Keywords
SOC, intrusion detection, NIS2, Singapore model, IDS, asset inventory, network plan, measurement and control
Summary
Christian Breitenstrom of SOC service provider uneedsecurity defines the basic homework tasks for adjusting an intrusion detection system, and describes the OT security challenges of SMEs from a practical view point. He proposes a governmental incentive for OT security based on the principle of the Singapore model.
Takeaways
Small medium-sized companies neither have the budget nor the staff to establish and run an intrusion detection system professionally and compliantly.
For SMEs where an IDS is legally mandatory, the concept of a Sector CERT might be the only way out.
A Sector CERT identical to the Danish model can ease budget constraints and concentrate competences.
Asset inventory and a network plan is the least you need to have for an IDS.
The criticality of systems should be assessed using the pyramid of measurement and control to be able to prioritize critical areas in ones OT infrastructure.
A CISO as a Service can bundle responsibility, competence, contact for the management while allowing for budgetary flexibility.
SMEs and states would profit from a Singapore model-like governmental support to get OT security established and operated in high quality and effectiveness.
In the detailed, clustered OT world, an excel sheet for asset inventory hits its ceiling fast.
An asset inventory is a living tool which needs to document each change to the infrastructure in detail and context, to be able to prioritize and define security measures that really have an effect.
Sound Bites
In SMEs, OT folks try to survive workload by sending one mail per day that tells them if anything happened in the OT. Of course, that is not effective from a security point of view.
Without an expert on-prem the IDS typically is configured once and then left running on its own. Of course, this is utterly useless.
A block diagram with a firewall placed somewhere is NOT a worthwhile network plan.
Die main homework tasks for OT security folks are a network plan, an asset inventory and the measurement-and-control pyramid.
In public tenders, the lack of governmental support in OT security leads to prices being pushed down, with the effect of low-quality implementation not even worth that little money.
Chapters
00:00 Introduction
03:14 What SMEs expect to pay for OT security
05:51 How to find a solution for SMEs with limited budget
07:50 The “Sector CERT” principle
08:50 Minimum requirements to work with a Sector CERT
10:56 Asset Inventory as the foundation for an IDS
12:00 The measurement-and-control pyramid to assess OT system criticality
13:40 The skill shortage in OT security and the CISO as a Service
17:43 Steps to take for an asset inventory and network plan
19:35 I wish...
20:54 First steps for small utilities to an IDS
21:55 Why we need governmental support in Singapore style
23:42 Where to find additional content on OT SOCs and the Singapore model in OT security
