Security Operations Center
Providing cyber security in energy sector
Society as we know it is heavily dependent on technology. By protecting technological solutions, we protect people, their rights and property. But with the development of society and technology, also security paradigms are changing.
Automation, informatization, cybernetization and digital transformation of the business model bring many opportunities for companies. Unfortunately, they also bring risks and vulnerabilities that need to be managed effectively so as not to jeopardize the company’s operations. Therefore comprehensive risk management is extremely important for the company as well as for the ecosystem in which the company operates.
Cyber security is one of the areas of information security that overlaps with other aspects of security, such as physical, fire, digital, computer security, etc. Despite the division of security into areas, a holistic approach is necessary, as in practice attack vectors are not limited to just one area. Such an approach is not egoistic in nature, as it is based on cooperation in order to protect all stakeholders – in addition to the safety of an individual company, it makes sense to ensure the safety of all companies in the chain.
In the critical infrastructure ecosystem, energy is the second most exposed industry. Trends of intensive business digitalization and integration of operating and business systems increase exposure to cyber-attacks, so it is not only important but also necessary for energy stakeholders to establish a system of effective protection against cyber-attacks.
Threats of cyber-attacks for various areas of energy operations:
Disruption of service and ransomware attacks against power plants and clean-energy generators.
Root cause: Legacy generation systems and clean-energy infrastructure designed without security in mind.
Large-scale disruption of power to customers thru remotely disconnecting services.
Root cause: Physical security weaknesses allow access to grid control systems.
Disruption of substations that leads to regional loss of service and disruption of service to customers.
Root cause: Distributed power systems and limited security built into SCADA systems.
Network to users
Theft of customer information, fraud and disruption of services.
Root cause: Large attack surface of IoT devices, including smart meters and electric vehicles.
Active protection is necessary
Classic security solutions for passive protection of computer systems and information services are no longer sufficient. With the rapid development of technology and its widespread use, as well as due to changed patterns of operation of business and organizational systems and society in general, we are facing new threats and risks. Active security solutions that detect a cyber threat before it materializes are needed, as offered by Security Operations Centres (SOCs).
For this purpose, we have established a functioning SOC, which already monitors security events for several companies in the energy sector as part of the proof-of-concept activity. Based on this, triage and incident analysis are performed, as well as the production of regular and ad-hoc reports. We are convinced that without operational centres that work effectively together, it will soon not be possible to ensure a sufficient level of security.
It’s time to act
Informatika’s experts in cooperation with domestic and foreign experts can help establish a modern system of active protection against cyber and other threats that may occur in business. Such protection was based on the key services of the Security Operations Centre:
- detecting and dealing with cyber security incidents,
- detection of vulnerabilities in information systems,
- conducting intrusion tests,
- establishment of bait systems,
- threat modelling,
- source code verification,
- checking for the presence of malicious code and analysing it,
- defining security starting points for information systems,
- reporting incidents to stakeholders and
- awareness raising and training.
VOC ensures compliance with the legislation, damage reduction in the event of an incident and support for the business continuity of the company. Pooling around the sector security operations center ensures the establishment of domain-specific security methods that are more industry-specific and therefore more effective. We are using the latest technological solutions and top products from leading global manufacturers in building our SOC.
Why choose SOC by IINFORMATIKA?
- Decades of experience in developing, maintaining, renovating, and protecting of information systems.
- Deep insight into the energy sector.
- Adhering to ISO 27001 standard.
- Adaptation of the solution to the individual client.
- Flexibility of horizontal and vertical integration into the SOC.
- Hybrid approach.
- Collaboration with other security centers and stakeholders.
- Broader view and use of advanced security analytics.