BalCCon2k15 - Shah Sheikh - Building a Cyber Security Operations Center for SCADA ICS

Watch on YouTube

Show annotations

2,389

15

0

Genre: Science & Technology

Family friendly? Yes

Wilson score: 0.7961

Rating: 5.0 / 5

Engagement: 0.0063%

BalCCon - Balkan Computer Congress

Subscribe | 759

Shared October 18, 2015

Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.
In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.

Abstract: Modern day cyber threats are ever increasing in sophistication and evasiveness against Process Control Networks. Organizations in the industry are facing a constant challenge to adopt modern techniques to proactively monitor the security posture within the SCADA infrastructure whilst keeping cyber attackers and threat actors at bay.

In this presentation we will cover the fundamental building blocks of building a SCADA cyber security operations center with key responsibilities such as Incident Response Management, Vulnerability and Patch Management, Secure-by-design Architecture, Security Logging and Monitoring and how such security domains drive accountability and act as a line of authority across the PCN.

An anonymized case study will be presented along with proven implementation methodology.
1. SCADA Security Primer and the need to Build a SCADA CSOC.
2. SCADA SOC 2.0 and its components to form an eco-system.
3. SIEM 2.0 – Log Collection, Log Aggregation, Security Analytics and Correlation.
4. SCADA specific Contextual Threat and Use Cases and Situational Awareness
5. Building Threat Intelligence and early warning detection system within your command center.
6. SCADA SOC Processes, Procedures and Workflows.
7. SCADA SOC Incident Response Handling
8. Cyber Incident Offense Management
9. SCADA Cyber SOC vs. Security Assurance Levels