The 3 main homework tasks for making an IDS work

Christian Breitenstrom of SOC service provider uneedsecurity defines the basic homework tasks for adjusting an intrusion detection system, and describes the OT security challenges of SMEs from a practical view point. He proposes a governmental incentive for OT security based on the principle of the Singapore model.

Duration:

24 min

Guest in this episode:

Christian Breitenstom

Chief Operating Officer uneedsecurity

FAQ

Facts on the topic

What are the key requirements for an intrusion detection system (IDS) in OT?

The absolute foundation for any security incident response is an up-to-date asset inventory and a detailed network diagram. Without a precise overview of all components in the production environment and how they communicate with one another. Any attempt to detect an attack will be ineffective. In the complex OT world, a simple Excel list or a rough block diagram is not enough. What is required is “living documentation” that maps changes in the infrastructure in real time in order to effectively prioritize security measures.

‍

How does the "Measure-Control-Regulate" pyramid help with NIS2 compliance?

The Measure-Control-Regulate Pyramid serves as a strategic tool for classifying the criticality of systems. Since SMEs often have limited budgets, this model enables clear prioritization. Companies can identify which areas of production are most critical to operations and allocate security resources there in a targeted manner. This is a crucial step toward implementing the requirements of the NIS2 Directive in a cost-effective and high-quality manner.

‍

What is behind the "Singapore model" for OT security?

The Singapore model represents a consistent government-led approach to promoting cybersecurity in industry. Christian Breitenstrom from uneedsecurity.com is calling for this principle to be adopted in Germany as well. It should provide financial relief to SMEs when implementing OT security solutions. Without such funding, there is a risk that the quality of implementation in public tenders will decline due to price pressure, which undermines the actual protective effect of a SOC (Security Operations Center).

‍

Why is "CISO as a Service" a solution to bridge the shortage on skillled workers in OT?

Many companies fail to establish an early attack detection system due to a lack of on-site experts. A system that is merely configured but lacks a specialist to evaluate the signals is virtually useless. CISO as a Service consolidates the necessary expertise and responsibilities externally. This provides management with a dedicated point of contact and allows for budgetary flexibility, while simultaneously ensuring the technical depth required for complex OT scenarios.

‍