Since 2015, New Context has been working with partner utilities and national labs to research methods to create and share cybersecurity threat intelligence. One primary goal we have strived to understand is how to ultimately provide a roadmap for automated cyber threat detection and response for utility systems.
On August 19th, 2019 at the EnergySec & Compliance Summit, I presented on topics related to the challenges and learnings on building cyber security agile response mechanisms for utility networks.
The talk provided a component overview, architecture and workflow on how a potential agile response system may function within a utility. Furthermore, we discussed the important question of how to rate and score potential risks of the suggested automated responses.
New emerging tools for security automation and response have the capability to create a more enhanced agile threat response to support grid resiliency. Security orchestration is a hot topic for many organizations and the technology has high potential. Like many security tools, they come with some potentially lofty goals. Furthermore, as we have seen many times in the past, IT-centric tools are not always directly translatable to the area of OT.