linked Hacking Group

Microsoft and the U.S. Department of Justice (DOJ) have successfully dismantled a network of...

Linux Malware perfctl Attacking Millions of Linux Servers

Researchers have uncovered a sophisticated Linux malware, dubbed "perfctl," actively targeting millions of Linux...

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...