There have been a lot of research exertions and studies to improve the safety of critical infrastructures using the Security Operations Center (SOC). As part of efforts, the purpose of this research is to propose a fr...There have been a lot of research exertions and studies to improve the safety of critical infrastructures using the Security Operations Center (SOC). As part of efforts, the purpose of this research is to propose a framework to automate the SOC’s performance of triage, containment and escalation. The research leveraged on qualitative desk review to collect data for analysis, deduced strengths and weaknesses for the current SOC implementations and used that as a basis for proposing the framework. In view of the constant evolution of SOC operations and capabilities coupled with the huge volumes of data collected for analysis, an efficient framework for SOC operations is proposed. The qualitative analysis is used to deduce strengths and weaknesses for the current SOC implementations as a premise for proposing the framework. It consists of eight interactive stages that further leverage on a proposed algorithm for baselining, remediation and escalation. The result of this research is a proposed framework that serves as a unique contribution to enhancing the SOC’s ability to automatically perform triage, containment and escalation. Supplementary to similar and earlier work reviewed, the framework is proposed as the way forward to automatically enable SOC setups with the capacity to efficiently perform triage of security threats, vulnerabilities and incidents, effectively contain identified breaches and appropriately escalate for prompt and accurate solutions.展开更多
Advanced intelligent or "smart" meters are being deployed in Asia. A result of deployment of smart meters, with associated equipment, is the electric power industry faced with new and changing threats, vulnerabiliti...Advanced intelligent or "smart" meters are being deployed in Asia. A result of deployment of smart meters, with associated equipment, is the electric power industry faced with new and changing threats, vulnerabilities and re-evaluate traditional approaches to cyber security. Protection against emerging cyber-security threats targeting smart meter infrastructures will increase risk to both the utility and customer if not addressed within initial rollouts. This paper will discuss the issues in SMI (smart meter infrastructures) deployments that pertain to cyber security. It will cover topics such as the threats to operations, infrastructure, network and people and organization and their associated risks. SMI deployments include not only the smart meter, but also the interfaces for home energy management systems as well as communication interfaces back to the utility. Utilities must recognize and anticipate the new threat landscape that can attack and compromise the meter and the associated field network collectors. They must also include threats to the WAN (wide-area-network) backhaul networks, smart meter headends, MDMS (meter data management systems) and their interfaces to CIS (customer information systems) and billing and OMS (outage management systems). Lessons learned from SMI implementations from North America, Europe and recently, Japan, will be discussed. How white-box and black-box testing techniques are applied to determine the threat impact to the SMI. Finally, organizational change risk will be discussed and how utilities have responded to re-organizing and developing a security governance structure for the SMI and other smart grid applications.展开更多
文摘There have been a lot of research exertions and studies to improve the safety of critical infrastructures using the Security Operations Center (SOC). As part of efforts, the purpose of this research is to propose a framework to automate the SOC’s performance of triage, containment and escalation. The research leveraged on qualitative desk review to collect data for analysis, deduced strengths and weaknesses for the current SOC implementations and used that as a basis for proposing the framework. In view of the constant evolution of SOC operations and capabilities coupled with the huge volumes of data collected for analysis, an efficient framework for SOC operations is proposed. The qualitative analysis is used to deduce strengths and weaknesses for the current SOC implementations as a premise for proposing the framework. It consists of eight interactive stages that further leverage on a proposed algorithm for baselining, remediation and escalation. The result of this research is a proposed framework that serves as a unique contribution to enhancing the SOC’s ability to automatically perform triage, containment and escalation. Supplementary to similar and earlier work reviewed, the framework is proposed as the way forward to automatically enable SOC setups with the capacity to efficiently perform triage of security threats, vulnerabilities and incidents, effectively contain identified breaches and appropriately escalate for prompt and accurate solutions.
文摘Advanced intelligent or "smart" meters are being deployed in Asia. A result of deployment of smart meters, with associated equipment, is the electric power industry faced with new and changing threats, vulnerabilities and re-evaluate traditional approaches to cyber security. Protection against emerging cyber-security threats targeting smart meter infrastructures will increase risk to both the utility and customer if not addressed within initial rollouts. This paper will discuss the issues in SMI (smart meter infrastructures) deployments that pertain to cyber security. It will cover topics such as the threats to operations, infrastructure, network and people and organization and their associated risks. SMI deployments include not only the smart meter, but also the interfaces for home energy management systems as well as communication interfaces back to the utility. Utilities must recognize and anticipate the new threat landscape that can attack and compromise the meter and the associated field network collectors. They must also include threats to the WAN (wide-area-network) backhaul networks, smart meter headends, MDMS (meter data management systems) and their interfaces to CIS (customer information systems) and billing and OMS (outage management systems). Lessons learned from SMI implementations from North America, Europe and recently, Japan, will be discussed. How white-box and black-box testing techniques are applied to determine the threat impact to the SMI. Finally, organizational change risk will be discussed and how utilities have responded to re-organizing and developing a security governance structure for the SMI and other smart grid applications.
