The UK National Cyber Security Center (NCSC) has published new guidance on how to secure supervisory control and data acquisition (SCADA) cloud environments for operational technology (OT).
The UK's critical national infrastructure (CNI) relies heavily on SCADA as a means of data collection and control and, due to the importance of their environments, are at increased risk of cyberattack.
The NCSC therefore seeks to increase the security and resilience of these environments to reduce the risk of a critical breach by cybercriminals or state-backed groups.
Tips and Tricks for SCADA Security
The original foundation of SCADA security in legacy systems was designed around the 'air-gapped' model, whereby the SCADA infrastructure is separated from both the Internet and the organization's network.
The NCSC says that if an organization is looking to move from the 'isolated' model to a cloud environment, there needs to be significant controls and constant monitoring of connectivity and access to the CNI. However, migrations to a cloud environment should be considered on a case-by-case basis, with specific guidance provided based on the organization's use case.
There are several solutions that the NCSC provides guidance on, from full migration to the cloud to using the cloud as a simple standby/recovery solution, each with their own advantages, disadvantages and risk levels.
One of the most important advantages of using a cloud environment is the open design of the cloud, which allows organizations to maintain constant observability of their environment over time, especially as new threats emerge, are studied and understood. and advanced.
The NCSC also highlights the scalability of cloud environments, both in capacity and application usage, both being available depending on the needs, size and criticality of the infrastructure being operated.
China has increasingly targeted the US CNI in a series of cyber attacks, and the crosshairs could soon turn more towards the UK, the NCSC says, stating in its 2023 Annual Review that “it is very “The cyber threat to the UK CNI is likely to have increased over the past year.” last year,” along with a statement in a joint advisory with the US Critical Infrastructure and Security Agency (CISA) about the risks posed by China.
Speaking about the NCSC guidance, Chris Doman, CTO and co-founder of Cado Security said: “This report arises from two trends: SCADA systems are increasingly not only connected to the Internet, but are also hosted in the cloud. This brings a easier access to data, but can also increase the attack surface.
“There is broader concern and awareness about the security of critical national infrastructure and the potential for cyberattacks to cause physical damage, in part due to global events.”
