Why SOCs are not comprehensive enough for ICS cyber security

I had a call with a utility senior manager responsible for physical security. The utility operates a security operations center (SOC) and the cyber and physical security operations are in close contact. This is a good plan for IT cyber security where cyber forensics exists and cyber threats can be identified. However, for ICS cyber security, there is a gaping hole. The hole is there are significant shortcomings in ICS cyber forensics. This disconnect can be seen in most cyber security surveys including the 2016 DHS ICS-CERT Summary that focus on networking issues not ICS field device-related incidents. As there are no cyber security or cyber forensics, in process sensors, it is often not possible to tell the difference between an unintentional incident versus a cyber attack. Yet, the impact could be the same. Because of the organizational disconnect, the SOC generally is not informed when system upsets occur and operational personnel are not trained to identify upset conditions as possibly being cyber-related. Therefore, the SOC is generally unaware of process upsets or outages that could be cyber-related. Yet, ICS cyber security is cross-functional and needs to be treated that way. Currently, it is the exception rather than the rule when Operations, cyber security, physical security, and risk management organizations coordinate. For this reason, I supported the International Atomic Energy Agency (IAEA) to provide scenario-based training for nuclear plant operations personnel to identify potential cyber incidents that were not malware-related to understand when to coordinate with IT. The bottom line is that for ICS cyber security Operations, cyber security, physical security, and risk management organizations need to coordinate and training is required for Operations to know when to work with IT Security following upset conditions.

Joe Weiss

Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.

Comments

  • I had a call with an utility senior supervisor in charge of physical security. The utility works a UK Essay security operations focus (SOC) and the digital and physical security operations are in close contact. This is a decent arrangement for IT digital security where digital crime scene investigation exists and digital dangers can be recognized. Notwithstanding, for ICS digital security, there is a vast hole.he main concern is that for ICS digital security Operations, digital security, physical security, and hazard administration associations need to organize and preparing is required for Operations to know when to work with IT Security following bombshell conditions.

    Reply

  • The opening is there are huge deficiencies in ICS digital legal sciences. This distinction can be seen in most digital security reviews including the 2016 DHS ICS-CERT Summary that emphasis on systems administration issues not ICS field gadget related episodes. As there are no digital security or digital crime scene investigation, Coursework Writing Services in process sensors, it is frequently impractical to differentiate between an unexpected episode versus a digital assault.

    Reply

RSS feed for comments on this page | RSS feed for all comments