The term ‘cyber resilience‘ is the ability to adapt to disruptions caused by cyber security incidents – using detection, management and recovery tactics – while maintaining continuous business operations. It’s a term that’s being bandied about a lot nowadays but with good reason: a recent Fortinet worldwide survey observed that 93% of survey respondents had experienced at least one cyber intrusion within a 12-month period, while 73% admitted to three or more.
For those organisations with OT or industrial assets, strengthening cyber resilience requires a unique set of protocols and procedures, as well as highly specialised personnel with the skills to align the priorities of engineering/operations with those of IT. And it cannot be a set-and-forget approach – continuous monitoring, simulation, incident response and so forth is as important as putting the ‘locks on the doors’. So how do you bring all this together? With a Security Operations Centre (SOC) specifically for your operations tech.
Whether your OT SOC is on-premises or off-premises depending on your business requirements, consider your SOC to be the ongoing line of defence when it comes to giving your industrial assets or critical infrastructure the protection they so rightly need.
A good analogy for understanding the role of an OT-SOC in creating cyber resilience for your organisation is that of a bank. Just as a bank will have all the necessary physical infrastructure in place – such as state-of-the-art locking systems, safes and safety deposit boxes for cash and other valuable items, security grilles for tellers, etc – they will also have an added layer of resilience to protect against attack. This layer includes aspects like CCTV, alarm systems, video monitors and all the ongoing security details that are readied, in case of a robbery, to deter but also provide information for a post-event autopsy.
With such security, the bank does what it can to keep the robbers out, but it also doesn’t labour under the pretence of having constructed a virtual Fort Knox; it’s as much about how you mitigate damage and respond to breaches if, and when, they occur. The response includes what you learn from any given event, and how you then put these learnings into practice to further protect your organisation moving forward. That’s what an OT-SOC does.
A specialist partner to run your OT-SOC, one who understands the often-misunderstood requirements of critical infrastructure, can function as the missing link in your cyber resilience and ensure your guard is never let down. The functions of a properly managed and maintained OT-SOC look like this:
Incident response readiness is being fully prepared to respond to an incident, and then contain, eradicate and recover from the attack. Using our bank analogy, you could consider this the equivalent of activating the shutters, notifying the police, calling for backup, securing the safes… all those little details. It’s about creating a plan for readiness.
Incident response and digital forensics means the preparation of ‘first responders’ to security incidents targeting your organisation, and the ‘autopsy’ of any event once it has occurred. By responding with speed and precision, data loss and production downtime is minimised, with an aim of confidently ensuring ‘business as usual’ even when under attack. Similarly, any disruption from security incidents should be minimal with swift recovery.
Vulnerability management means identifying and mitigating the potential vulnerabilities impacting your organisation’s security. This is when a company needs to be honest with itself in determining where weaknesses lie, and how to strengthen those weaknesses.
Threat intelligence is creating a threat profile of your organisation according to the threat actors active in your region, nation and industry of operations. This involves knowing your position in the threat landscape and, therefore, knowing how to prepare yourself for potential attacks. Consider it like a SWOT analysis for cyber security.
Threat hunting involves developing a tailor-made threat hunting program for your organisation using the MITRE ICS ATT&CK framework. This means proactively looking for the presence of threat actors in your network and then providing a written report on that activity on a monthly or quarterly basis.
Attack simulation is a role-playing scenario where attack drills are conducted to measure your organisation’s detection maturity and consequent capability. This ultimately results in increased detection abilities, especially in combatting advanced, persistent threats.
Fortifying your organisation with an OT-SOC is something you don’t have to do alone. In fact, most organisations find it far more effective – in terms of both cost and outcome – by partnering with a specialist firm to handle the requirements of 24/7 OT-SOC all-year round. By outsourcing your SOC, you can let your partner take care of your cyber resilience while you and your people get on with what you know and do best: your daily business.
SIS has the enhanced services and expertise to take your cyber resilience to the next level. Speak to us today.