Share these talks and lectures with your colleaguesInvite colleagues
Security monitoring strategies for your OT infrastructure
Cyber security threats are an ever-increasing risk to industrial control systems (ICS). Therefore, by considering the impact of cyberattacks as part of improvements in operational technology (OT) infrastructure resiliency serves the ultimate goal of minimising production downtime. In order to achieve this, organisations should consider flexible and innovative security monitoring strategies as well as a security operations centre (SOC). Having security monitoring mechanisms and a SOC function benefits the OT infrastructure in multiple ways, including incident response management, threat and vulnerability management, asset inventory and management, network flow monitoring, security logs monitoring and correlation, as well as the core function of defence against cyberattacks. This paper demonstrates the best practices for security monitoring and protection used by different industry sectors and explains security monitoring tools and their special features, as well as how these monitoring tools are integrated within the SOC. The paper then illustrates the baseline design for building a SOC for OT infrastructure and what needs to be considered when implementing an OT SOC, including data onboarding from OT infrastructure, SOC use cases development, and other SOC functionalities such as vulnerability and risk management, malware detection and other features. The paper aims to benefit the OT security community by providing a general guidance, future vision and required information to build a functional security strategy for critical national infrastructure (CNI) by considering the security life cycle starting from monitoring, through detection, to response and reporting.
The full article is available to institutions that have subscribed to the journal.
Mohammad Jbair acts as a senior operational technology (OT) security consultant within the OT team at Airbus CyberSecurity and currently is completing a PhD in ICS security and manufacturing systems at Warwick University, UK. He has extensive experience in OT security consulting over approximately 10 years in industrial automation control and safety systems in different industrial sectors. His main areas of expertise including OT security assessments, risk management, industrial control system (ICS) security design, IT/OT integration and ICS security monitoring and management, as well as experience in Industry 4.0 and smart factories’ cyber security. Prior to joining Airbus, Mohammad was employed by Siemens as an OT security consultant, focused on securing critical national Infrastructures; prior to that he worked as a control system engineer for the system integrator company Silvertech. Mohammad has undertaken large-scale projects and is experienced in managing engagements to deliver according to international standards to maximise added value and achieve clients’ expectations.