Grid operators need to react to security developments quickly .When new vulnerabilities are
found, they need to quickly patch, or take other measures. When they suspect there is an
incident, they need to quickly analyze, and respond to it. Existing security staff for operational
technology (OT) systems manages long-term risks. Grid operators also need a security
operations team that can react in the short term.
But how should this security operations team be organized? Who should be responsible? What
needs to be done internally, and what can be outsourced? What skill does the team need?