OT SOC Implementation

Pharmaceutical Industry
OT SOC Implementation
Basel, Switzerland

Brief :

A major pharmaceutical company planned to extend its existing Security Operation Center (SOC) to its production environment. In particular, the demand focused on increasing the detection capabilities in the production environment and as well structuring the site-specific communication and response capabilities for these enhanced detection capabilities.

BxC was asked to support the analysis of the current SOC capabilities concerning the manufacturing environment, to plan and implement an OT-specific detection strategy including OT security use cases, not to mention response procedures for the future OT SOC setup.

Sites
25
Sites
Sites
150
OT Security Use Cases
Different Log Sources
20
Different Log Sources

Activities :

OT DETECTION AS-IS STATUS ANALYSIS

OT DETECTION AS-IS STATUS ANALYSIS

BxC reviewed the existing log sources available in the IT SOC for the IT environment and assessed their immediate relevance to the OT environment. In that way, BxC supported the existing SOC team to extend the use cases scope to OT for existing use cases.

OT SECURITY USE CASES DESIGN

OT SECURITY USE CASES DESIGN

Based on workshops gathering both IT and engineering experts, BxC coordinated the design of sector-specific OT Security use cases. This was based on the identification of the threat-specific landscape as well as the analysis of the OT-specific log sources.

INCIDENT RESPONSE ORGANIZATION

INCIDENT RESPONSE ORGANIZATION

BxC designed a communication plan to react best to security alerts and potential incidents, therefore fostering collaboration between the sites’ IT and OT teams. BxC also participated in raising cyber incident awareness across all IT and OT stakeholders.

results :

Since the initial involvement of BxC, the maturity of the OT security incident detection and response did increase and became a permanent improvement activity for the operational teams. Several achievements can be listed:

Awareness of OT Security incident response measures and processes across production sites and central units improved

Awareness of OT Security incident response measures and processes across production sites and central units improved

150 OT-specific use cases designed and structured into a four-wave implementation schedule based on complexity, log source availability, and security criticality

150 OT-specific use cases designed and structured into a four-wave implementation schedule based on complexity, log source availability, and security criticality

20 OT-specific use cases implemented in the first two months of the implementation phase to cover the most relevant security threats based on available log sources and logs

20 OT-specific use cases implemented in the first two months of the implementation phase to cover the most relevant security threats based on available log sources and logs

Long-term improvement of the OT detection and response capabilities by bridging the gap between the central SOC and the local response teams

Long-term improvement of the OT detection and response capabilities by bridging the gap between the central SOC and the local response teams