With increasing digitalisation of industrial systems and connectivity to corporate networks, many organizations have established OT SOCs dedicated to protecting industrial control systems. To achieve this goal requires OT SOC operating effectively in detecting and responding to cyber threats and incidents. However, there are uncertainties as to what resources and skills are necessary for effective operations.
This paper outlines services provisioned by OT SOCs as well as the necessary skills for these services, categorized by increasing capability and proficiency levels. Grid operators can use this paper as a guide to address gaps in their OT SOCs based on their needs.