Cloud-based systems

It is possible that your ICS software might access cloud-based solutions, or might itself be hosted on the Cloud. It is important to mitigate the risks associated with cloud-based access and hosting.

Access cloud-based solutions

Several AVEVA applications are now being made available through the Cloud, and ICS software may need to connect to these applications. One of the main risks associated with accessing cloud-based applications is unauthorized access. Connecting ICS software to Cloud solutions must be done in a secure manner, and needs to use secure protocols such as Transport Layer Security (TLS).

It is important that data integrity is maintained at all times. Use data classification to identify data that is sensitive and data that can be made public. Secure computers, storage and networking in order to secure the data that is stored and transmitted. Work with your Cloud Service Provider (CSP) to configure users, assign access levels and monitor and control access. Ensure that the CSP's buildings are physically secure and protected from unauthorized access.

Cloud-based ICS software

While hosting ICS software on the Cloud provides several benefits such as flexibility, scalability and availability, it is also fraught with security risks such as susceptibility to hacking resulting in damage to the organization's reputation . Therefore, it is important to implement a security strategy before you make your ICS software accessible on the Cloud. For securing ICS software on the Cloud, you need to consider the following:

• Securing access points by putting in place authentication, monitoring and support mechanisms.

• Implementing cloud-based, centralized security measures including encrypting communications using TLS.

  Note: It is recommended that you review the NIST Cybersecurity Framework (https://www.nist.gov/cyberframework) for additional information.