OT SOC for Brown Fields

It will be focused on discussing the objectives, challenges, and solution framework that shall be taken in the journey of setting up the OT SOC for Brown Field sites. It shall demonstrate the scoring templates to arrive at the current state of OT security and based on the scorecard different paths organizations have taken to pave the way up to setting up the 24x7 OT SOC. The entire talk/presentation will revolve around sharing the experiences of having worked on more than 70 ICS/OT security projects in various industry verticals, viz. Pharma, Power Distribution, Manufacturing, Cement, Oil & Gas (Refineries, Crude Pipelines, Midstream), Petrochemicals, Paper & Pulp, etc.

Slides 1-3: Why OT Security is a Hot Topic, and how is it evolving on the horizon, in the next few years with a push/evolution to the Industrial Metaverse?
Slides 4-6: OT Security key challenges faced by most customers, along with the industry-specific (Power Distribution, O&G, Manufacturing, Pharma, Petrochemicals/ “Paper & Pulp”, etc.) challenges. These challenges will be plotted on the spider graphs, and other visual layouts based on learnings and datasets from more than 70 OT security projects, from OT Risk Assessments to setting up the OT SOC.
Slides 7-11: These will include the snapshots of accelerators, templates, open-source tools, technology-specific commercial tools, and the cybersecurity use cases of (a) IT-OT Convergence, (b) OT-IT Infrastructure, and (c) OT infrastructure that may facilitate setting up the 24x7 OT SOC covering the scope of monitoring and Incident Response while most OT Brown Fields lack the defense-in-depth. These will be categorized into Incident Response procedures addressing the context of Threats; violations of the Best Practices based on IEC 62443-3; Risk Modelling of IT-OT & OT Surface with ICS Adversarial Simulations using the TTPs of recent ICS attacks; Anomalies in real-time values of the critical Process Variables. This will be the mainstay of the presentation, with no reference to any Vendor or any company, but only the use of accelerators (templates, score cards, use cases common to OT, use cases specific to O&G, Power utilities, Manufacturing and Process Industry, etc.) that have worked well for most Brown Field customers and that have demonstrated the measurable success.
Slides 12-13: This will tie together the stated objectives, and elements of the 24x7 SOC as covered in Slides 7-11 into a stack of solutions that will comprise visibility, real-time OT risk events monitoring, OT security Incident Response SOPs, and proactive threat management with IT-OT, OT Adversarial Simulations along with building threat monitoring with the YARA rules.

The next section (Slides 14-19) will depict three different case studies. The first one is from a Manufacturing organization with business functions on chains of PLCs; the second is from O& Refinery having complex process plants with a mesh of DCS Systems (both Ethernet & UCN serial plant networks) combined with safety systems on PLCs, and the 3rd is based on the Power Distribution company with deployments of RTUs, FRTUs (connecting over GSM/4G/LTE) PLCs, and SCADA. As the OT Landscape and Automation are different each of these Industry specific ICS/OT systems, they have different complexities, therefore, these have a different set of challenges over and above the common issues, when they walk the path of OT Security. Each of these case studies will describe, the solution journey (in timeline view) as discussed in slides 7-13. Real datasets will be used in these case studies, after sanitizing customer confidentiality and non-disclosure obligations.
Slide 14-15: Case Study-1: 24x7 Network Situational Awareness for a Pharma Company with 9 Plants
Slide: 16-17: Case Study-2: 24x7 SOC for an Oil & Gas Refinery Company with 10 Refineries
Slide: 18-19: Case Study-3: 24x7 SOC for Power Distribution Company with MCC, BCC, and 80+ Substations (400/630/1100 KVA).
Slide: 20-21 Recap