WP-041-2018: Risk-based use cases for OT monitoring

A catalogue of monitoring detection activities for OT systems linked to threats.

This document proposes a risk-based approach to OT security monitoring. Detection activities are presented to detect different stages of an attack:

  1. Vulnerability management activities find and fix vulnerabilities before attackers can exploit them
  2. Misuse detection activities look for signs of the exploits.
  3. Access monitoring activities look for unauthorized access by attackers once they have gained valid access.
  4. Reviewing access logs activities look for unauthorized steps taken by attackers once they have accessed a system.

Each of the detection activities is linked to threats. In this way, grid operators can select the most effective activities based on a risk assessment. Detection activities can be chosen to mitigate the highest risks and complement preventive measures.

Download this document (ENCS members only)

Employees of ENCS members can download the document by entering their e-mail address below. A link to the document will be sent to the address.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.