Introducing the Critical Infrastructure Secure Operations Centre (CI-SOC): Security Monitoring when it really matters.
By Glenn Ambler
Existing security monitoring methods are not always robust enough to safeguard complex Critical National Infrastructure (CNI). Recognising this gap, our expert team embarked on an ambitious project to develop a ground-breaking solution: the Critical Infrastructure Secure Operations Centre (CI-SOC).
The imperative for enhanced security
The need for CI-SOC stems from the constraints present in traditional security monitoring services, designed for standard corporate IT environments, that often lack the focus required for high threat CNI, ICS and OT. An example of a requirement for CI-SOC might be a control network for a utilities company, or critical components of a telecoms network.
The challenge of using traditional Security Monitoring techniques
The existing models of security monitoring reveal several challenges:
- It’s not always possible to link to IT/OT Cloud-based SIEMs
- Focus on standard IT environments, ignoring the nuances of critical infrastructure.
- Potential misuse by employees, whether intentional or accidental.
- Dependence on pre-set rules set by the vendor that may not align with an organisation’s needs.
- A lack of validation for injection based attacks from external less trusted data.
These weaknesses underscore the need for a more robust and tailored approach to security for critical infrastructures.
The Foundational Principles of CI-SOC
To address these challenges, we established a set of core principles to guide the development of CI-SOC:
Remote Access by Default:
Embracing modern work practices by ensuring primary remote access is robust so that the CI-SOC cannot be used as an attack vector.
Maintaining Isolation:
Isolating the critical systems under surveillance from the CI-SOC to prevent attacks on the CNI system or other enterprise IT.
Targeted Monitoring:
Linking monitoring objectives with the specific threats faced by the critical systems and clearly demonstrating direct business relationships.
Data Exfiltration Prevention:
Ensuring the data we collect is held securiely and is a design that makes it intrinsically hard to export data.
Vetting Third-Party Data:
Thoroughly validating third-party data to ensure its integrity and that it is not a threat to CI-SOC, making use of our cross-domain gateway expertise.
Support for Multiple Clients:
Ensuring the solution can support multiple customers in a robustly segregated manner, whether delivered as a managed service by 2T Security, or built for our clients to manage multiple environments of their own.
By adhering to these principles, CI-SOC offers a secure and flexible working environment for staff while meeting the stringent security controls required by critical infrastructure sectors.
Overcoming Challenges in Developing CI-SOC
Developing CI-SOC was challenging, including technological decisions, system integration, data quality, and usability. We navigated these uncertainties by iterating over system architecture, conducting comprehensive testing, and innovating on data validation (building on our Advanced Mobile Solutions skills in cross-domain gateways) and analyst workflows to create a viable, user-friendly solution.
A Team of Experts for a Complex Challenge
Our team, backed by decades of cybersecurity experience and recognition from the National Cyber Security Centre, leveraged their extensive knowledge and innovative thinking to develop CI-SOC.
CISOC: Advancing Security Operations
CI-SOC reflects the shift in mindset in security monitoring for Critical National Infrastructure. This service enhances the protection of core operations and ensures the security service is not a vulnerability.
By offering a more secure, reliable, and tailored approach to security monitoring, CISOC helps protect vital national interests.
Contact us to find out how we can help with a tailored approach to your security monitoring.
