A New Paradigm: OT Security and Data in the Cloud

image credit: © Nataliia Mysik |
Brian  Romansky's picture
Chief Innovation Officer Owl Cyber Defense

Creating business value through innovation and delivering new products to new market segments are at the core of my professional development. I have a strong emphasis on a user centered approach...

  • Member since 2020
  • 18 items added with 17,317 views
  • Feb 5, 2021

This item is part of the State of the Industry 2021 SPECIAL ISSUE, click here for more

Many industries have seen significant improvements in operational efficiency and reduced downtime by adopting advanced analytics and optimization algorithms that run on cloud services. Power generation and distribution networks, however, have been slow to adopt this new technology due to well-justified concerns over the security and regulatory compliance of external connections.

The adoption of hardware-enforced security technology to deliver data to the cloud can help the industry accelerate adoption of cloud services, without the need for complex network analysis, and while fully meeting all regional and federal regulatory requirements. Equipment vendors are starting to explore the integration of this technology directly into their new designs to enable advanced support and maintenance services that are driven by real-time machine data. 

Is it safe to connect?

Conventional wisdom dictates that OT devices–sensors, programmable logic controllers, SCADA devices, and so on–should not be connected to external networks. And for good reason. A successful cyber attack on a device at the lower levels of the OT network can have consequences far more serious than the financial damage that follows a typical security breach.

But as the industrial internet of things continues to evolve and cloud providers continue to add new capabilities, the case for sending OT data to the cloud becomes more compelling. 

Machine vendors to the industrial market are beginning to offer enhanced support and services that depend on connected equipment–services like predictive maintenance, planned downtime, and data-driven failure analysis. These services require that data flows directly from machines in the plant back to the manufacturer’s cloud service so they can monitor and analyze the data. For energy companies, there are enormous benefits to be gained from these services, and from other use cases that depend on centralized, real-time visibility into device status and performance. The question is how to achieve that visibility without exposing the connected devices to attack.

Hardware-enforced security

The answer is hardware-enforced security technology that allows data to travel out of the facility to the cloud, without providing a path back inside that could be exploited by threat actors. 

Data diodes and hardware-enforced protocol validation technology do exactly that. Inside an optical data diode, data follows a one-way path–through an optical transmitter, across a fiber optic cable, and into an optical receiver–that allows no possibility for data to travel in the opposite direction. Protocol validation that is implemented in hardware cannot be modified or disabled by malicious software.

No software-based firewall can provide the same level of assurance, which is why many organizations now require a hardware-based security for any use case that involves data from an OT device being sent to the cloud.

GE and Microsoft pioneered the use of cloud-based OT monitoring and analytics several years ago, using data diode technology from Owl Cyber Defense to protect the data. The concept is now catching on with more organizations. With an OT-to-cloud data flow, protected by hardware-enforced security technology, energy companies can optimize plant performance and device maintenance, thereby reducing operating expenses and delivering more value to consumers and business customers. 

On the horizon: embedded security technology

As adoption of hardware-based security accelerates, a new technology will make it even easier for device manufacturers and asset owners to protect their OT devices.

Embedded cybersecurity technology–security hardware that’s built directly into OT devices–offers an ideal solution for managing the growth of the IIoT and the need to share data securely. Embedded security modules provide maximum assurance for critical OT data, while reducing cost and administrative overhead. Owl Cyber Defense introduced the industry’s first hardware-enforced embeddable security modules in January 2021 and has already received significant interest from device manufacturers and OT operators.

The benefits of using OT data in the cloud are too numerous to ignore. With a new approach to security, based on hardware-enforced solutions, the energy industry will be able to harness the full potential of the cloud in 2021 and beyond.

Matt Chester's picture
Matt Chester on Feb 5, 2021

Thanks for sharing, Brian-- what would you say is the biggest difference in attitude or approach between the utilities that are furthest along in adopting the cloud and those that haven't even started that transformation? What's the difference that's holding back the laggards? 

Brian  Romansky's picture
Brian Romansky on Feb 12, 2021

Concerns over security is certainly a key factor that is holding back many of the laggards. We often hear of utilities who realize that cloud analytics can greatly help improve their operations yet they view cloud connectivity as a complex project that will require extensive architectural changes and new equipment. Many early adopters recognize that a hardware-enforced one-way transfer solution is a safe way to deliver plant data to the cloud without introducing significant risk to OT operations. This approach can greatly simplify integration and reduce the time needed to achieve a positive ROI on an investment in cloud-based analytics and monitoring.

Matt Chester's picture
Matt Chester on Feb 12, 2021

Makes sense, appreciate the follow up!

Brian  Romansky's picture
Thank Brian for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »