Introduction

Security operations centre (SOC) can be elaborated as a centralised unit which deals with the security issues on an organisational and the technical level.

Understanding of Security operations and Assurance:

By choosing the information security as the main parameter, Information assurance is an ideology as the combination of integrity, confidentiality and the availability. (Singh, Vaish & Keserwani 2014) Based on the ideology that information security cannot be provided with few specific measures, main security headings and the information assurance ideology details which proposed the activations of all the security mechanisms and managed all the procedures such as conveying, storing and the information processing which are shown below: (Yalman & Yesilyurt 2013)

1. Hardware/Software Security:

The aim of using the safety guidelines and the standards is to ensure the evaluation ad testing fr the hardware/software or the system which is being produced in the relevant field b the independent laboratories as per the some rules and accordingly, and to meditate for giving the guarantee to the users. The purpose for this evaluation and the testing I to check the full implementation of the safety functions on the software/hardware and for determining that guarantee level is being provided or not.

• Network and communication Security:

This security protects the network against the Cyber- theft, information which is the business confidential usage for the malicious purpose and the viruses’ attacks from the internet. For the communication security, it is applicable for the secure transmission of information by the communication channel and focuses on the security technology on the point’s connection for the outside world with the inputs of network. If in case that network and communication security is not provided, then it becomes risky in various terms such as: the intrusion which is not authorized, network closure, service interruption, non- compliance regulation and the legal actions.

• Emission security:

On the basis of intelligence, the access data formation is being divided into three groups such as:

• Intelligence based on human.
• Intelligence based on imagery.
• Intelligence based on signals.

Among all these intelligence formation, the signal intelligence is being analysed under the four sub-titles such as: electronic, communication, telemetry, electronic and the radar intelligence.

The emission security which is the important parameter of information assurance is being expressed by the full complement of the measure on order to ensure effective information security. (Houngbo & Hounsou 2015)

• Training of employee and the physical security:

Among all the measure which is being taken by the individuals, organizations with the scope of information assurance, it is important to train the employees on the related issues and provided the physical security of electronic media which contains the critical information. Although the emission security, software and hardware might be taken by the investment of higher cost.so the employee should be trained with the context of information assurance and the storage devices and the documentation should be kept in the suitable environment at the rate of confidential degree phase.

• Other Safety measures:

The use of the water making, cryptography and the steganography techniques are among the measures which is being taken for ensuring the information security. Cryptography is  a set of technique and the applications which is being based on the mathematical methods, which allows two or more than two parties communicating with each other for making the exchange of information securely and levels it on the protection by transform the information into a form which cannot be understand by the unwanted people.

Research Objective

In this research, SOC technology is being used for the various concern of automated mass manufacturing. Automated mass manufacturing is used for the purpose to facilitate the cost reductions, stable quality expectations establishment and the availability consistency.  The regions are being created with the central office control on administration and the manufacturing process for reducing the carbon emission central hubs.  It is quite simple by using the internet that the production lines can be controlled completely. All manufacturing forms from the least class to mandatory class have enjoyed the limited levels for the security threat interference in present timing.

The main issue is that although it has various benefits but this sector has not modernized against the presently security threat landscape, especially with the environment of global economy hence it is quite open for such kind of threat opportunities.

Traditionally the threat has been against the direct financial gain but it has changed for the things such as ransom, environmental and the host for the other rise opportunities.

The business security enhancement and the compliance insurance with different regulatory needs such as GDPR required to the part formation for the developed solution mix in addition.

There are several issues which are being resolved in this report in the field of mass manufacturing system such as:

• Assess for the functional and the technical needs of the grid and the processing centre which is required in the implementation.
• Proposed various types of networks which can serve for the requirements meet.
• Proposed the deployment of appropriate network communication equipment.
•  Protocol suites consideration which is being used for the future development.
• Service and server need identification.
• Defining the appropriate network software for the enterprise network deployment.
• Defining the data transfer rates in the system to provide the different levels of aggregation.
• Proposing the arrangements for baseline security.
• Providing the comparative cost in the broad terms.

The SOC goals and objectives as standardized by the National Cyber Security Centre of 2016 are as follows;

1. “Detect and respond to threats” the work of the SOC mainly is to ensure that the system security is always secured. They detect and responds to any threat and take a strict actions on them
2. “Increase resilience of the organisation” SOC ensures that the organization maintain an increase resilience through maintaining device and system security measures. SOC will have to ensure that all the security policies are adhered to by the system users.
3. “Identify and address negligent or criminal behaviours” The work of the SOC is to criticize the system attackers by implanting very tough policies to anyone found trying to use the system for ill motives. This is done by implementing the law to ensure that cyber criminals are dealt with according to the law.
4. Deriving business intelligence: The work of SOC is to ensure that they provide a secure business intelligence infrastructure to the organization to ensure that its customers are meeting the company satisfaction. This include secure payment systems for the transfer of money from the customer to the company wherever they are.

Analysis

Automated mass manufacturing threats and system vulnerability

The information manufacturing management system is an automated system hosted on the cloud platform. The system is open to any form of attack since it is a web application which is based on the cloud providers. The data are stored on the dedicated servers sited in unknown location by the service providers. The automated mass manufacturing system may be attack successfully by ransom ware application which hides all the system files and retrieve them back as they were. Another method through which attackers will may steal the company data is through stealing some information belonging to the company.

Malicious Threats 

Theft of data

Data can be stolen by making tricks to the users of the automated mass manufacturing IT infrastructure. When the staff are tricked they may send confidential information to the attackers and these will provide the needful information needed to cause the system attack and steal from the company. The automated mass manufacturing system can be attack as well by using phishing tools which will retrieve the data.

Ransom ware

 Ransom ware is another application tool used by attackers to enter into the IT infrastructure. The application will hide the organizational data by making them unavailable within the system. At this point in time the attacker is modifying the data in order to be as needed. Ransom will be commanded to make the data files to be available again. Ransom ware will encrypt the system files and will command the company to pay ransom ware for data retrieval. If the organization is unable to pay ransom, the data files will be useless for the company since they cannot access them.

Phishing 

As per automated mass manufacturing system, a distributer of manufacturing information system. Phishing is the act of stealing company information in order to use them to steal from the company. Most hackers use fishing as a hacking tool by just sniffing data from the company’s information system. These data which have been retrieved can be manipulated by hackers by use of malware programs such as the Trojan horses. Trojan is a software program which can be used to modify the data to function as the way in which the hacker is needing.

Social Engineering 

Computerized mass assembling framework serves to getting quick assembling procedures in different organizations, has recorded Social Engineering (SE) as a High Severity Threat in their High Severity Service Incidents list. Mechanized mass assembling framework cautions about SE focusing on assembling procedures and general experts (GPs). The SE assaults portrayed in the mechanized mass assembling framework cautioning uses email to lead the assault, and remediation of the Phishing risk ought to have a moderating impact on the SE danger.

This paper will take a gander at SE and Phishing all together email defencelessness’ in the Design and Implementation area.

Internet of Things (IoT)

Connecting the people data into the cloud environment may be harmful to both the users and the company. Systems connected to payments are all cloud based applications and may cause a threat to the company information system. The devices used while setting up the system are all IoT devices. These gadgets are not constantly intended to be accessible through the Internet, and it could be hard for the IT Department to fix the gadgets at whatever point it is discharged new firmware. All gadgets associated on a similar system as a powerless gadget is in peril of being abused by an aggressor through a helpless gadget. Internet of things joined with ineffectively organize division could, hence, be of incredible risk to the Manufacturing industries.

Ransomware vs. IoT

When the “things” referenced in the IoT-segment is assaulted by ransomware, the Medical Practice could be compelled to pay considerable measure of cash, for example to have the option to kill on or the lights. This risk is one of seven dangers secured by the RSA Conference 2017’s outline of the present most hazardous new assault strategies

Non-Malicious Threats

Policy threats

A person may decide to breach the company policies and do harm to the company’s automated mass manufacturing system. It is clear that the company is bound by policies which describes that no one will act as a threat insider otherwise he or she may face the law. This has been clearly indicated as a bridge of the law in the ISO standards security laws. These law was established to ensure that the information management systems are maintained secure.

Intellectual property threats

This is the act in which an individual is practising unlawful act to still from the company. The person effected uses his or her roles to infringe into the system and still from the organization without informing any one.

Espionage 

Espionage is more similar to eavesdropping which the person is listening to the information belonging to the company without being notice by anybody. The attacker will take all the information he or she hears and will use them to cause fraud within the information system.

IT sabotage 

IT sabotage is the act of bringing down the IT infrastructure by personnel who are members of the staff. They are bringing down in the sense that they don’t want to strengthen the IT security by implementing tough policies to ensure that the IT infrastructure remain secure always.

Frauds

Fraud is an illegal act. The attacker is using the knowledge he has to infringe into the system by using fraudulence information obtain by phishing information  from the staff members by cheating them so that they can attain the information relevant for some processes perform within the company. A fraudster is the person who is committing fraud and steal data belonging to the company.

Figure.1. Data Encryption and Decryption process

Analysis (Yalman & Yesilyurt 2013)

Production Threat Landscape:

The industrial internet challenges provide the shoot up of the damage warning from the contamination which operates operation and the work flow structure together. It can source the disturbance or the longer disconnection at the huge cost. As the latest analysis it reflects that the producer believe that the cyber risk potential will enhance the transformation of industry 4.0.

Figure2. Cyber risk increment graph (Symantec, n.d.).

In the year 2014, production is being targeted at the top in spear- phishing attacks, which suffered 20% from whole attacks, which have enhance from 13% in this year. These selected email strikes against any of the individual in manufacturing organizations termed as the part of cyber-crime is being designed for stealing the access credential of IT office or the OT systems.

The manufacturing system remained among the top three companies which are being selected by the spear phishing attacks. With the connectivity enhancement, the manufacturing warning remains important.

Figure.3. Zero-Day Vulnerabilities, Annual Total (Symantec, n.d.).

The meaning of the internet of things elaborates more devices which are being ever joined to the industrial internet. It is being estimated that 5.5 million new things is being connected on this year on everyday scenario with the sum of 6.4 billion connected things all over the world and 30% more increment rather than the previous years.  

As the result, the industrial control systems are the prime or the main selection. These structures are progressively enabling the cyberspace for making the control and monitoring easy. But going through the direct systems with the IP addresses create further paths for the attacks if the computer network access is protected badly and the agreement for ICS are fragile.

Influential Factors

Human Resource Management:

Organization structure

It is the way in which the organization is set to perform its duties, the automated mass manufacturing system is an automated system which is based on the working breakdown structure of the company. Each of the employee is assigned the role within the system to ensure that each one of them is working on some specific duties.

The HR department is having the responsibility of responding and the monitoring purpose for the ethical behaviour by the employees in the manufacturing firm. But it requires the technology and the procedures for doing this work very efficiently. A SOC technology is the human resource department enabler for the duties performance and the HR department should be in the regards of the important customer of SOC technology. For any instance, A web proxy can be used by the HR department to enforcing the policy that which websites is allowable/ disallowable to visit. (Nathans, 2015)

Legal System:

In the manufacturing industry should have a legal department for all the legal matters by which the manufacturing process will run smoothly and also includes the legal needs for notifying the administration to secure that the details is being stored and handed with law compliance and it preserve the evidence for the case of possible law offense. (Nathans, 2015)

Information technology:

The IT sector and the SOC technology will have to cooperate and coordinate thoroughly for achieving the well-organized functioning and for ensuring the whole expedients to join the effort in a divided aim. The IT sector should help the SOC technology with the hand on participation with the grid in the manufacturing process for describing the each entity role which is being connected with the network and sharing the operational knowledge for gaining the day by day operations. The SOC technology in turn can supply the IT sector with the warning intelligence; investigate bottleneck and the network troubleshooting issues on the internal network.

Organization’s employees:

In the organization, a safer abandonment friendly domain would either not to be pre-owned or the everyday end user would realize the path sooner to get round the safety calculation. It is mandatory that the SOC technology is being planned to save the manufacturing process from the deliberate and the unintentional strikes from both of the interior and outermost factors, but the appliances which is being launched by the SOC is being proved by the investigation known as the Cost- benefit analysis. In this analysis, the value considers both the required assets and the user friendliness depletion.

Relevant Information Assurance Methodologies 

There are so many ISO standards probably more than a thousand security concerns regarding the cyber-attacks. The number of ISO standards relating to cyber security are overwhelmingly increasing. Manufacturing systems covers almost 10% of specific standards it to protect their rights and privileges of implementing technology based systems.

