Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Automating Security Operations: SOAR Supports Integrated Cybersecurity

An organization that is compliant with cybersecurity regulations and standards is not necessarily an organization that is prepared for cybersecurity threats. Cybersecurity compliance only solves for a subset of risk management, while reasonable cyber resiliency balances the investment into cybersecurity mitigations with the optimum level of risk management for the organization.

Critical infrastructure sectors that are not regulated for cybersecurity are frequently in a more dire position, due to the lack of attention to cybersecurity processes. When it comes to critical infrastructure cybersecurity or risk management, the use of Security Orchestration, Automation, & Remediation (SOAR) may provide a solution as an integrative system platform.

Industry and Operational Challenges

With growing industries and the push toward remote work and digitalization, cybersecurity grows increasingly more complex in response to varying threats. Ongoing risks threatening operational technology (OT), industrial control system, and supervisory control and data acquisition (SCADA) environments include:

  • High risk of human error and technical negligence due to many antiquated, proprietary, and outdated systems
  • Increasing connectivity through growing digitalization
  • Need for automation with heavy manual processes and hidden resource costs
  • Networks and systems that are frequently insecure to cyberattacks due to design
  • Shortage of cybersecurity professionals equipped with real-time data information
  • Too many vendors and lack of integrated systems

One of the biggest operational challenges facing today’s cybersecurity professionals is the lack of resources and information required to combat cybersecurity threats. Cybersecurity Ventures estimates in a 2020 Hiring Report an expected shortage of 3.5 million cybersecurity workers globally by 2021. This number is inclusive of both information technology (IT) and OT environments, but when it comes to critical infrastructure environments, the shortage is exacerbated by the additional skillset requirement common to OT environments.

SOAR is an integrative platform that saves organizations time and expands the reach of their limited cybersecurity professionals by automating processes and integrating systems into a single platform.

Improving Cybersecurity in Critical Infrastructure

Cybersecurity revolves around the people, processes, and technology that interact with cybersecurity measures. Given the global talent shortage, the people part of that equation is difficult to change. However, an integrative platform like SOAR can assist with both the technology and process aspects needed for a successful cybersecurity program. SOAR has the capability to address myriad challenges:

  • Automated threat detection and workflows
  • Auditable incident and event manager
  • Improved metrics for cybersecurity operations
  • Leverage investment into cybersecurity measures with integration of key systems and technology
  • Provides a cybersecurity command center platform
  • Reduction of required OPEX investment

Despite having a high number of disparate cybersecurity products and solutions, organizations can leverage SOAR’s integration library to weave a variety of systems together into an integrative cybersecurity platform. This can lead to a higher return on investment with minimal integration work required by the organization. Some of the types of use cases that SOAR helps an organization integrate and automate include:

  • Access and asset management
  • Automating indicators of compromise lookups in threat intelligence platforms
  • Collecting and centralizing relevant forensic data
  • Consolidated security operations
  • Custom workflows and use cases
  • Email phishing and assessing threats
  • Investigating and remediating end-point related alerts
  • Investigating security information and event management alerts
  • Responding to insider threats
  • Threat hunting

By integrating these disparate systems, SOAR enables more efficient cybersecurity operations for an overextended cybersecurity workforce. Cybersecurity professionals may also find that they experience reduced stress due to automating repetitive tasks, and their newfound ability to solve a variety of operational challenges.

Pandemic Challenges

With the ongoing COVID-19 pandemic, many organizations are forced to execute mission-critical assignments with reduced staff to accommodate social distancing measures. Remote work is also on the rise with an increasing number of teleworkers completing work virtually. Both factors are leading to a higher level of risk for organizations for the foreseeable future.

SOAR leverages automation to extend the capabilities of the existing security workforce. By integrating across many disparate systems, it enables efficiencies and by codifying existing workflows, the program becomes a force multiplier for our collectively weary security workforce.

SOAR, at its most fundamental element, is an operations platform. It incorporates both technology and the operations process, and a skilled practitioner can codify your existing business or technical processes, or improve them, through a variety of methods. SOAR represents hope in the COVID-19 crisis and burgeoning operational challenges confronting our organizations and the collective security workforce.

You are invited to attend a webinar from 1898 & Co. and Swimlane on Thursday, August 20. Sign up for the webinar to discuss how SOAR can help streamline security operations in critical infrastructure organizations.

 

A version of this post originally appeared on the Burns & McDonnell blog. It is republished here with the permission of its author.

Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive weekly emails with links to the latest thought leadership, tips, research, and other insights from automation cybersecurity leaders.

Matt Morris, 1898 & Co.
Matt Morris, 1898 & Co.
Matt Morris is the managing director at 1898 & Co., part of Burns & McDonnell, where he leads the consultancy’s security and risk practice, focused on critical infrastructure cybersecurity. Morris has 25 years of cybersecurity and digitalization experience and has served in leadership roles at startups, multinationals, and global organizations. Throughout his career, he’s directed global strategy and investments and managed customer-facing operations. Additionally, he architected and led the world’s first managed industrial cybersecurity service at a global technology conglomerate.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM