Sector Name:Power Delivery & Utilization - Distribution & Utilization
Document Type:Technical Results
This Product is publicly available
This report describes strategies and guidelines for utilities to plan and implement an Integrated Security Operations Center (ISOC) that includes corporate systems, control systems, and physical security. Currently, multiple groups and operators independently gather and analyze information from a datacenter, workstation networks, physical security, supervisory control and data acquisition (SCADA) systems, energy management systems (EMS), historians, and field equipment. Data is also collected and analyzed from Computer Emergency Readiness Teams (CERTs) and Information Sharing and Analysis Centers (ISACs). Correlating this data to find suspicious activity can be extremely challenging and often only occurs long after an incident happens.
An ISOC is designed to collect, integrate, and analyze alarms and logs from these traditionally siloed organizations, providing much greater situational awareness to the utility’s security team. Additionally, an ISOC allows utilities to transition to an intelligence-driven approach to incident management, which is much more effective for handling advanced threats. Because of these advantages, creating an ISOC may provide significant value to utilities. However, building an ISOC requires significant technical resources, staff, and time.
This research focuses on the initial steps in the process of setting up an ISOC: developing the business case, potential organizational challenges, tradeoffs for different ISOC architectures, and planning the implementation process. These results are based on current research, engagement with utilities, and an examination of ISOC implementations outside of the electric sector.
For further information about EPRI, call the EPRI Customer Assistance Center at (800) 313-3774 or email email@example.com