In this report we are focusing on the security ISO standards which are related to the automated mass manufacturing information systems.

ISO 27000 series; the series is concern to establishing standards which are concern on the techniques use to protect our new information systems from fraudsters, the system requirements. It does not include the measure which will be used to gap the threats from happening once again. Below are the ISO standards 27000 series;

ISO/IEC 27001 Information communication technology — concern about the security system techniques on mass manufacturing systems — Risk management system — information system requirements ISO/IEC 27001 the standards does not describe the mechanisms through which we can use to make the system secure. However, it describe the information security management system to be implemented together with automated mass manufacturing system (ISMS).

ISO/IEC 27002 Information security — mechanism for maintaining security systems — set policies and rules which will govern the information management system. System users are made aware concerning the policies and must be adhered to it as they are in the working environment ISO/IEC 27002:2013 This is a standard policy published in 2013 to cover all aspects related to the information technology Threats and vulnerabilities of this chapter report: policies related to the technology solution, the security of the company, security of the management personnel, how assets are managed, Access Control, Environmental security systems, security of the Operations, Communications Security, mass manufacturing resource acquisition, Development, service and Maintenance, Relationships with the suppliers, Incident management on the automated mass manufacturing system , Aspects of Business Continuity and information system security, and Compliance. As we’ll see below, the ISO 27799:2016 is based on implementing ISO/IEC 27002 in automated mass manufacturing. The user of the automated mass manufacturing system is motivated to look into the security operations of the system. The security incident management and the information system security aspects which will enhance business continuity as they are the most important and relevant for SOC.

ISO/IEC 27031:2011 Information communication technology — Mechanism in security threats — provisioning of guidelines to help the users of the automated mass information system and enjhance communications information system in readiness to allow business continuity management department so that an in depth discussion is made concerning the ISO standard for BCM

ISO 27799:2016 information systems security management — IT in manufacturing companies is the key player in increasing the output than the input. The automated mass manufacturing will ensure that IT security laws and regulations are protected in such a way that the information system stay safe all through. ISO/IEC 27002 highlights what is considered in the ISO 27799:2016 which describes “It is not condoned to harm or infringed the automated information mass manufacturing system ISO/IEC 27002 or ISO/IEC 27001. However, it is purpose to complement to other generic standards”.  In other words, ISO 27799:2016 provides automated mass manufacturing system description on how to implement security measures described in ISO/IEC 27002:2013. It assists or expound the techniques where it is important to make changes in any manufacturing specific changes. In summary, to know how the company should follow acceptability with ISO 27799:2016 it is important to obtain good knowledge of ISO 27002:2013.   

Information Assurance Methodology

There are 12 steps which are being elaborated for information assurance methodology which is being elaborated below along with this methodology is also known as the PDCA model which means Plan, Do, Check and Act.

Plan or the establishment of Information security management system:

Step1.  Establish the importance of information security in the business:

There are three sub steps which are being elaborated below for establishing the information security management system.

• Identification and the documentation of the business objectives, business processes and the information technology processes. (Lee 2014)
• Identification of the business dependency on information technology.
• Need of protection in damage scenarios.

Step2. Define the scope of information security and management system:

It includes the various details for completion of the scope which is being shown below:

• Organization Description.
• Business function description.
• Geographical location description.
• Business processes which includes in the scope.
• Information system which includes in the scope.
• Location Physical Layout.
• Logical networking Diagram.

Step3. Elaborate the security policy clearly:

There are several issues which should clearly elaborate in the security policy such as:

• Why the information, which is in strategically manner, is important for the organisation?
• What are the legal and the business requirement for the information security of an organization?
• What are the contract agreement of the organization towards safety of the data concerning to occupation procedures data accumulated from the workers, clients etc.?
• What are the main steps should be taken by an organization for ensuring the information security?

Step4. Establishment of security Organization structure:

This establishment is important to make sure the involvement of company to identify an implement different safety computation. This safety company should have the various committee and the positions for this purpose which is being described below:

• The security steering committee which is being leaded by the chief executive and includes the main business representatives and the technology departments.
• ISO or the information security officer should be the secretary of the committee and will be in charge for providing the coordination to the safety attempts of the company.

Step5. Identification and classification of the assets:

Upcoming pace is to conceive the plan for benefits classifications, established on the cruciality with regards to the confidentiality, information availability and the integrity. The classifications are mandatory to execute the different safety measures.

It is having the various categories such as:

• Information assets
• Software assets
• Physical Assets
• Services

Step6. Identification and the risk assess:

There are several steps for this procedure which is being shown below:

• Perform a threat analysis.
• Perform a vulnerability analysis.
• Assign overall vulnerability ratings.
• Assess risk evaluation.

Step7. Risk Management Planning:

The risk management options are based on the cost benefit analysis and there are many options which are available for handling it. (Dushie 2014)

• Transfer the risk.
• Avoidance of the risk.
• Acceptance of the risk.
• Risk reduction.
• Define security policies.
• Define procedures.
• Define standards.
• Identify security products.
• Cost vs. benefit.
• Current state assessment and gap analysis.

Do the implementation and operates the Information security management system:

Step8. Implementation of risk mitigation strategy:

As the result of the previous step, there are some items which is ready for implementation should followed by the organization such as:

• Detailed Security Policies
• Procedures and guidelines
• New security products
• Improvements for existing devices

Step9. Writing the statement of applicability:

There are following exercises which should be carried out for the identification.

• Mapping the implemented controls against BS7799 control objectives and controls
• Identify the gaps
• Reasons for exclusion
• Table of Statement of Applicability

Step10. Staff training and the security creation awareness:

There are following steps which should be taken are shown below:

• Design security training programs
• Annual calendar
• Creating Security awareness

Check the monitor and review the Information security management system:

Step11. Monitor and Review the performance of information security and management system:

Create the following mechanism for monitoring and reviewing effectively for the information security and management system:

• Reporting system
• Review mechanism
• Internal Audit
• Management Review

Act to maintain and improve the Information security management system:

Step12. Monitor and Review the performance of information security and management system:

Improvement in the continuous manner takes place by having the following measures in place:

• Management review and follow-up
• New business requirements
• Identification of new threats

Alternative ideology for SOC

There are two major ideologies for the SOC technology to select for connecting the internal SOC and the external SOC. The internal SOC is also known as the in-build SOC and the external SOC is also known as the outsourced SOC. The external SOC is being designed for the clients load reuse with the vendor operations shared staff, and it would commonly be considered as the engaged or obtained favour which is not comprised in the organization ranking.

Internal SOC:

Profits of an internal SOC:

With the internal SOC, the manufacturing process will have the net audit on the employee working the SOC technology. The employees will know the IT foundation and the other employees at the industry well which will relieve the damage assessment issues and enhance the transmission linking the SOC and the remaining of the industry. An internal SOC would be fully custom-made with the manufacturing process and it could also get hold on a constant ideology at charging the intelligence and the understanding within the company and hence not become supported on the third party SOC supplier.

Drawbacks of the internal SOC:

An internal SOC will needs the substantial up-fronts cost for acquiring the skilled, investment in safety technology and the data centres of storing logs, buy the needed licenses for the utilized software and the arrangement , implementation functioning processes. Even if the board provides authority for considerable assets for hiring the skilled employees, the skilled SOC poverty analysis makes the difficulty for choosing the right people. (Rothke, 2012)

External SOC:

Benefits of the external SOC:

Unlike the internal SOC have the small upfront expenses. The SOC vender pay should be cyclic or annum, hence decreasing the exposure and weight which is being associated with SOC technology this vendor will be able to buy the software and the hardware which can be utilized by SOCs in the range of organization such that the expenses must be distributed across the range of organisations. It is done properly; an external SOC technology could be cheaper than the internal SOC technology.

Drawbacks of the external SOC technology:

The outsider employee will not aware about the IT module and the other employees in the industry like the internal staff which could make the damage assessment and the internal transmission between the SOC technology and the remaining companies harder. If the outsourcing of the SOC technology is not being handled correctly, it can be damaged from the internal employees. Especially in the departments like the IT department which can feel their skills are insufficient. By choosing the external SOC technology it can be chosen as the off shelf solution which is being designed to be used by the broad variety for the customers. This could imply that the SOC technology will not be customized such as the extent which is fully functional.

