Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Cloud Security and Encrypted OT Traffic: Safeguarding Critical Infrastructure

Published 04/13/2023

Cloud Security and Encrypted OT Traffic: Safeguarding Critical Infrastructure

Written by Keith Thomas, Principal Architect, AT&T Cybersecurity Consulting.

As Operational Technology (OT) systems increasingly connect and use cloud-based services for daily operations, securing the encrypted traffic between OT systems and the cloud is crucial.

This article provides an understanding and techniques for monitoring and protecting OT systems that send encrypted traffic to the cloud.

Challenges with Encrypted OT Network Traffic

OT systems using various encryption techniques can pose multiple challenges for monitoring and protecting encrypted traffic. These challenges include sensitivity to traditional network traffic analysis tools, complexity in decrypting traffic, inability to install endpoint detection tools, and the use of private certificates that hinder deep packet inspection.

As monitoring encrypted OT network traffic can be challenging when actively decrypting and inspecting it, the following technologies can be used to passively monitor and analyze data sent to the cloud: Intrusion Detection Systems (IDS), Network Traffic Analysis Tools, and Deep Packet Inspection (DPI).

These techniques help security personnel identify potential security threats, such as unusual traffic volumes, patterns, network connections, malicious payloads, or certificate mismatches.

In order to securely store, process, and analyze OT telemetry data in the cloud, businesses have begun leveraging cloud computing resources.

Securing these types of OT data in the cloud can be a complex process that requires careful planning and implementation. In addition to monitoring and analyzing network traffic, additional practices like implementing strong access controls, encrypting data in transit and at rest, using secure cloud providers' capabilities, segmenting OT networks, monitoring OT systems for anomalies, performing regular security audits and testing, and training personnel on security best practices help organizations ensure the security of OT systems and protect cloud environments and sensitive data.

It is concluded that monitoring encrypted OT traffic sent to the cloud is essential to protecting critical infrastructure and ensuring the security of sensitive data. By focusing on cloud security, leveraging passive monitoring techniques, and implementing best practices, organizations can identify potential security threats and take appropriate action to mitigate risks.


About the Author

Keith Thomas serves as a Principal Architect for AT&T Cybersecurity Consulting and has over 25 years of technology experience with a proven track record in planning and implementing large and enterprise scale cybersecurity projects with Fortune 50 companies.

Share this content on your favorite social network today!