ICS as a cloud service is coming: Will the benefits outweigh the risks?

Is plugging critical infrastructure into a cloud interface really a good idea?

Industrial control system (ICS) equipment benefits from security by obscurity and complexity. The protocols are so unique and require so much effort to master that nobody but a motivated nation-state is going to spend the time and money figuring out how to attack them.

Plug these systems into a modern IT cloud infrastructure and all of a sudden the gamut of "traditional" attacks can now affect ICS/operational technology (OT) systems, including taking advantage of wormable, unpatched IT vulnerabilities.

Some ICS security vendors now offer what they call ICS as a service (ICSaaS); those CSO spoke with say it's what the market demands. If the market is bent in that direction, they say, we might as well try to do it as securely as possible.

If done well, remote monitoring can help improve security by giving security analysts access to real-time data from those systems. This can be especially useful to smaller organizations that want to share remote telemetry with an outsourced security contractor.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!