Organisations are getting wise to the fact that it takes more than the right technology to protect their industrial assets. There’s no option to just ‘set and forget’ – securing industrial or operational technology (OT) requires constant monitoring and management, and it needs to be done by people who know what they’re doing. 

The advantages of a SOC

You may have heard about Security Operations Centres, or SOCs as they’re commonly known. A SOC is a 24/7 security lifeline for your assets.

There are two types of SOCs: IT-SOCs that specialise in common IT systems (servers, desktops and internet-based threats) and OT-SOCs that cover operational technologies such as your critical infrastructure. These SOCs complement each other, exchanging information. A dedicated OT-SOC, though, is your organisation’s safeguard for mitigating and responding to vulnerabilities, analysing security events and improving on security protocols across your plant. 

Given it is the express purpose of an OT-SOC to focus on OT security – and focus on this alone – having a dedicated OT-SOC is vital to any industrial organisation’s cyber security gameplan. Fullstop.

But establishing and running a dedicated OT-SOC is anything but cheap. It’s very expensive. Consider it on the same scale as setting up a new department in your organisation (salaries, entitlements, equipment, etc.) – one that needs to be staffed 24/7 because attacks can and do occur any time of the day or night, outside ‘normal’ 9-5 office hours. Given it’s likely your firm is not in the cyber security game, it’s also an added cost that could leech your daily business of time, labour and finances.

That’s not to say you should cut corners or completely strike a dedicated OT-SOC from your cyber security plan. On the contrary, rises in cyber attacks, changes in legislation and the grave realities of breaches mean SOCs will become even more necessary moving forward, possibly even mandated. Many experts argue that a fully dedicated OT-SOC is the only way you can protect complex industrial networks from the growing threat of cyber attack.

Overcoming the roadblocks to a fully dedicated OT-SOC

Caught in this catch-22 situation, some organisations are giving up or throwing dollars at tokenistic or ‘trendy’ solutions so they can say they’ve at least done something, which is pretty much the same as throwing your money to the wind. But the answer may lie in simply changing your perspective on what a dedicated OT-SOC looks like.

When we say ‘Security Operations Centre’, our minds might conjure images of a physical workspace. However, an OT-SOC is not a ‘centre’ in the literal sense of the word, more figurative. It is a pool of skilled people, so it’s not so much where it’s situated that’s important but who it contains. This means that a dedicated OT-SOC doesn’t have to be on-premises at your organisation. It can be located off-premises, as long as it consists of the right people ie. OT cyber security specialists. As part of this co-sourced arrangement, it can even involve educating and training your people so you can be more effective in any IR response processes required.

Once you’ve got your head around this concept, the question arises: How do I tap into the right people? If you’ve got yourself to this point, that’s half the battle. You now know you need a dedicated OT-SOC, you know that it’s about the people, and you need a solution that gives you access to these people without sinking your organisation under the load. That solution could be a co-sourced, dedicated off-premises OT-SOC. 

The beauty of an off-premises SOC

Investing in a dedicated OT-SOC as an off-premises, co-sourced service is fast-becoming the smart move for industrial organisations that are serious about thwarting and getting on the front foot of cyber security attacks, while creating a fiscally viable and manageable solution for their organisations. 

Considering threats to your infrastructure never take a break, a dedicated, off-site OT-SOC can offer 24-hour coverage at a fraction of the cost of employing people yourself (i.e. five skilled people need to be employed to provide the shift coverage for an around-the-clock roster, with even more required to cover annual leave, training, sick days and so forth). As a managed service, this cost is absorbed in the simultaneous monitoring of multiple clients, so your organisation effectively gets access to premium talent at a reduced charge.   

Additionally, taking your OT-SOC off-premises equates to massive savings in infrastructure; the hardware and software requirements of properly securing and monitoring your facilities.

Of course, the cost is a huge sweetener when it comes to going off-premises – in fact, it could be as much as an 80% cost-saving – but it shouldn’t equate with compromised service. Any worthwhile, dedicated off-premises OT-SOC can rival and exceed in-house capabilities with the quality of the monitoring; weekly, monthly and specific event reporting; education of management with security awareness for funding future security projects and – in the event of an incident – post-incident investigation reports for detailed analysis and migration recommendations to strengthen the resilience of your plant.

This is not a decision that comes lightly but OT security is a serious matter. Thinking about a dedicated OT-SOC as an off-premises managed service changes the game and makes the high level of security that is becoming increasingly necessary accessible to the industrial organisations that need it. Going off-prem is a much easier business case to mount, especially when you consider the consequences of staying vulnerable.

Could now be the time to look at a dedicated OT-SOCs in a different way?

Fully dedicated, off-site OT-SOCs are still thin on the ground. Speak to SIS about how we can provide the kind of elite team of cyber security specialists that is impossible to replicate internally.

Read Next

No one’s doing risk assessments properly. Here’s why.

“The ICS [Industrial Control System] community, as a whole, does not fully understand the extent of the possibilities available to an attacker. The industry must approach the problem of ICS attacks as they do equipment prognostics. It is not a matter of if it will fail, but when it will fail, and the community must...

Don’t believe the hype about integrated IT and OT security SOC

There is a lot of rhetoric spinning around the cyber security industry about integrating information technology (IT) and operational technology (OT) into a centralised Security Operations Centre (SOC) environment. Big IT technology vendors are largely responsible for this rhetoric and of course, they have product to push into the lucrative OT security market.  However, while integrating such...

Contact us to learn more. Follow us for the latest updates


the threat

Protect your critical assets from the threat of cyber attack.

Get in touch with our security specialists.