UK government releases new cloud SCADA security guidance for OT

News
By published

Critical infrastructure is in the crosshairs more than ever

Isometric server-side processing concept
(Image credit: Shutterstock/Net Vector)

The UK National Cyber Security Center (NCSC) has released new guidance on securing supervisory control and data acquisition (SCADA) cloud environments for operational technology (OT).

UK critical national infrastructure (CNI) is highly dependent on SCADA as a means for data collection and control, and due to the importance of their environments they are at a higher risk of cyber attack.

Therefore, the NCSC is seeking to boost the security and resilience of these environments to lower the risk of a critical breach by cyber criminals or state-backed groups.

Tips and tricks for SCADA security

The original basis of SCADA security in legacy systems was designed around the ‘air-gapped’ model, whereby the SCADA infrastructure is separated from both the internet and the organization's network.

The NCSC says that if an organization is looking to move from the ‘air-gapped’ model to a cloud environment, there needs to be significant controls and constant monitoring on the connectivity and access to the CNI. However, migrations to a cloud environment should be considered on a per-case basis, with specific guidance provided depending on the use-case of the organization.

There are several solutions that the NCSC provides guidance on, from full cloud migration down to using the cloud as a simple standby/recovery solution - each with its own pros, cons, and levels of risk.

One of the most significant advantages of using a cloud environment is the open ended design of cloud, allowing organizations to maintain consistent observability over their environment over time, especially as new and advanced threats emerge and are studied and understood.

The NCSC also highlights the scalability of cloud environments, both in capacity and application usage, with both being available depending on the needs, size and criticality of the infrastructure being operated.

China has increasingly targeted US CNI in a number of cyber attacks, and the crosshairs could soon more to the UK, the NCSC says, stating in its Annual Review 2023 that, “it is highly likely the cyber threat to UK CNI has heightened in the last year,” alongside a statement in a joint advisory with the US Critical Infrastructure & Security Agency (CISA) about the risks posed by China.

Speaking on the NCSC guidance, Chris Doman, CTO and co-founder of Cado Security said, "This report comes off the back of two trends; SCADA systems are increasingly not only connected to the internet, but also hosted in the cloud. This brings easier access to the data but can also increase the attack surface.

"There is a wider concern and awareness of the security of critical national infrastructure, and the potential for cyber attacks to cause physical damage, partly due to world events."

More from TechRadar Pro

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Fortifying the UK’s energy sector: The cybersecurity imperative in an AI-driven future
Racks of servers inside a data center.
The UK data center Critical National Infrastructure: challenges and opportunities
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Cloud computing graphics.
Sovereign Cloud: redefining the future of secure digital innovation
A hand reaching out to touch a futuristic rendering of an AI processor.
Balancing innovation and security in an era of intensifying global competition
Closing the cybersecurity skills gap
The critical need for watertight security across the IT supply chain
Latest in Pro
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Racks of servers inside a data center.
Modernizing data centers: an efficient path forward
Dr. Peter Zhou, President of Huawei Data Storage Product Line
Why AI commonization is so important for business intelligent transformation and what Huawei’s data storage has to offer
Wix automation
The world's leading website builder aims to save businesses time with new tool
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
More about pro
Oracle

Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money

Financial leaders still rely on regular tools like Excel for automation tasks over AI
NYT Connections homescreen on a phone, on a purple background

NYT Connections hints and answers for Monday, March 17 (game #645)
See more latest
Most Popular
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 17 (game #645)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 17 (game #379)
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 17 (game #1148)
Oracle
Bluehost owner is moving to Oracle Cloud, so could thousands of websites be about to migrate?
Money
Financial leaders still rely on regular tools like Excel for automation tasks over AI
Two examples of the Asus Fragrance Mouse MD101 sitting on a table
Your next computer mouse could have a fragrance compartment for aromatherapy oils – and this Asus idea is nothing to sniff at
Apple iPhone 16 Pro HANDS ON
Leaked iPhone 17 dummy units may have given us our best look yet at all four models
Eizo FlexScan FLT
Behold the world's most power-efficient monitor — the EIZO FlexScan FLT
A close up of a xenomorph with Earth reflected on its head in the Alien: Earth TV show teaser
Alien: Earth: everything we know so far about FX's upcoming Alien TV show coming to Hulu and Disney+
Half man, half AI.
Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams