– By Stephen Lucas, Vice President of Product Management, ORock Technologies –
Ok, you are probably wondering why I repurposed a legendary line from “the Rime of the Ancient Mariner”. Well just recently, due to a failure of a chlorine injector and subsequent events following, the water in our little town in Colorado was shut down. When it was restored, it was contaminated, forcing a “boil-water” advisory until the system could be fully restored. While this outage did not make the national headlines, it certainly had an impact on the 10,000 residences and local businesses that lost revenue during the three-day shut down.
This got me thinking about all the critical infrastructure systems that we depend upon daily and how vulnerable we are to aging infrastructure and security breaches. Now compare our town’s outage to those incidences that did make national headlines and which caused a much greater impact to businesses and citizens alike.
Two such recent critical infrastructure disasters come to mind. The hacked Florida water plant where cybercriminals tried to poison a whole city and the ransomware attack on the Colonial Pipeline, the largest fuel pipeline in the U.S. The latter attack forced the company to close operations and freeze its IT systems and computerized equipment, prompting a gasoline shortage all the way down the nation’s East coast. Who will forget the news images of cars lined up for miles waiting their turn to fill up their gas tanks?
These events demonstrate just how vital applications known as SCADA systems are to companies that must be 24/7/365 vigilant in monitoring, managing and preventing mission-critical outages and system breakdowns.
What is a SCADA system?
SCADA, which stands for Supervisory Control and Data Acquisition, are centralized control systems that are composed of hardware and software that collect and process data for analyses and monitors events across the production process to facilitate decisions. While rarely in the spotlight, these critical systems carry out vital missions day in and day out. What’s not widely known is that many SCADA systems are outdated legacy systems that require constant maintenance and have numerous points of entry that are vulnerable to cyber and other malicious attacks.
Modernizing your SCADA network in the cloud
Critical infrastructure across the U.S. relies on SCADA systems—whether it be water treatment plants, natural gas pipelines, electrical grids, manufacturing sites, chemical plants, dams, railroad systems, nuclear power facilities and more—rely on actionable data and help adjust things like pressure and vibration on tanks, power usage, peak energy hours, water flows and other real-time data across thousands of devices and remote sites. If a hacker were to gain access and control these systems, it could have grave consequences.
How can you modernize your SCADA system while increasing performance, decreasing costs, all while adding extra layers of security to protect it from future cyberattacks? As critical infrastructure providers scramble to bolster their IT stacks with stronger security, the answer can lie in the cloud. Complex SCADA networks are no longer limited to on-premises deployments and are shifting to the cloud so operators can have a consolidated IT stack at their fingertips. Cloud-based SCADA systems are easier to deploy and allow for real-time monitoring and alerting.
The benefits to moving a SCADA system to the cloud
As organizations evaluate their current SCADA systems, many face the reality that their on-premises, legacy applications are just too vulnerable to attacks and costly to maintain. Years ago, organizations wouldn’t have thought the cloud as a viable option but with advancements in cloud security and data center technologies, organizations today have more options. So, what are some of the benefits that can be gained by moving your SCADA applications to a cloud platform?
- No upfront capital expenditure
- Reduce or eliminate on-premises IT resources, thus reducing costs
- Flexible cloud cost models, reserve instances for greater savings or pay-as-you-go for bursting
- Improve reliability with greater cloud-based redundancy and SLAs, including geo-redundancy
- Greater capabilities to access and share data anywhere
- Leverage cloud tools for greater business insights, including Machine Learning (ML), Artificial Intelligence (AI), Big Data Analytics, Data Virtualization and more
SCADA systems security requires a Zero Trust environment
Remember, not all public clouds are created equal, so it is important to look for a cloud partner that understands the critical nature of your applications and workloads and offers proactive security solutions that help prevent your organization from becoming the next national headline due to a breach or attack.
By introducing a Zero Trust framework, you can greatly improve your security posture by assuming critical computing assets and data are untrusted until they are authenticated, thereby only granting access to resources that are required at the time they are used. Companies can accomplish Zero Trust by implementing attribute-based security controls.
Attribute-based access controls perform cryptographic verification and authentication of critical resources at the time required to execute. A security architect must consider how strong the security boundary of the asset is versus other assets. This is where strong virtualization isolation technologies can prevent side-channel attacks and data spills across security boundaries defined by the cryptographically verified attributes.
A hardened security architecture in the cloud
A hardened, full stack security solution that utilizes attribute-based controls to isolate and protect virtual machines (VMs) at runtime and allocate compute resources for more consistent performance creates a Zero Trust environment.
Your organization can have boot-through-runtime protection for your critical applications. At the virtual machine (VM) level, this protection:
- Provides cybersecurity deeper in the IT stack
- Prevents persistent threats from using rootkits and other means to compromise low-level components
- Protects at the hypervisor, boot drivers, BIOS and firmware—security built-in at every independent layer of the stack
Not only would hardened security block attacks, but it would also offer significant benefits in terms of performance and cost certainty. Remember, it is vital to partner with the right cloud provider that understands your security needs and can provide leading-edge full-stack security and performance in a virtualized environment.