News
Vendors

Airbus Cybersecurity strengthens its SOC with OT capabilities

February 16, 2021
Airbus OT capabilities

Airbus Cybersecurity has extended its Security Operations Centre (SOC) with OT capabilities, following a pilot project. The company said it will now deliver resilient, agile and dependable cybersecurity to digitalized and connected operational technology (OT) environments.

Airbus has developed its industrial cybersecurity strategy with an integrated IT/OT SOC at the core of its strategy, said the European cybersecurity company that has contracts to protect governments, military, organizations and critical national infrastructure from cyber threats. It extends protection of critical infrastructure beyond the aviation sector to include the energy, utilities, transportation, manufacturing and finance sectors, in order to improve cyber resilience.

The integrated IT/OT SOC delivers a cybersecurity operation center that operates 24/7, 365 days a year, with constant monitoring of IT systems, protection of reputation, and maintenance of trust amongst investors, customers and partners, Airbus said. It also helps customers achieve compliance for various regulations, including General Data Protection Regulation (GDPR), French Military Programming Law, and the Directive on security of network and information systems (the NIS Directive).

In order to meet the needs of OT SOC use cases, Airbus analysed if existing instances were applicable to deliver OT capabilities. This led to a record of use cases that already could address risks to central systems in the OT domain, such as ability to detect ‘Command & Control’, ‘Lateral Movement’, and ‘Data Exfiltration’ activities, Airbus said on Monday.

From a technical perspective, those samples were easy to adapt. The relevant centralised server, antivirus and firewall logs were onboarded to the Security Information and Event Management (SIEM) platform and ready for analysis in an early project state.

Ahead of the implementation of the identified instances, existing processes were integrated in the IT security and OT departments, Airbus Cybersecurity said. During the integration process, Airbus CyberSecurity engaged with both IT and OT departments to identify gaps in the standard processes for incident response for both operational and cybersecurity incidents.

The results of these interactions led to new investigation and response processes with specific interfaces and agreed decision points on the IT/OT side. Fundamental parts of these processes are local OT security coordinators, a central OT asset database and specialized OT SOC analysts, according to Airbus. The new processes will be accompanied with an OT security awareness program for the plant maintenance teams.

An industrial control system (ICS) network sensor solution has been selected to provide insights into the industrial systems and their networks, so that operators can identify these attacks, Airbus Cybersecurity said. The enhanced level of insights has been integrated in critical parts of the OT network to passively monitor them, and strengthen OT cybersecurity capabilities.

By analyzing industrial Ethernet traffic, the sensors will be able to identify irregular behaviors and will report any event to the SIEM systems, it added. Advanced OT SOC instances can use this additional event source to provide extended detection capabilities for targeted attacks on OT equipment.

While the integrated IT/OT SOC is an initial project, it lays the basis for extensive security monitoring of the company’s industrial perimeter. It is the starting point to the continuous security enhancement process, which includes an integrated feedback-loop into the incident response processes. With these combined and ongoing efforts, Airbus CyberSecurity constantly supports the protection of industrial assets and production lines, it said.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape