Operational Technology (OT) environments have undergone significant transformation in recent years, particularly as cloud technologies converge and increasingly displace traditional on-premises industrial control systems. This cloud convergence presents both challenges and opportunities for organizations as they work to improve the security and manageability of their environments.
Recent data indicates a growing acceptance of cloud technologies in OT environments. Approximately 26% of organizations are now utilizing cloud technology in some part of their ICS/OT operations, representing a 15% increase from the previous year, according to the SANS 2024 State of ICS/OT Survey: The State of ICS/OT Cybersecurity.
Several factors notably drive this cloud adoption:
Remote Management: Cloud-based management tools enable 24/7 monitoring and control of OT systems, eliminating the need for on-site personnel.
Data Analytics: Cloud platforms provide powerful tools for analyzing operational data, enabling predictive maintenance and enhancing operational efficiency.
Cost Efficiency: Cloud services can reduce the need for on-premises infrastructure and specialized IT staff, thereby lowering operational expenses.
Daniel Gaeta, a senior security engineer at operational technology (OT/ICS) security advisory and services provider GuidePoint Security, explains that the move to the cloud hasn't been uniform across vertical markets commonly associated with OT/ICS. "Adoption rates vary significantly across sectors, with power generation and other critical infrastructure industries have been more hesitant to embrace cloud technologies due to concerns about reliability, safety, and security," Gaeta says.
Historically, OT systems were designed to be isolated, with a primary focus on reliability and safety rather than cybersecurity. These systems, often running on legacy technology, were built to last decades with minimal changes. However, digital transformation has pushed organizations to connect these previously air-gapped systems to IT networks and cloud environments.
Security Challenges in Cloud-Connected OT
The integration of OT systems with cloud environments introduces several security challenges for OT environments that were traditionally air-gapped and isolated from external networks. Where most security concerns arise, experts say, is with management capabilities moving to the cloud, and if not managed properly, it could provide a potential access point from anywhere in the world.
The convergence of IT and OT through cloud adoption also introduces challenges in visibility, patching, and identity management. Many organizations struggle with basic asset inventory in these hybrid environments, as they are unable to identify all connected devices or understand the components within vendor-supplied equipment. For instance, simply running a vulnerability assessment scan, if proper precautions aren't taken, can cause disruptions. "OT tends to be a lot more sensitive and a lot more subject to the vagaries of network connectivity, making cloud integration particularly risky," says Nigel Gibbons,
director and senior adviser for global cloud security at security advisory and services provider NCC Group.
Additionally, traditional IT security practices often conflict with OT operational requirements—for example, shared usernames and passwords are common in OT environments to ensure immediate access during emergencies, creating significant vulnerabilities when these systems connect to cloud services.
Despite these challenges, cloud adoption offers substantial benefits. Cloud services offer enhanced data collection and analysis capabilities, enabling more efficient monitoring and predictive maintenance. They enable remote access for vendors and staff, reducing response times during emergencies and eliminating the need for constant on-site presence.
If organizations take the security of their cloud and remote monitoring systems seriously and implement mitigations and security defenses around their control systems, they can create more secure, cloud-native applications that leverage modern security features while maintaining operational integrity.
Finally, cloud platforms also offer sophisticated security monitoring tools that can help identify threats more quickly than traditional on-premises solutions, potentially reducing the average 200-day detection time for malicious actors in OT.
Building Better Defenses
Experts agree that cloud-connected OT environments can be secured effectively with the right strategies. Gaeta recommends following the SANS Institute's "Five Security Controls for Industrial Control Systems," which includes having an OT-specific incident response plan, creating a defensible architecture, monitoring networks, implementing secure remote access, and conducting vulnerability management. "The important thing in protecting whether or not there's a cloud element is that OT organizations need to be doing those basics well," Gaeta emphasizes.
The SANS Five Critical Controls
Develop an OT-specific incident response plan
Create a defensible architecture
Monitor networks and traffic
Implement secure remote access
Conduct vulnerability management for field assets
Experts recommend several architectural approaches for securing cloud-connected OT environments:
Data Diodes: These devices ensure information flows in only one direction, allowing cloud systems to receive OT data without creating return paths for potential attacks. "They establish a one-way direction of travel for data, which allows cloud systems to receive OT data, but nothing flows back the other way," explains Gibbons.
Zero Trust Architecture: A zero-trust architecture is particularly valuable for OT environments with legacy systems.
Defensible Architecture: Following frameworks like the Purdue Enterprise Reference Architecture (PERA) can help organizations properly segment their networks. "If you have a defensible architecture, then you have good segmentation in place, and you have an industrial demilitarized zone (DMZ), so nothing gets into the OT production space, whether or not there's dependence on cloud," explains Gaeta.
The integration of cloud technologies with OT environments represents both a significant opportunity and a substantial challenge for organizations across industries. However, by adopting appropriate security measures that leverage industry standards, organizations can realize the benefits of cloud integration while managing the associated risks.
