Cybersecurity breaches at various organizations are becoming common news published almost daily. Another trend we can see from ICSPCERT alerts is that security breaches in utilities are also increasing. Irrespective of the size or type of the utility organization, it is important to ensure that there is an appropriate team with right skills and tools to identify, detect and defend against such breaches. Building a dedicated security team that provides SOC (Security Operations Center) functionality for most small to medium sized utility organizations is an expensive proposition. This paper discusses how an existing IT support team can provide SOC functionality to either provide new or enhanced security operations capability for monitoring, detection and remediation of cybersecurity incidents. Topics such as prioritizing Events of Interest/ use cases to monitor and respond for both Operations Technology (OT) and Information Technology (IT) domains are discussed. Although the target audience of this paper is information security managers at electricity distribution and transmission business, any utilities can adopt ideas from this paper to improve security incident response capability.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program