SCADA In The Cloud- A Security Conundrum?
Two of the hottest buzzwords circulating in the IT world today are “SCADA” and “cloud computing.” Combining the two technologies has been talked about and is starting to garner more attention because of the potential cost savings, system redundancy, and uptime benefits.
Like most IT companies, industrial control system (ICS) devices can benefit from cloud use. The cloud is and will remain a viable business additive for traditional IT worldwide. SCADA devices do not differ from IT devices in that they also require redundancy, security, reduced costs, and uptime. There are several ways that SCADA in the cloud can be approached and installed, but each has their own potential security issues.
Figure 1. Example of SCADA application hosted in the cloud
Broadly speaking, there are two ways SCADA can be deployed in the cloud. It can either be completely in the cloud, or only partially. Whichever method is used, there are security concerns that should be considered and addressed prior to implementing SCADA in the cloud in any fashion. These include:
- lack of authentication
- lack of control
- lack of encryption
- nature of data
- the logging conundrum
- web application attacks
My paper SCADA in the Cloud- a Security Conundrum discusses not only these concerns, but also how to address these potential problems.