The Cloud in OT: Great for Status, Bad for Control

Cybersecurity Musings

Adoption of cloud-based services and technology is prevalent across industries, including OT (operational technology) environments.

When it comes to the cloud, there isn’t a one-size fits all approach for integration or use cases in an environment. Every cloud-based technology needs to be carefully considered in the context of the environment and its operational needs. Cloud solutions may not meet the requirements of an environment, or may need to be modified and configured to meet that environment’s operations and security considerations.

The “cloud” can take multiple forms, whether it’s through a vendor-based solution that allows remote access to address software issues or other remotely accessible servers or software solutions such as those provided by Amazon, Google, and Microsoft.

While there are undeniably many arguments and benefits around the adoption of different cloud technologies in operational environments, it’s important to keep potential risks and impacts in mind.

Getting Cloud-Level Views of Operational Environments

Proponents of cloud technology in OT environments cite how it can be used to optimize specific processes and operations. This is usually done with easier access and visibility into the status of these environments.

Having telemetry data centralized and accessible from anywhere via the cloud makes it easier for teams to efficiently monitor performance of different sites and equipment remotely and as they need it.

Real-time remote access to performance data and other metrics also adds a layer of resiliency to operational processes, as it improves operator and analyst ability to detect and respond to potential issues without having to travel to remote, potentially difficult to access sites. This data can come directly from connection-enabled devices such as sensors and other machines.

Operational data and configurations backed up in the cloud can be invaluable in disaster recovery scenarios. In the event of a natural disaster or other events that compromise the backup data in historians or other on-site servers, organizations can restore systems and meet business continuity requirements by restoring critical backup data from the cloud.

Identifying and Warding off the Storm Clouds

When you’re talking about cloud services in OT environments, latency is a major concern, especially if it impacts normal operations. Milliseconds of delay can be detrimental to someone’s safety, so network requirements and resources for cloud services need to be carefully considered for each site.

A cloud connection can also increase the attack surface of your environment. Air-gapped systems that are suddenly connected will lose the security of that gap, potentially exposing vulnerable systems.

Misconfigured cloud resources can also introduce additional and unnecessary risks. All cloud-based services and resources should be correctly configured and secured. There should also be policies and processes in place to address or mitigate risks associated with any cloud resources.

Of course, cloud adoption may not be the right choice or even possible for every environment. For sites without regular internet communication such as ships or mining stations with limited access to satellite uplinks that have slow speeds and low bandwidth, cloud connections may not make much sense.

One of the biggest risks – and possibly the scenario most feared regarding cloud-connected services – comes when control or influence over operational processes is possible through remote cloud access. A compromised cloud service could become a single point of failure in the event of an attack or an outage.

Organizations should have response and recovery plans in place to ensure unauthorized access can be stopped and that operations can continue, even if any cloud-based services are unavailable.

Safely Navigating the Cloud(s) in Your Environment

Cloud solutions are likely already part of many existing industrial environments, even if they aren’t always explicitly named “cloud-based technology.”

Remember those connection-enabled sensors and machines we mentioned earlier? That data can be sent to a centralized location off- or on-site to another computer elsewhere, such as the enterprise-side of an organization’s network for monitoring or analysis, similar to a cloud-based service.

Certain vendors have machines and devices configured to allow for the ability to monitor telemetry data from specific machines or sets of machines across large geographical locations. This configuration can enable remote support, predictive maintenance windows, and other optimization opportunities.

Many systems and industries are becoming increasingly interconnected. The most common avenue of communication ends up being through the Internet.

So what does this mean for you and your environment? Rather than shying away from the cloud completely, it’s best to approach emerging cloud tech with an understanding of the potential risks they present to your environment, and identifying the actions that can be taken to prevent or mitigate them.

Whether there are connections to cloud-based services in a handful of OT sites or scattered throughout the environment, these connections should be monitored regularly in order to identify unauthorized access, unusual communications, or other suspicious behaviors.

Cloud technology can be fully realized in a variety of industrial environments. As long as operational and security teams are careful about their use and configuration, they can be great tools that enhance the resiliency and efficiency of operations.