Seven strategies for better SCADA data protection
Although supervisory control and data acquisition systems (SCADA) are vital to the operation of a broad spectrum of critical infrastructure including manufacturing, transport and energy networks, they are often open to data loss or cyber crime.
For SCADA to be effective, the computer control systems it relies on must function continuously and avoid downtime.
Yet, SCADA operators face challenges with data protection, and many need to improve uptime and prevent disruption. As SCADA moves from closed to IP-based networks, organisations must prepare better ways of backing up systems and data across on-premises and cloud infrastructure.
Industries that rely on SCADA applications include manufacturing, electricity and gas utilities, telecom and IT, smart cities and industrial automation.
The availability objective for SCADA is typically 99.995% to 99.999%, and failure can cause substantial loss. Since having backup and data protection for this mission-critical data, here are seven strategies for improvement.
Assess backup need First understand how critical it is that SCADA systems and data are backed up. Despite their key role, many escape the scrutiny of enterprise IT systems and operate without backup. Businesses must start by reviewing SCADA data and investigating how it can be protected without downtime.
StorageCraft pre-sales engineer, Karl Thomson, says many legacy SCADA systems still rely on physical computer hardware. "They are often in factory environments subject to dust or dirt, power cleaning and physical damage, but most of all the computers can be old and difficult to replace.
IT meets OT Since SCADA is used mostly as an operational technology (OT), not an information technology (IT), many system administrators are plant technicians and engineers. This can make it difficult to communicate the importance of data protection initiatives.
With the move to more modern SCADA systems that use IT technologies like Windows, Linux and IP networks, OT staff must be brought up to speed by IT on the need for data protection. Management should organise a SCADA data protection workshop for OT and IT employees and develop an all-inclusive backup plan.
Backups for non-stop operations With most SCADA systems running 24x7, any downtime will have an immediate impact on operations. This continuous operation must be considered when developing a data protection strategy.
SCADA backups must be performed regularly to minimise the risk of data loss and the backup process should allow the system to operate normally. By using backup technology that backs up only disk sectors that change (512 bytes), SCADA servers can be backed up as frequently as every 15 minutes.
SCADA demands security SCADA systems manage critical information that demands the highest security level. Many are isolated from other networks and until recently did not use IP-based networks. The move to IP-based SCADA has allowed organisations to use modern tools and equipment to manage their data.
Look for secure backup technology with multiple encryption options, including AES-256, AES-128 and RC4-128. Do not treat SCADA data security as an add-on. Instead, you have to make sure it's supported natively by your backup tool.
Efficient hardware-independent recovery Being able to recover data promptly is essential for SCADA operations. Unfortunately, many strategies (and tools) focus on backing up data, but make it difficult to restore it when disaster strikes.
A SCADA data protection plan should include tools that perform the bare metal recovery of a failed server to different hardware and return to production in a short window (typically 20 minutes). The ability to restore to a server in under 30 minutes is a huge time saver and benefit. Other beneficial features include: multiple time-sequenced backups, automated 'set and forget' and automatic backup verification.
Prepare for virtual systems With SCADA systems trending towards the adoption of virtual servers, a backup strategy must include working with virtual machines as this is becoming the standard way for on-premises and cloud-based servers to be deployed.
Good backup technology will ensure that protecting virtual servers is as simple as backing up physical machines. Look for options that are consistent for either architecture.
"As more SCADA operations move into virtual environments the requirements for specific hardware are reduced, yet they still require frequent backups without impacting the environment," Thomson says. "Look for guest snapshotting and built-in VSS support so there is no hang or STUN (Session Transversal Utilities for NAT) impacting the VM during backup operation.
Off-site and cloud replication Another SCADA trend is the rise in off-site data protection and disaster recovery (DR) options from cloud and managed service providers (MSPs). Many SCADA vendors offer expensive solutions for off-site backups and DR.
But a modern backup tool can offer a cost effective solution by replicating data across a number of infrastructure options. If an organisation can use a cloud service for DR, it might not need to replicate the entire hardware stack.
By Marina Brook, Head of Sales APAC, StorageCraft Asia-Pacific