One of the main current challenges for Security Information and Event Management (SIEM) platforms is to integrate data generated by Industrial Control Systems (ICS). This paper analyzes the issue in an energy-utility company, and it proposes a possible reference architectural scheme for the cyber-security monitoring of Operational Technology (OT) networks, making use of probes and dedicated Intrusion Detection Systems (IDS) to integrate OT logs. The paper presents some examples from real use cases and discusses future improvements of the SIEM technology to integrate heterogeneous data sources (Information Technology (IT) and OT) to develop proper correlation rules.
Integrating OT data in SIEM platforms: an Energy Utility Perspective
Alessandro Armellin;Giovanni Battista Gaggero;Mario Marchese
2023-01-01
Abstract
One of the main current challenges for Security Information and Event Management (SIEM) platforms is to integrate data generated by Industrial Control Systems (ICS). This paper analyzes the issue in an energy-utility company, and it proposes a possible reference architectural scheme for the cyber-security monitoring of Operational Technology (OT) networks, making use of probes and dedicated Intrusion Detection Systems (IDS) to integrate OT logs. The paper presents some examples from real use cases and discusses future improvements of the SIEM technology to integrate heterogeneous data sources (Information Technology (IT) and OT) to develop proper correlation rules.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
