How to build (hybrid) IT/OT SOC?
We are living in a world where OT systems are no more isolated. With a few exceptions of critical systems, most of the ICS/SCADA systems are now interconnected with IT world to allow remote management, optimization, planning, while designed to operate in isolated manner with no security in mind. This fact contributes to increased number of incidents in the OT world.
Over the time have learnt how to build efficient IT SOC. We now understand how to mix the proper blend of processes, technology and people, to achieve operational efficiency in detecting and responding to incidents. We know it’s crucial to have all the functions participating on detecting and responding to incidents tightly integrated - Detection, Response, Intelligence. We can rely on many established and proven guides and frameworks.
But do the same rules apply to the OT SOC? Not exactly. While some of the (general) principles stay the same, we cannot forget, that in the OT world any action has the kinetic dimension, in case of security incident causing physical damage, injury or death only by simply exploiting the IT system. In the talk we will focus on those specifics and discuss the impacts they have into structure of the team, tooling and techniques and procedures of the defenders in figthing with cyber threats.
Simona Buchovecká is Senior Manager in Cybersecurity & Privacy department in PwC, where she leads Threat Management competency. In PwC she has worked on multiple projects focused on building and running global centres of cyber security monitoring. As a member of global Incident Response team she have also lead Incident Response activities, and worked on improving detection capabilities. Before, she also has worked as regional Information Security Officer, to ensure compliance with security policies, but also supporting the teams across PwC in ensuring security of their solutions.
Before joining PwC she worked as Security consultant and engineer in areas of modern authentication solutions, mobile device security, and solutions for detection of modern threats.
Simona is also leading lectures in areas of network and systems security on CTU, Faculty of Information Technology. She holds CISSP, GCFA and GCFE certifications.