Nepho what?! “Nepho” is Greek for cloud. So, I will ask in layman’s terms, are you afraid of the cloud or do you love the cloud? We use the cloud every day, but what about SCADA in the cloud? There are a lot of advantages to putting SCADA in the cloud, but there are also a lot of risks.
We hear and see buzz words all around us listing the benefits of SCADA in the cloud. Scalable, secure, cost-effective, reliable, quick installation, highly accessible, IT and maintenance services done by third-party professionals…sound familiar? All sound good to me! What are the drawbacks then? Why are people so hesitant to put SCADA in the cloud?
Let’s take a look at the risks. How vulnerable is your process? How precious is your data? Let’s face it. Security breaches happen all around us. Sometimes they are malicious cyber attacks (e.g. the Target, Home Depot or Chipotle debacles resulting in the theft of millions of consumers personal information). Or sometimes they are caused at the end user level due to a misconfiguration of security protocols on hosted infrastructure (e.g. the Accenture or Time Warner Cable security breaches due to AWS misconfigurations). Other risks to think about with cloud-hosted SCADA systems are reliability and system performance. If there was a problem with connectivity to the system who would you contact? Is it a local connection issue (onsite IT team)? Is it an ISP latency or outage issue (your ISP)? Or is it an issue with the cloud service network (cloud services provider)? You might have to contact three different folks before seeing a resolution. What’s that downtime cost you?
Would it make sense to expose the controls of a city’s water supply to these vulnerabilities? How can consumers take advantage of the benefits of cloud-hosted solutions and the advanced applications available in the market, without exposing their control systems to the wide area network? One way might be to host a SCADA server locally, leaving the controls on the local area network, but allow less sensitive information to a cloud-hosted solution for easier access and visibility. There are a lot of users moving to these types of hybrid systems to utilize the benefits of cloud-hosted solutions while mitigating the risks of exposing their controls to potential vulnerabilities.
What is your company doing? Are you a Digital Nephophobe or Nephophile?