What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?

Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities of technology professionals have been enhanced to include full certification paths towards demonstrating cloud proficiency.

In the past, part of an organization’s startup costs included a large line item for servers and other computing equipment. Now, entire companies have been created, enabled through the reduced cost of cloud computing. It would seem that cloud has taken over every company. However, this is not true. Many organizations that relied on security through air-gapped systems are now starting to become internet-connected. This is particularly true in industrial organizations. 

While these industries start to use the internet to engage in remote abilities, they are doing so in a way that is reminiscent of earlier computing methods. It would seem that they may be missing a great opportunity to enhance their capabilities by adopting cloud technologies. We asked a group of experts their thoughts about industrial organizations adopting the cloud while also considering cybersecurity. Their responses are shared below.

Lane Thames, PhD, Principal Security Researcher at Tripwire

Industry 4.0 is emerging and has started to drastically change the way industrial organizations operate. Industry 4.0 has several definitions, but I view it as a new industrial paradigm based on digital transformation and Internet-based technological ecosystems such as the internet of things (IoT), the industrial internet of things (IIoT), cloud computing, fog computing, big data, machine learning (ML), deep learning, and artificial intelligence (AI).

In order for an industrial organization to begin the journey towards and enjoy the benefits of Industry 4.0, they must adopt digital transformation and Internet-based technological ecosystems. One such ecosystem is cloud computing. Cloud computing is required for an organization to make this broad leap forward, and the adoption of cloud computing by industrial organizations comes with many benefits. Over the previous years, data have been captured on a small scale with respect to the total amount of available data within OT/ICS networks. In particular, most of the data we currently collect is based on what is required by a system to be collected such as signals coming from monitoring real-world processes or data related to safety control and safety instrumented systems. However, there are many signals and data within OT/ICS networks that can be captured that are not necessarily a requirement but could be used to enable more secure and smarter industrial environments, i.e., smart factories.

This requires large-scale data collection, storage, processing, analytics, and visualizations, however. This is where the cloud comes into the game. The cloud can offer the resources for this increased scale. The result is innovation such as predictive process modelling, predictive maintenance, and process optimizations.

There are cybersecurity implications for this adoption, as well, with both positive and negative results. On the positive side, the massive amount of big data and predictive techniques could be used to enhance our current capabilities to observe malicious activities within an OT/ICS network. The cloud and industry 4.0 can enable innovations that allow visibility and detection of attacks at larger scale and higher dimensions than non-Industry 4.0 organizations. For example, if a malicious user has gained access to an ICS network and is trying to spoof signals sent to a human-machine interface (HMI) in order to achieve some goal, real-time data processing and ML-based predictive modelling in the cloud could be used to alert on suspicious activity. This is a positive benefit, as the cloud and all the data processed is being used to increase the organization’s cybersecurity posture. A negative impact could be the introduction of new devices such as IIoT-based data collection systems into OT/ICS networks as part of an industrial organization’s digital transformation. A solution to this problem is having cybersecurity technology that provides both device visibility into the OT/ICS networks and capabilities that aid with device integrity such as security configuration and vulnerability assessment.

It is a brave new industrial world, and I cannot wait to see how Industry 4.0 continues to evolve and make our world a better place.

Gabe Authier, Director of Product Management at Belden

A primary benefit of OT/ICS adopting the cloud is being able to scale their industrial cybersecurity program across multiple factories/plants and across regions. The first step in OT cybersecurity is understanding what you have on your network. This is often referred to as “visibility of the OT network.” Having visibility into one plant is a good start, but being able to achieve similar data visibility and use a standard risk scoring system from multiple plants into one centralized location is key to gaining a complete overview of your cybersecurity posture across you organization. The cloud makes it much easier to aggregate the data and ultimately take action to reduce risk across an organization with industrial assets. Furthermore, you can start scoring your overall risk from a centralized platform and use that information to focus on plants or regions that have the most risk, aiming towards a universal risk reduction approach for your industrial networks.

Jim Laurita, Sales Engineer at Tripwire

Is the cloud right for your ICS environment? Unfortunately, there does not appear to be a clear, concise answer to this question, as each industry has its own set of challenges and goals. While cloud computing can offer substantial advantages for smart manufacturing technologies, there is always uncertainty surrounding opening a portal into mission-critical or sensitive networks. Any discussion of cloud computing within the ICS or OT world should start with two questions. First, what advantages does cloud computing provide versus on premise solutions. Second, what pitfalls or vulnerabilities exist?

Some of the advantages that cloud can bring to an environment are flexibility, scalability, and remote vendor support. For example, your infrastructure is running into performance issues, and your application is suffering. With cloud-based solutions, we can add some RAM or increase CPU allotment rather than have to add hardware. Of course, alongside advantages come risks. Spotty internet connections could lead to timing issues and unreliable processes, not to mention outages and production loss.

Perhaps the biggest risk with cloud computing is security. While we can debate the reality of the air gap and whether or not it even exists, what is not up for debate is the increased attack surface created by connecting local assets to the internet. Regardless of traditional security measures such as intrusion detection systems and anti-virus software, any system with an internet connection is more vulnerable than a system without one. Threat hunting with an asset discovery and vulnerability management tool such as Tripwire’s Industrial Visibility or Industrial Sentinel can vastly mitigate the inherent risks of cloud computing.

OT has been operating in the cloud for some time but on a limited basis and for certain uses. It is clear that adopting the cloud from an OT perspective does bring benefits like ease of use, rapid provisioning, and increased scalability, but like the ongoing digitization movement, there are security issues. As we get closer to adopting more cloud capabilities, there will have to be unified and holistic visibility across IT and OT to understand what is going on. Also, cloud providers have been saying for a long time that their security is unparalleled. With everything I hear from security professionals and from my own observations, however, I just don’t believe that.

As it stands now, manufacturers of all types are struggling to develop OT security at a pace comparable to the speed with which attackers are developing their own skill sets. On top of that, the OT landscape is becoming more complex due to IT/OT convergence, IIoT devices, virtualization, and cloud computing. The overall sense I am getting now is that everyone has to take a deep breath and understand the business benefits and then build in security from the start.

As we move toward more cloud adoption, the idea of OT security will have to change to a more holistic approach across the entire manufacturing company’s enterprise. Not only that, but “Zero Trust Architecture” will have to come into play. I truly believe OT/ICS is a long way away from total cloud adoption, but the level of digitization has changed so rapidly since the pandemic that you never know how quickly things may change.

Divij Agarwal, Technical Director, Edge at Belden

We are seeing digitization of factories at a pace never seen before. While digitization helps improve overall productivity and efficiency, it poses a big challenge in the form of data management and governance. Connected devices generate data that can be harnessed for meaningful business insights which was not possible in the traditional air-gapped systems. Cloud plays a crucial role in enabling this digital transformation through tools such as data analytics, visualization, and storage. Industrial networks can now utilize the benefits of almost limitless compute and storage capabilities of cloud to store their data, process it, and analyze it for improving their operational efficiency. Additionally, most cloud providers today offer ready-to-use tools and services that have rich interfaces to consume this data and generate actionable insights using AI, machine learning, and interactive visualization technologies. Care must be taken to ensure this data migration to cloud does not pose unforeseen risks to the factory and its operations. Sending huge volumes of high-variety data to the cloud can strain resources such as network infrastructure. It can also introduce unwanted latency to mission-critical, time-sensitive operational data.

Organizations should also consider data as an asset. As such, they need to ensure its security and governance while it’s being sent to the cloud as well as once it is stored there. Edge has a pivotal role in being an extension of cloud, but it works closer to the actual plant network. It can ensure end-to-end secure transmission of data between plant floor and cloud while ensuring only relevant, compressed, and useful data is sent for reduced bandwidth consumption and latency.

Scalable cloud computing, which includes previously unavailable resources (i.e., advanced memory, compute, and analytics), facilitates cost reduction and decreased implementation time. Cloud facilities from the largest providers are equipped with the latest advances and cybersecurity features, allowing customers to expand and shrink capabilities “ondemand.” Organizations of all sizes can now shift their IT expenditures from CAPEX to OPEX, leveraging modern technologies such as machine learning and data science without requiring in-house competencies.

A significant paradigm shift is occurring, with the total number of internet-connected devices expected to exceed one trillion over the next three years. OT-IT convergence, accompanied by cloud-based options, is creating additional complications. OT and IoT (ranging from large industrial systems to much smaller devices like hospital infusion pumps) previously used “air-gapped” connections and proprietary protocols, but they now include standard network connectivity, blurring the proverbial lines. Unlike traditional IT, which emphasizes the well-known CIA triad, safety and reliability are paramount to OT environments. As evidenced by recent international security incidents, we must remember that compliance differs from cybersecurity, and regulatory requirements range from robust to non-existent depending on the industry. NERC CIP focuses on the industrial control system reliability, but HIPAA emphasizes privacy over robust security, and there are currently no mandatory criteria for healthcare IoT.

Some organizations may embrace digital technologies, including the cloud, without considering the OT risks involved. Unsanctioned “shadow IT” increases the available attack surface. Without an adequately segmented architecture (e.g., Purdue model), cybercriminals may leverage readily available tools and techniques, enabling them access to the IT side of the house, as well as compromise OT and IoT systems with lesser or non-existent protections. Adequate security begins with solid governance, and together, people, processes, and technology play an essential part in creating a resilient business strategy.

Ronen Rabinovich, Senior Product Manager Firewall and Security at Belden

Industrial companies are looking for better ways to connect their workforce to decision tools and digitally enhance or augment work and business processes. Companies are increasing the use of anywhere, anytime access to systems, applications, data, and people to drive higher productivity, better quality, and lower their costs. Connected workers are driving higher performance in every industrial activity. Workers with remote access to systems and assets are reducing facility downtimes and travel costs. Site personnel with instant access to project information are reducing construction delays and costly errors. Instant access to cloud resources and subject matter experts (SMEs) is improving the productivity of factory workers. Remote operation of equipment in distant and hazardous areas is reducing safety risks and travel costs.

Connectivity is also enabling broader use of productivity-enhancing technologies like cloud analytics, smart glasses, and augmented reality. While these benefits are large, they come with increased cyber risks. Every interaction opens a new attack pathway. Devices used outside facilities also increase opportunities for malware infection and data loss. Current industrial cybersecurity programs were not designed to manage these threats. To securely reap the full benefits of connectivity, companies need to implement a “zero trust” security approach such as:

1. Asset management and visibility – The ability to define authorized users, their roles, and their privileges as well as set and manage asset communication policies.
2. Secure Remote Access – This involves maning the end-to-end security of remote connections into protected systems, devices, applications, and data. These solutions protect assets from compromise and exfiltration of confidential information. This function involves securing external communications, securing connections with protected networks and assets, and securing management of connections and activities throughout the session.
3. Intrusion Protection System (IPS) Capability – This network security tool (which can be a hardware or software device) continuously monitors a network for malicious activity and takes action to prevent it such as by including reporting, blocking, or dropping it when such an event does occur.
4. Intrusion Detection System (IDS) capability – Usually working in tandem with an IPS, this system monitors the network for malicious activity or policy violations. Any intrusion activity or violation would be reported either to an administrator or collected centrally using a Security Information and Event Management (SIEM) system.

Max Gilg, Industrial Executive at Tripwire

There are a lot of opportunities for cloud solutions in OT/ICS environments. The ubiquitous nature of cloud compute power and limitless storage capacity presents a lot of use cases where a production environment could use this fast, always available resource. It starts with simulations, machine learning over many sensors, or interconnected production load-sharing. There are also use cases that are even related to the hyper connection of multiple anonymous information streams in a service. For example, shared threat information and intelligence can prepare your system against attacks seen in other companies in the same vertical. Routing secure remote access or outgoing traffic over a public cloud can protect an organization against distributed denial of service (DDoS) attacks by simply not publishing IPs that lead to the local internet address. Although there are many advantages to cloud adoption in OT/ICS environments, there are also risks. The main risk is the increased complexity that is introduced through a distributed environment. However, even for these challenges, cloud benefits outweigh these concerns.