Given the increasing use of cloud-hosted systems to control operational technology, the National Cyber Security Centre (NCSC) has recently published guidance in this area to assist organisations to risk assess and protect these systems.
Operational technology can be defined as technology which interfaces with the physical world and includes Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS). Such systems are increasingly being targeted by threat actors due to the potential for immediate and devasting consequences following a successful cyber-attack.
Areas covered by the guidance include:
- Introduction to ‘cloud-hosted SCADA’
- Threat to SCADA
- Gaining flexibility
- Resilience and scalability
- Remote access improvements
- Centralising authentication, secrets, and key management
- Do you have access to cloud expertise?
- Have you considered the policies and processes required?
- Have you considered the impact of shared services?
- Software suitability for the cloud
- Legacy hardware solutions and hybrid connectivity
- Latency
- Data sensitivity
It is recommended that organisations with operational technology review their cyber risk management arrangements against this new guidance which is available here.
Griffiths & Armour can conduct cyber insurance assessments to aid the understanding of cyber risk exposure to inform the insurance risk transfer strategy. Further cyber risk and cyber incident response guidance supplemented by template policies and plan documentation plus e-learning is available via RMworks, which is available to all Griffiths & Armour clients.
For further information on how Griffiths & Armour can help support your business, please get in touch.
