DHS Guide: Risks to Critical Infrastructure Using Cloud Services

Risks to Critical Infrastructure That Use Cloud Services

Page Count: 1 page
Date: March 2017
Restriction: Distribution Restricted
Originating Organization: Department of Homeland Security, Office of Cyber and Infrastructure Analysis
File Type: pdf
File Size: 293,414 bytes
File Hash (SHA-256): 92D9AC60FF0F215988A738B9339D7A87E4C11FD431277A7856D5D576FDEF7FAB

Download File

Cloud services offer a number of benefits such as scalability, high availability, and decreased ownership cost. As a result, owners and operators in several critical infrastructure sectors such as Communications, Energy, Financial Services, Information Technology, and Transportation Services have migrated in-house computing resources to cloud infrastructures. However, cloud service environments still possess many of the same potential vulnerabilities associated with internally hosted environments, as well as additional exploits to virtual systems or networks. Owners and operators of critical infrastructure need to fully understand the risk environment as they address current cloud services and consider additional migration.

Key Findings

Although cloud services and physical information technology infrastructures are vulnerable to some common attack vectors, such as Denial of Service attacks, cloud services are also potentially vulnerable to a number of unique attack vectors such as Hyperjacking. When a vulnerability is exploited, cloud service providers are often reluctant to provide incident details except what is explicitly identified in the Service Level Agreement, making incident response difficult at times.

More rigorous security standards and development of “best practices” are necessary to assist critical infrastructure providers in understanding and managing risks to cloud-based services.

Government and industry information technology owners and operators should consider the risks and fully vet cloud service providers before adopting or expanding current cloud-based services.

Share this: