We’ve previously defined critical infrastructure and detailed why it is critical to every nation. But the very fact that critical infrastructure of all types is essential is also why it is vulnerable to cyberattacks (Full story in OPENSPACE 26 magazine)
If a cyberattack was successful, the effect on the nation’s economy, prosperity, security and societal norms could be huge. As a result, critical infrastructure must be protected. Continuity of service is vital.
The key to protection in any hostile environment is understanding the environment, the adversaries’ motivations, the types of attack and how to respond effectively.
What are SOCs and how can they help critical infrastructure?
Although generally hidden away behind some pretty impressive physical facility, security operations centres (SOCs) are the front line of an organization’s silent battle against cyberattacks.
SOCs exist to provide resilience in the dynamic world of cyber and can play a vital role in protecting critical infrastructure, whether they are dedicated SOCs run by an organization itself or provided as a managed SOC service. Here’s how they work.
A SOC is a place that quietly monitors the cyber landscape and how your organization interacts with it. It detects threats, incursions and attacks. And it provides solutions to ensure that any critical infrastructure – or indeed any organization – continues to function effectively and efficiently in what is a fast-changing environment.
If you’re not entirely sure how a SOC does this, you’re not alone. And although it isn’t always helpful to try to find analogies between the physical and digital security worlds, a broad comparison may help here.
With physical (and electronic) security, the aim is to provide layered and complementary measures to protect key assets. These might include:
- a robust fence line around a facility, along with ‘hardening’ of a building and its access points to stop or slow adversaries
- CCTV and other detection methods to alert and provide situational awareness of a security incident
- some form of control to ensure any response is coordinated and efficient.
A SOC essentially does the same things, but focused on the threat from the cyber world:
- managing the barriers
- monitoring the environment for malicious activity
- enabling situational awareness and understanding of an incident
- applying layered tools to respond to the threat.
Effectively, a SOC can be viewed as all the cybersecurity layers in one dynamic, permanently active location.
It allows organizations of all sizes – from multinationals to the small companies in the critical infrastructure supply chain – to manage the threat and risk of cyberattacks. That SOC can be dedicated or a managed multi-user facility (similar to the managed SOC service we provide), as either will provide a complete solution to the critical infrastructure cyber protection issue, securing those things that matter most to a nation.
6 advantages of SOCs
- The principle difference between cyber and physical security is that the SOC doesn’t have to be – and in fact rarely is – on the site being protected. The ability to provide this kind of security remotely offers a significant advantage because it means organizations don’t need to invest in their own onsite SOC. Instead, they can instead outsource cyber protection without worrying about any increased risk.
- Another advantage of SOCs is the ability to learn from other users. For example, if there is a particular attack vector emerging, details can be shared. This has the benefit of increasing everyone’s understanding of the threat landscape and also of giving advanced warning of any imminent attack.
- A SOC can also provide protection against one of the largest threats in the cyber world – and that’s protection from your own people. This type of cyber threat isn’t usually malicious, but stems from people not using good practice cybersecurity techniques.
- Additionally, if you’re concerned about vulnerabilities from your own supply chain – for example because your suppliers have your IP – then a SOC can be used to monitor this too.
- A managed SOC doesn’t introduce additional vulnerabilities. In any outsourced, multi-user SOC, organizations’ data is kept separate. This ensures there is no possibility of displaced or collateral threat.
- And whether it’s a dedicated SOC or a managed SOC, it should be entirely unobtrusive, quietly protecting an organization from the external threat.
A SOC can therefore secure any critical infrastructure, and indeed any organization, effectively, both inside and out.
Find out more
This blog post is based on an article in OpenSpace 26, RHEA’s thought leadership magazine published in July 2020.
You can read the complete article on how security operations centres can provide cybersecurity for critical infrastructure, along with other features on space, security, quantum computing and more, by subscribing to OpenSpace.