The UK’s National Cyber Security Centre (NCSC) has issued guidance on the migration of supervisory control and data acquisition (SCADA) systems to the cloud. SCADA systems have traditionally operated in isolation due to security concerns, but the potential benefits of cloud adoption are prompting organizations to reconsider. The NCSC’s guidance aims to help OT organizations assess the risks and benefits associated with cloud-hosted SCADA systems, emphasizing the need for a risk-based decision-making approach tailored to each organization’s unique profile and technical requirements.
While the cloud offers increased flexibility, resilience, and centralized management, it also introduces security risks that must be carefully managed. Organizations considering cloud migration for SCADA systems must evaluate whether they have the necessary skills, policies, and technology to support the transition. Additionally, they need to determine the suitability of their SCADA products for cloud deployment, considering factors such as software compatibility, legacy hardware, latency, and data protection requirements.
The NCSC highlights the importance of applying general cloud security principles to SCADA systems and encourages organizations to review its broader cloud security guidance. Trevor Dearing, director of critical infrastructure at Illumio, emphasizes the risk posed by cyberattacks targeting SCADA systems, stressing the need for a Zero Trust approach to enhance cyber resilience. Dearing underscores the significance of organizational readiness and adopting a proactive security stance to mitigate the operational and societal impact of potential cyber incidents targeting SCADA infrastructure.
