Toward a Security Operation Center for Operational Technology in Industrial Networks

The integration of cyber-physical systems into critical infrastructures, such as power grids and manufacturing plants, necessitates robust security measures to safeguard Industrial Control Systems from malicious threats. Due to the unique operational demands of ICS environments, traditional IT security measures are often unsuitable. To address these challenges, we present our approach for enhancing cybersecurity in energy generation plants by correlating and consolidating alerts and logs from various monitoring devices, thereby providing real-time dashboards for anomaly and threat detection. The approach is based on the development of a platform that aids Security Operation Center (SOC) teams in monitoring operational technology within industrial networks. The paper outlines the functionalities of the platform, that will be developed within the "SOC OT Impianti Generazione Energia" (SOC-OT IGE) project.