This report assists asset owners and operators in planning and implementing technologies, processes, and procedures that consolidate cybersecurity preparedness, prevention, detection, and response capability oversight and collaboration. The quantity and types of cyber-physical systems continue to grow, and the complexity of the individual systems and their interactions and interdependencies has made human-to-human coordination of the disparate elements nearly impossible. Additionally, separate isolated and “stove-piped” systems have been developed to provide security monitoring for physical, enterprise, and control system environments. As the threat landscape has evolved, there is a greater need to have a coordinated view of all aspects of an organization’s security posture (situational awareness), events (both unintentional, such as a component failure; and malicious) that may impact an organizations’ security posture, and responses to those events.
This report presents an analysis of current guidelines for both enterprise and control systems security, integrated with the results of questionnaires and interviews with organizations that have developed and deployed an ISOC. The guidelines are meant to assist organizations in identifying technical, business, and personnel requirements; developing ISOC architectures; and planning ISOC deployment and operations. Detailed plans, techniques, or operational guidance are beyond the scope of these guidelines.