All critical infrastructure must be monitored and managed by a Security Operations Center (SOC) that interacts and gives immediate response to unexpected problems or events. The SOC must receive all the alerts of the security systems implemented and identify the potential security incidents, analyzing them and establishing action protocols, which will mitigate the impact on the systems.
In all critical infrastructure, cybersecurity risk monitoring and analysis makes security more a business enabler than a problem. The monitoring and analysis services that ensure this security help to establish cybersecurity capabilities necessary to control 24×7 operations. It emphasizes the importance of hiring an established cyber company for any business in 2019.
We must bear in mind that our infrastructures are subject to a series of threats to consider, which are variable and that may come from natural causes (earthquakes, storms, etc.), by the action of man (theft, sabotage, vandalism, aggression and terrorism, among others) or accidents. In addition, they can have an impact on the physical security of the facilities, on computer security, on telecommunications security, on the security of information or on the security of personnel, both of their own and of the user or visitor. Carrying out a risk definition and analysis (nuclear, labor, biological, social, technological, fire risk, etc.).
In Public Administration there are a series of critical services housed in strategic and critical infrastructures that serve sectors of vital importance for the development and security of the country, and that therefore must meet all the security requirements of the administrations. That is why the Security Operations Centers must be in charge of ensuring that these vital services are offered with full guarantees.
There are 12 critical and protected public sectors defined to guarantee its continuity. These sectors are Energy, Information Technologies, Administrations, Space, Transport, Research, Water, Chemical, Nuclear, Health, Finance and Food. Outside of public administrations it could be said that a critical infrastructure is one that houses essential and fundamental services for social security and development, therefore, they must also be considered as critical services and for that reason they must be subject to surveillance and security of a SOC.
These services for the management of security in this type of infrastructure are carried out from a dedicated Security Operations Center, which can be hosted on their own systems or that can be provided as a managed or outsourced service. The operations center has to be fed with the necessary knowledge to identify and prevent threats and eliminate them from their systems. With alerts, identification of suspicious activities and forensic investigation, an overview of the risks of real cybersecurity will be obtained.
Thus, the SOC is the nerve center of all critical infrastructure, but we must differentiate between two types: SOC located in the critical infrastructure itself and remote or outsourced SOC.
In both cases, the collection of information on the architectures is essential and it must be contemplated that the flow of information is guaranteed and secured during its transmission.
In the case of remote management of our critical infrastructures, we must pay attention to the security of the transmission systems. In the case of data transmission using fiber optic technology, the data should be encrypted using Aes Fips 197 algorithms operating with 256-bit keys. In addition, there should be a frequent automatic change of keys, less than one minute, using key exchange algorithms, taking into account that communication should never be paused. Another important point is that it is necessary to guarantee secure end-to-end authentication between the hardware of the encrypted components, preventing any kind of spoofing or man in the middle attacks.
The SOC in the security management of critical applications hosted in its infrastructure must meet a series of requirements: monitor the security of critical services, manage vulnerabilities, early warning, manage security incidents, create databases of knowledge of incident resolution, malware analysis, device analysis, provide cyber intelligence services, adapt to special security requirements and be a source of knowledge.
That our critical infrastructures are under the umbrella of a SOC will give us a series of advantages and only the combination of knowledge, tools, processes and performances can provide the security that each environment needs. We must know and we must be organized in the defense of our systems against external attacks. Understanding and implementing security simply as another feature with which services and resources have to be operated, contributes little to the peace of mind required by the operation of information technologies.
The defense strategy in terms of cybersecurity in critical infrastructures should not be considered as an independent process within the activity of the information area. It is not something else that must be taken into account when operating the system. Only by adopting security as an integrated process can we have a whole perspective on the security needs, the risks and threats that really have to be faced, the controls that have to be confronted, the monitoring of their effectiveness and, It is also very important to estimate the technical, human and economic resources that must be dedicated.
The fundamental thing in the implementation of a SOC is to bring together the technicians and the tools that are really needed to support the IT security that the business activity requires in our critical infrastructures. Only in this way will our objective be fulfilled. In critical infrastructures, it is highly recommended to carry out a risk analysis once a year at least, or when there has been a serious vulnerability in security and each time the service provider is changed in case it has been outsourced. With good prevention you can detect a threat more effectively and react with an effective response
In summary, in order to manage a critical infrastructure and its vulnerabilities through a SOC, it is necessary to identify the essential services provided by companies and, above all, society by those determined as strategic and critical sectors, their operation, the main threats and their Main vulnerabilities from the physical and logical point of view of the infrastructures against any type of threat. If we are able to make this identification, we will have security problems under control and our systems will work with high guarantees of success.