PAN-OS 8.1: The Future of ICS SCADA With Secure Clouds

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

I recently attended a conference for ICS SCADA security professionals where several colleagues asked me for my personal view of whether I see ICS SCADA systems ever moving entirely to a cloud infrastructure. In their eyes, that definition includes Level 1 of the Purdue Model, the place where the virtual world meets the physical one.

Being the old school, classically trained ICS SCADA person that I am, I reflected on the questions. I shrugged my shoulders, smiled at them and said, without hesitation or pause, “Yes I do.” With looks of astonishment, they asked me why. (To add further context to the scenario, many of the people engaged in the conversation have more years of service in the industry than I do, and I even worked for a couple of them in a past life.) Recognizing the look of concern on their faces that only process/control engineers can generate – especially when addressing a crisis that could be life-threatening – I explained why I see this happening and the reasons for my peace of mind with the migration despite all the recent targeted attacks against control network infrastructures.

No one can ignore the fact that advancements in technology, especially in the areas of communication and computing, have changed the world in ways few people thought possible. We can remember the days when an ISDN line was the pinnacle of broadband service, or the first laptop weighed close to 24 pounds, and see where we are now. ICS and SCADA must evolve, too.

As I attend customer meetings and conferences, the discussion of a cloud-based ICS SCADA control system, and the concerns around securing it, is a reality everyone seems to be facing. The concept is one met with mixed emotion, with all parties working to figure out the pros and cons. At these events, the cloud-based platforms that spark the most interest are infrastructure as a service, or IaaS, where the virtualized hardware (storage, servers, network services, etc.) is the service, and platform as a service, or PaaS.

Owner-operators tend to favor IaaS because it offers greater control over their data. Their main concerns are the operating systems, the applications and securing the data. Platform as a service (PaaS) is the model most manufacturers of industrial products are exploring as a way to deliver cloud-based services to future and existing customers. Focusing on systems used for monitoring and analysis, these vendors found they can offer both “historians as a service” and “human-machine interface as a service” to interested customers. The advantage to the customer is that they only need to supply their data, while the day to day maintenance and care of the infrastructure is the responsibility of the provider.

Regardless of the platform, most agree that the transition of ICS SCADA systems to a cloud-based implementation will happen in phases, with the business functions and monitoring moving first.

Operations like system monitoring, data analysis, system troubleshooting, and predictive maintenance can benefit from a cloud-based infrastructure and the elasticity at which it can scale. With this in mind, either approach is ideal to begin the OT transition from the plant site to the cloud because both are capable of addressing specific functions that require the continuous gathering of large volumes of data generated by these functions.

The advantages include more storage to handle data sent by smart devices, positioning security teams to leverage big data analysis from the creation of a private data lake, while lowering operational cost.

The prominent concern for the DevOps and OT groups with either cloud model are security and data integrity. What that usually means is a question of how to deploy it in a secure manner that scales well in both system performance and data volume, if done in a public cloud offering; and, for those industries with stringent compliance and regulatory restrictions, on how to remain compliant.

Palo Alto Networks Next-Generation Security Platform can help with your ICS SCADA cloud-based deployments by providing continuous and consistent protection to your company’s cloud workloads. Providing seamless security to both your data and workloads through advanced security features that are consistent regardless of physical location or cloud.

You will find that we empower you so that you can achieve your ICS SCADA security objectivities through deploying:

  • In-line security for your harsh environments with next-generation firewalls like our new PA-220R
  • API services for discovering and monitoring resources
  • Automated compliance reporting to help improve your cloud security and compliance
  • Storage services for eliminating potential data leaks or exposure
  • Ability to do outbound and east-west security at scale

With our Next-Generation Security Platform, you can even deploy on multiple cloud services to create an even more efficient, robust and secure ICS SCADA cloud ecosystem.

Learn more about our cloud solutions as well as the ruggedized PA-220R NGFW and other ICS SCADA solutions:

You should also contact your Account Manager and ask about getting a Security Lifecycle Report on your ICS SCADA environment or the Hands-On Workshop for ICS SCADA deployments.

The post PAN-OS 8.1: The Future of ICS SCADA With Secure Clouds appeared first on Palo Alto Networks Blog.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
42 Followers
About Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. With our deep cybersecurity expertise, commitment to innovation, and game-changing Next-Generation Security Platform, customers can confidently pursue a digital-first strategy and embark on new technology initiatives, such as cloud and mobility. This kind of thinking and know-how helps customer organizations grow their business and empower employees all while maintaining complete visibility and the control needed to protect their critical control systems and most valued data assets. Our platform was built from the ground up for breach prevention, with threat information shared across security functions system-wide, and designed to operate in increasingly mobile, modern networks. By combining network, cloud and endpoint security with advanced threat intelligence in a natively integrated security platform, we safely enable all applications and deliver highly automated, preventive protection against cyberthreats at all stages in the attack lifecycle without compromising performance. Customers benefit from superior security to what legacy or point products provide and realize a better total cost of ownership.
Promoted Content
Unit 42 Report - Ransomware: Unlocking the Lucrative Criminal Business Model
Ransomware, specifically cryptographic ransomware, has quickly become one of the greatest cyber threats facing organizations around the world. This criminal business model has proven to be highly effective in generating revenue for cyber criminals in addition to causing significant operational impact to affected organizations. It is largely victim agnostic, spanning across the globe and affecting all major industry verticals. Small organizations, large enterprises, individual home users – everyone is a potential target. Ransomware has existed in various forms for decades, but in the last several years criminals have perfected the key components of these attacks. This has led to an explosion of new malware families and has drawn new actors into participating in these lucrative schemes.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel