How utilities manage security log management
Information Technology (IT) and Operational Technology (OT) have historically been designed with different objectives in mind and therefore managed separately. The desire to optimize performance and fine-tune control of an increasingly complex grid has since prompted the convergence of the two. This integration can be challenging, particularly in the grid cybersecurity domain.
Typically, utilities base their security log management infrastructure on a Security Information and Event Management (SIEM) solution. These solutions offer log collection,event correlation and log analysis capabilities. These in turn provide the necessary reporting and alerts on security incidents that deliver the necessary proof of compliance with cyber security standards.