A New Paradigm: OT Security and Data in the Cloud

A New Paradigm: OT Security and Data in the Cloud

Many industries have seen significant improvements in operational efficiency and reduced downtime by adopting advanced analytics and optimization algorithms that run on cloud services. Power generation and distribution networks, however, have been slow to adopt this new technology due to well-justified concerns over the security and regulatory compliance of external connections.

The adoption of hardware-enforced security technology to deliver data to the cloud can help the industry accelerate adoption of cloud services, without the need for complex network analysis, and while fully meeting all regional and federal regulatory requirements. Equipment vendors are starting to explore the integration of this technology directly into their new designs to enable advanced support and maintenance services that are driven by real-time machine data.

Is it safe to connect?

Conventional wisdom dictates that OT devices–sensors, programmable logic controllers, SCADA devices, and so on–should not be connected to external networks. And for good reason. A successful cyber attack on a device at the lower levels of the OT network can have consequences far more serious than the financial damage that follows a typical security breach.

But as the industrial internet of things continues to evolve and cloud providers continue to add new capabilities, the case for sending OT data to the cloud becomes more compelling.

Machine vendors to the industrial market are beginning to offer enhanced support and services that depend on connected equipment–services like predictive maintenance, planned downtime, and data-driven failure analysis. These services require that data flows directly from machines in the plant back to the manufacturer’s cloud service so they can monitor and analyze the data. For energy companies, there are enormous benefits to be gained from these services, and from other use cases that depend on centralized, real-time visibility into device status and performance. The question is how to achieve that visibility without exposing the connected devices to attack.

Hardware-enforced security

The answer is hardware-enforced security technology that allows data to travel out of the facility to the cloud, without providing a path back inside that could be exploited by threat actors.

Data diodes and hardware-enforced protocol validation technology do exactly that. Inside an optical data diode, data follows a one-way path–through an optical transmitter, across a fiber optic cable, and into an optical receiver–that allows no possibility for data to travel in the opposite direction. Protocol validation that is implemented in hardware cannot be modified or disabled by malicious software.

No software-based firewall can provide the same level of assurance, which is why many organizations now require a hardware-based security for any use case that involves data from an OT device being sent to the cloud.

Operational technology data travels safely to the cloud via a unidirectional data diode.

GE and Microsoft pioneered the use of cloud-based OT monitoring and analytics several years ago, using data diode technology from Owl Cyber Defense to protect the data. The concept is now catching on with more organizations. With an OT-to-cloud data flow, protected by hardware-enforced security technology, energy companies can optimize plant performance and device maintenance, thereby reducing operating expenses and delivering more value to consumers and business customers.

On the horizon: embedded security technology

As adoption of hardware-based security accelerates, a new technology will make it even easier for device manufacturers and asset owners to protect their OT devices.

Embedded cybersecurity technology–security hardware that’s built directly into OT devices–offers an ideal solution for managing the growth of the IIoT and the need to share data securely. Embedded security modules provide maximum assurance for critical OT data, while reducing cost and administrative overhead. Owl Cyber Defense introduced the industry’s first hardware-enforced embeddable security modules in January 2021 and has already received significant interest from device manufacturers and OT operators.

The benefits of using OT data in the cloud are too numerous to ignore. With a new approach to security, based on hardware-enforced solutions, the energy industry will be able to harness the full potential of the cloud in 2021 and beyond.

Scott Coleman Vice President of Marketing

7 Myths About Data Diodes

Not sure what you should believe about data diodes? It’s no surprise—manufacturers of “unidirectional gateways” and other inferior technologies have done their best to create c...
February 19, 2021

The Oldsmar Water System Attack: What It Can Teach Us

Last week’s attack on the Oldsmar, Florida, water system demonstrated that critical infrastructure operations are under constant threat of cyber attacks, and that a successful attack ca...
February 10, 2021
Brian Romansky Chief Innovation Officer

Hardware-Based Filtering: FPGA Security In Action

The vulnerabilities inherent in software-based cybersecurity solutions cause greater concern every year. Due to the fact that any software-based solution relies on a central processing un...
February 8, 2021