Cloud Security For Industrial Automation And Control Systems
Is it possible to have a healthy relationship between internet-connected cloud services and industrial control systems? This article examines some of the opportunities and challenges that exist in this hot-topic domain.
Share This Article:
The cloud brings many opportunities to leverage services and enhance connectivity, infrastructure and platforms, and promises reduced technology costs, scalability, business continuity, collaboration efficiencies, and smoother software lifecycle management.
But is the cloud universally appealing for all use cases? Is there a role to play for cloud computing in Industrial Automation and Control Systems (IACS) now or in the future? What opportunities and challenges exist? And is there means to ensure a healthy relationship between control systems and the cloud?
This article will delve deeper into the role of cloud services in IACS and aims to address some of these questions.
The Industrial Internet of Things
The adoption of cloud components for control systems is probably more widespread than you might think.
A common use case for the cloud is where an operator might commission a varied array of IACS field endpoints, utilising a design pattern now commonly known as the Industrial Internet of Things (IIOT). These field endpoints are often edge devices that are positioned in remote or dangerous environments, which by and large are used solely for telemetry purposes as opposed to control.
Due to their number, purpose, and function, there can be seen benefits in concentrating these devices’ data streams into cloud services for a backhaul of telemetry to an operator’s control systems. To contain cost and enable the broader rollout of IIOT and mesh-net connected edge devices, third-party carriers are readily employed for the transmission of this data.
While there is generally no storage of any data, it is worth acknowledging that multiple traversals of third-party data centres and systems are probable, as well as recognising the implicit trust that related security controls are robust and uniform.
The use of these edge devices continues to grow with the use of smart metering of premises, service quality monitoring, condition and environment monitoring and broader operational and security assurance devices.
With technology enabling the use of both public and private communications links, incorporating cloud services into the control system requires an evaluation to identify any risks that could be introduced. Whilst an operator might attain documented assurance of security from third-party carriers and possess the ability to employ limited additional cyber security controls, there still exists the issue of limited visibility on end-to-end data stewardship.
Industrial Control Systems as a Service – Brave New World or Fool’s Errand?
In the process of building and maintaining IACS there is established a need to maintain line of sight to the controls that assure each aspect of the system – particularly those that have an impact on safety-critical operations. This helps identify the specific capabilities that are necessary to deliver immediate responses from operational teams to address any issues with the operation of the IACS.
Remaining sensitive to operations and its security posture is supportive of most organisations’ all hazards approach to risk.
With the above in mind we can consider what using Industrial Control Systems as a Service (ICSaaS) cloud infrastructure might look like in practice: What are the expected response times? What do recovery activities and security responses look like? What does a mode of system failure even look like?
It is very difficult to establish tangible and concrete guarantees from cloud providers as to the likelihood of Service Level Agreements/Operational Level Agreements (SLA/OLA) that can be met. The boilerplate arrangements might describe how the cloud provider will respond to an incident or outage with liquidated damages should they not be able to meet a given SLA/OLA, but there is more to it.
Operators cannot contract out their risk nor their obligations to the regulated and legislated environment they participate
When dealing with safety critical systems and systems that can influence their operation, the newly cast opportunity to incorporate the cloud more broadly might best pause to consider organisational safety and resilience.
Whilst aspiring for and achieving resilience in cloud systems, promoting operational safety might still present considerable challenges. But the good news is that there remain candidates for cloud deployments!
Common services whose unavailability or compromise poses less risk to the organisation can often be hosted in the cloud. Examples of such systems might include asset management, workflow management, field resourcing, business intelligence, and system historians.
Do suitable use cases exist?
We discussed the prevalent use of Private Access Point Names (APN) with Telecommunications carriers. These form a core part of being able to deliver telemetry services via public carriers, so this is now a key part of the control system landscape.
Multiple methods exist, such as encryption and other security tooling, to secure cloud infrastructure in control systems. As cloud effectively extends the customer network to the edge, any number of internal security controls can be applied to secure these networks.
