W. Dimitrov, K. Spasov, S. Syarova. Analysis of the Scope of a Conceptual Model for a Sharing Center for ICS Cyber Security Operations

Key Words: Cyber; security; operations; center; ICS; shared.

Abstract. The article offers a analysis of the scope of a conceptual model for a Shared Industrial Control Sys-tems (ICS) CyberSecurity Operations Center (SOC). The analysis of design of the conceptual model is aimed at bridging the gaps in existing market solutions and meeting the needs of the entire cycle of cybersecurity en-gagements. It ensures continuous proportional ICS protection against malicious actors and in accordance with regulations and standards. The focus of the research is on the three basic functions of cybersecurity cycle – proactive functions, security operations management, and cybersecurity incident response. The aim of the study is to increase the effectiveness of cybersecurity for all Shared SOC subscribers, to overcome the problem of staff shortages, and allow each company to focus on its core business. The applied methodology is based on the Fea-ture Driven Development approach, empirical experience from the implementation of cyber defense systems, and interdisciplinary vision. The proposed analysis provides reference points for synthesizing a private solution for multiple clients of Shared SOC, a basis for concept of operations and preparation for technical design. The idea of a Shared SOC provides a powerful tool for meeting the requirement for multi-layered cyber protection, which is already a fact in many regulatory measures. Shared SOC creates conditions for all subscribers with ICS to increase their level of maturity in cybersecurity.