More frequent, faster, and more dangerous: With increasing cyber attacks on industrial plants, the question of how to protect production from internet-based threats becomes increasingly important for operators. The premier league of cyber defense is a Security Operations Center – but only if its team is equally proficient in cybersecurity as well as technical processes and industrial control systems.
Cyber threats become an immediate danger to industrial plants as soon as they connect directly or indirectly to the internet. This is happening rapidly due to advancing digitization and networking towards Industry 4.0. Consequently, Operational Technology (OT) networks are no longer isolated islands but are becoming increasingly vulnerable through interconnected system components.
The most effective form of cyber defense is a Security Operation Center (SOC). It’s comparable to a command center that monitors IT and OT across all levels of a company with a 360-degree view. This involves integrating all security-relevant systems of a company and analyzing them with processes, technical tools, and cybersecurity experts. While SOCs have long been established in the IT world, they pose a new challenge for OT. Common software solutions for protecting IT products cannot simply be implemented in OT because, for example, they do not speak the same language as plant controls and do not understand their industrial protocols. Another problem for cybersecurity is the long lifecycles of industrial plants, whose older operating systems are no longer supported by security updates.
A security concept that considers both IT and OT requires not only comprehensive knowledge in IT security but also a deep understanding of OT infrastructures and their automation, process, and network control technology. This expertise, possessed by telent through years of support for communication and data networks, particularly in Critical Infrastructure (KRITIS) environments, is consolidated by the systems integrator in its new SOC for IT and OT. The technical foundation is the cybersecurity platform of the European specialist Radar Cyber Security, which automatically checks both areas for security issues. The SOC team verifies the results in the context of specific detection scenarios, individually defined for each customer in advance. Since the SOC is modular, companies not subject to the strict requirements of the KRITIS sector can select from a wide range of Managed Services to gradually increase their security level according to their needs.
A Security Information and Event Management (SIEM) supports the SOC team in monitoring. It includes the Security module “Log Data Analytics” (LDA), which automatically categorizes and analyzes thousands of log data entries for their security relevance. However, expertise is needed to distinguish false alarms from real ones among the countless anomalies. Other security modules such as “Vulnerability Management & Compliance” (VMC) scan the entire IT/OT infrastructure for security vulnerabilities, while “Network Behavior Analytics” (NBA) detects dangerous malware and anomalies. The integrated security solution “Endpoint Detection & Response” (EDR) captures data from endpoints in IT and OT. The SIEM not only accesses IT assets, as usual, but also OT asset log data such as control systems, PLCs, and sensors thanks to a passive OT monitoring solution. The Advanced Correlation Engine consolidates all information for comprehensive risk detection.
Large companies often have sufficient personnel and financial resources to establish an in-house SOC. For smaller and medium-sized enterprises, it is more efficient to purchase SOC services externally – also as an audit-compliant solution that meets the requirements of the IT Security Act 2.0. A real added value in a SOC specialized in both IT security and OT infrastructures is created by the interdisciplinary team, which deals with cybersecurity on a daily basis and is well-informed about current developments.!
René Odermann
Head of Sales & Business
Development Cybersecurity
telent GmbH