Looking at the uptake of IIoT and considering the number of devices participating, the cloud can be used to funnel bulk point data to platforms such as data lakes and analytical tools that do not have any system control capability. This allows us to utilise many of the elasticity features that cloud services can provide without incorporating control networks.
This does not mean that security mitigations are not required. On the contrary, it can mean that new security requirements need additional thought in the design and implementation of such systems. However, in such use cases it is certainly feasible to operate safely in a cloud-enabled IACS environment.
How to determine cloud provider security posture
Assessing a cloud providers’ security posture and architecture should form an integral part of the decision tree prior to enabling their services, particularly when utilising multi-tenant or shared services within the environment.
Understanding the details of what is essentially a black box solution can vary depending on the transparency from the cloud provider, so it is essential to ensure that their security posture meets your needs for the types of control systems hosting being utilised.
Focusing on understanding the design and countermeasures in detail, such as network segmentation, can assist with potentially transposing the standards such as IEC 62243 zones and conduits within the cloud environment.
Standard cloud security certifications such as SOC2 should be considered mandatory as they allow for a basic level of assurance and an opportunity to further analyse the posture of the provider.
Industry use cases and products
There are a number of known use cases for cloud architecture deployment in IACS, with some notable examples in both the Rail and Energy sectors.
For example, Siemens Mobility and ÖBB-Infrastruktur have put into operation the first hardware-independent cloud interlocking at the train station in Achau, Austria.
Another example is OSI Soft having an e-Scada cloud-based service that delivers SCADA and application services via the web for utilities.
What about the regulation?
Within New South Wales, Energy operators are bound by specific license conditions which are prescriptive in where and how the control system and related information must be managed.
Although these conditions do not expressly forbid the use of cloud solutions for the actual hosting of the control system, many of the conditions do imply that the organisation should have sovereign control over the system.
Having sovereign control over the core components of a control system is a point that cannot be understated.
Considering the operational response and resilience goals of IACS operators ensures that you can commit to these goals and protect the operational imperative. Operators must be able to manage and monitor the platform and provide a response time that is better than any SLA/OLA that a cloud provider can offer in a cost-effective manner (i.e. 1 hour response, 4 hour fix).
Add to this the aspects of physical, third party, employee, and contractor security working all these aspects into any hosted solution, which can raise costs substantially. Or, should they fail, it could lead to any number of operational impacts.
Granted there are ways of system design that can make a failover scenario appear transparent to the operator. But again, if cost reduction by moving to cloud is the driver, would these active-active designs to meet resilience targets make that a moot point?
What is the way forward?
Utilising the cloud in some form offers many opportunities and it is not going away. There are many suitable use cases for which cloud-enabled architectures may prove useful, and these rightly should be investigated.
Approaches to improve the IACS ecosystem should be encouraged, with control system operators inclusive of taking a risk-based approach to the utilisation of cloud components within the control system.
Maintaining a focus on resilience goals, regulations, and ensuring that safety and operational imperatives of your organisation remain paramount must remain the key driver. Cost reductions should be weighed very carefully as a driver if these imperatives are at risk of being affected.
Anchoram recommends an approach that covers off the risk, technical, operational, and regulatory concerns when making these decisions. In some cases the commercial penalties for outages may be greater than any cloud benefits and, most importantly, safety risks require significant considerations to be made.
As specialists in risk, technology, and critical infrastructure, Anchoram is well placed to provide organisations with deep experience and flexible approaches to any concerns related to cloud-enabled IACS and the IIoT.
Our teams thrive on helping our customers realise a secure and safe operation, so for more information please reach out to any of our team for a no-obligation chat about your control system challenges.
Is it possible to have a healthy relationship between internet-connected cloud services and industrial control systems? This article examines some of the opportunities and challenges that exist in this hot-topic domain.
Share This Article:
Categories
Subscribe
Subscribe to our newsletter and get the latest news and information from Anchoram.