The secrets to integrated security (they're mostly people problems, says EPRI)
Quick Take: An integrated security operations center (ISOC) gathers alarms and logs from all of a utility's relevant systems, including SCADA, EMS, historians, corporate systems, physical security systems and more.
The Electric Power Research Institute is out with a report on the initial steps of setting up an ISOC. Some of those steps involve choosing between different technical architectures. But as you will read in the summary below or in the full report, many of the challenges relate to people and organizational issues. - By Jesse Berst
Guidelines for Planning an Integrated Security Operations Center
This report describes strategies and guidelines for utilities to plan and implement an Integrated Security Operations Center (ISOC) that includes corporate systems, control systems, and physical security. Currently, multiple groups and operators independently gather and analyze information from a datacenter, workstation networks, physical security, supervisory control and data acquisition (SCADA) systems, energy management systems (EMS), historians, and field equipment. Data is also collected and analyzed from Computer Emergency Readiness Teams (CERTs) and Information Sharing and Analysis Centers (ISACs). Correlating this data to find suspicious activity can be extremely challenging and often only occurs long after an incident happens.
An ISOC is designed to collect, integrate, and analyze alarms and logs from these traditionally siloed organizations, providing much greater situational awareness to the utility’s security team. Additionally, an ISOC allows utilities to transition to an intelligence-driven approach to incident management, which is much more effective for handling advanced threats. Because of these advantages, creating an ISOC may provide significant value to utilities. However, building an ISOC requires significant technical resources, staff, and time.