Airbus Cybersecurity has extended its Security Operations Centre (SOC) with OT capabilities, following a pilot project. The company said it will now deliver resilient, agile and dependable cybersecurity to digitalized and connected operational technology (OT) environments.
Airbus has developed its industrial cybersecurity strategy with an integrated IT/OT SOC at the core of its strategy, said the European cybersecurity company that has contracts to protect governments, military, organizations and critical national infrastructure from cyber threats. It extends protection of critical infrastructure beyond the aviation sector to include the energy, utilities, transportation, manufacturing and finance sectors, in order to improve cyber resilience.
The integrated IT/OT SOC delivers a cybersecurity operation center that operates 24/7, 365 days a year, with constant monitoring of IT systems, protection of reputation, and maintenance of trust amongst investors, customers and partners, Airbus said. It also helps customers achieve compliance for various regulations, including General Data Protection Regulation (GDPR), French Military Programming Law, and the Directive on security of network and information systems (the NIS Directive).
In order to meet the needs of OT SOC use cases, Airbus analysed if existing instances were applicable to deliver OT capabilities. This led to a record of use cases that already could address risks to central systems in the OT domain, such as ability to detect ‘Command & Control’, ‘Lateral Movement’, and ‘Data Exfiltration’ activities, Airbus said on Monday.
From a technical perspective, those samples were easy to adapt. The relevant centralised server, antivirus and firewall logs were onboarded to the Security Information and Event Management (SIEM) platform and ready for analysis in an early project state.
Ahead of the implementation of the identified instances, existing processes were integrated in the IT security and OT departments, Airbus Cybersecurity said. During the integration process, Airbus CyberSecurity engaged with both IT and OT departments to identify gaps in the standard processes for incident response for both operational and cybersecurity incidents.
The results of these interactions led to new investigation and response processes with specific interfaces and agreed decision points on the IT/OT side. Fundamental parts of these processes are local OT security coordinators, a central OT asset database and specialized OT SOC analysts, according to Airbus. The new processes will be accompanied with an OT security awareness program for the plant maintenance teams.
An industrial control system (ICS) network sensor solution has been selected to provide insights into the industrial systems and their networks, so that operators can identify these attacks, Airbus Cybersecurity said. The enhanced level of insights has been integrated in critical parts of the OT network to passively monitor them, and strengthen OT cybersecurity capabilities.
By analyzing industrial Ethernet traffic, the sensors will be able to identify irregular behaviors and will report any event to the SIEM systems, it added. Advanced OT SOC instances can use this additional event source to provide extended detection capabilities for targeted attacks on OT equipment.
While the integrated IT/OT SOC is an initial project, it lays the basis for extensive security monitoring of the company’s industrial perimeter. It is the starting point to the continuous security enhancement process, which includes an integrated feedback-loop into the incident response processes. With these combined and ongoing efforts, Airbus CyberSecurity constantly supports the protection of industrial assets and production lines, it said.