Many grid operators are building up their OT security operations center (SOC). Often the SOC started small with maybe a network-based IDS and some volunteers watching it full-time. But vulnerabilities such as log4j show that there is a need for a stronger operational security capability. Regulators are also starting to require this. Under the network code for cybersecurity, every grid operator will need a SOC with log monitoring, intrusion detection, vulnerability management, and incident response capabilities.
To provide a roadmap for building the SOC, maturity models such as SOC CMM can be helpful. But models developed for IT are not always a good fit for OT. They often assume a large and independent SOC. Many OT organizations instead benefit more from a smaller SOC integrated with the OT operations departments. In this webinar, we would like to explore how SOC maturity models may be adapted to OT.
ENCS members can download the invitations for the operations program webinars here.
Resources: