Story image

Seven strategies for better SCADA data protection

25 Oct 17

Although supervisory control and data acquisition systems (SCADA) are vital to the operation of a broad spectrum of critical infrastructure including manufacturing, transport and energy networks, they are often open to data loss or cyber crime.

For SCADA to be effective, the computer control systems it relies on must function continuously and avoid downtime.

Yet, SCADA operators face challenges with data protection, and many need to improve uptime and prevent disruption. As SCADA moves from closed to IP-based networks, organisations must prepare better ways of backing up systems and data across on-premises and cloud infrastructure.

Industries that rely on SCADA applications include manufacturing, electricity and gas utilities, telecom and IT, smart cities and industrial automation.

The availability objective for SCADA is typically 99.995% to 99.999%, and failure can cause substantial loss. Since having backup and data protection for this mission-critical data, here are seven strategies for improvement.

Assess backup need First understand how critical it is that SCADA systems and data are backed up. Despite their key role, many escape the scrutiny of enterprise IT systems and operate without backup. Businesses must start by reviewing SCADA data and investigating how it can be protected without downtime.

StorageCraft pre-sales engineer, Karl Thomson, says many legacy SCADA systems still rely on physical computer hardware. “They are often in factory environments subject to dust or dirt, power cleaning and physical damage, but most of all the computers can be old and difficult to replace.”

IT meets OT Since SCADA is used mostly as an operational technology (OT), not an information technology (IT), many system administrators are plant technicians and engineers. This can make it difficult to communicate the importance of data protection initiatives.

With the move to more modern SCADA systems that use IT technologies like Windows, Linux and IP networks, OT staff must be brought up to speed by IT on the need for data protection. Management should organise a SCADA data protection workshop for OT and IT employees and develop an all-inclusive backup plan.

Backups for non-stop operations With most SCADA systems running 24x7, any downtime will have an immediate impact on operations. This continuous operation must be considered when developing a data protection strategy.

SCADA backups must be performed regularly to minimise the risk of data loss and the backup process should allow the system to operate normally. By using backup technology that backs up only disk sectors that change (512 bytes), SCADA servers can be backed up as frequently as every 15 minutes.

SCADA demands security SCADA systems manage critical information that demands the highest security level. Many are isolated from other networks and until recently did not use IP-based networks. The move to IP-based SCADA has allowed organisations to use modern tools and equipment to manage their data.

Look for secure backup technology with multiple encryption options, including AES-256, AES-128 and RC4-128. Do not treat SCADA data security as an add-on. Instead, you have to make sure it’s supported natively by your backup tool.

Efficient hardware-independent recovery Being able to recover data promptly is essential for SCADA operations. Unfortunately, many strategies (and tools) focus on backing up data, but make it difficult to restore it when disaster strikes.

A SCADA data protection plan should include tools that perform the bare metal recovery of a failed server to different hardware and return to production in a short window (typically 20 minutes). The ability to restore to a server in under 30 minutes is a huge time saver and benefit. Other beneficial features include: multiple time-sequenced backups, automated ‘set and forget’ and automatic backup verification.

Prepare for virtual systems With SCADA systems trending towards the adoption of virtual servers, a backup strategy must include working with virtual machines as this is becoming the standard way for on-premises and cloud-based servers to be deployed.

Good backup technology will ensure that protecting virtual servers is as simple as backing up physical machines. Look for options that are consistent for either architecture.

“As more SCADA operations move into virtual environments the requirements for specific hardware are reduced, yet they still require frequent backups without impacting the environment,” Thomson says. “Look for guest snapshotting and built-in VSS support so there is no hang or STUN (Session Transversal Utilities for NAT) impacting the VM during backup operation.”

Off-site and cloud replication Another SCADA trend is the rise in off-site data protection and disaster recovery (DR) options from cloud and managed service providers (MSPs). Many SCADA vendors offer expensive solutions for off-site backups and DR.

But a modern backup tool can offer a cost effective solution by replicating data across a number of infrastructure options. If an organisation can use a cloud service for DR, it might not need to replicate the entire hardware stack.

By Marina Brook, Head of Sales APAC, StorageCraft Asia-Pacific

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Cohesity signs new reseller and cloud service provider in Australia
NEXION Networks has been appointed as an authorised reseller of Cohesity’s range of solutions for secondary data.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.