Design and implementation of the proposed system

The proposed system includes several parameters in it which is being shown below. It makes this system more beneficial:

• The inter centre communication system.
• Facilitates the remote access services and database.
• The email systems with web and the content servers.
• Converged services.
• Appropriate bandwidth and the servers which have the streaming audio, video etc.
• Virtual reality and the VPN access management system.
• Support flexible service and the level of resiliency and the disaster recovery system with 24×7 operations in the ideal conditions.

Managing cyber risk for the manufacturing firms:

As the manufacturing firms are spending the time and resources on ensuring that the machinery is properly maintained and serviced, so the same levels of attention and the care must be paid for the security.

Risk management process:

It involves:

1. Prioritizing risks, defining the policies and automating the assessment processes in IT governance, compliance and risk which span whole IT and OT/ICS environments.
2. Enforcing the policies of IT and automate the compliance with the built in automation and the workflow to not only for identifying the threats but also to remediate the incidents as it occurs or anticipated before it happens.
3. Communicating with the IT and OT risk in the business related terms by using the IT GRC frame work which involves different step from identifying the critical assets by the continuous audit procedures as shown in the figure.

Figure4. Cyclic GRC process for ICS security (Symantec, n.d.).

Recommendations for the strategy setting to improve the overall security and compliances:

The best practice highlights the key steps, which is being required to translate the risk management process into the fully developed strategy for secure creation and the compliant system.

Secure convergence management for IT and OT:

By fully realizing the benefits for industry 4.0 in the greater efficiencies and the lower costs will involve the integrating previously separate the organization’s IT and OT systems. Standard like ISA 95 provide the framework for managing the information flow between the systems.

Figure5. Flow of information and risk by an ‘industrial internet connected’ manufacturing

Organization (Symantec, n.d.).

This information flow provides the visibility across the operations which allow the senior management to speed up the decision making and execution. However the greater information flow also widens the risk. When the IT and OT systems are connected then there is a potential which threats may have been isolated to the one system before it could pose a more severe risk to both.

Industrial control systems security:

Any industrial control system which interacts with the physical world should be secure. Initially, it means as assessment for establish the potential hazard and the risk such as that outlined for the safety standard IEC 61508. Then follow the cyber security technology and the protection for improving the control system security, set out the standards as IEC 632433, NIST SP800-82. These are essential best practice for any information security regime.

IOT devices and the embedded systems management:

The industrial internet over will inevitably improve the number of the mart devices us in the order to improve the operational efficiency. Security in these embedded systems is about managing and protecting the data, services and the identity to avoid the devices which is being compromised and opened the new threats.

Protection of intellectual property and the confidential information:

The highly confidential data should be encrypted for ensuring the authorised users have access. The parameters security of the networks excluded the unauthorized traffic.  And by deploying the anti-malware, and the software hardening on all the OT and IT systems will also help for attacks prevention.

Inclusion of business partners in cyber risk program:

Data sharing is being done by the cloud based applications. Yet, 61% of the businesses surveyed in the PWC study used some of the forms as cloud computing.  The encryption identity and the context based, access control across the multiple cloud applications provide the best corner store for the solution of cloud security challenges.

Preparation of Advance detection and the fast response:

Any of the risk management strategy and the plan which requires defining that will be responsible for threats identification and vulnerabilities, how these risks will be prioritize and how the mitigation strategies will be evaluated. This procedure requires to be continually evaluated.

These measures must be the part of the incident response plan which has done. This plan must also consider:

• The proper crisis /PR management ideology for securing the company reputation.
• Cyber insurance for protecting the financial loss which could cripple the company otherwise.

These strategies offer the end to end view for the helping block for remediation and detection the attacks, information protection and the risk reduction.

Threat protection: for stopping the attacks by securing the traditional and the emerging end points, servers and the network gateways.

Information protection: the integrated data and the identity protection avoid the confidential information loss and only allow the access from the authenticated business partners.

Cyber security services: it provides the skills and the resources for the incident detection and the faster breaches than the manufacturers can do.

Protection solution for industry 4.0:

Security of Data centre:

It protects critical servers, hardens the ICS control systems and provides the compliance. It works on the systems which cannot patch easily or it cannot run operating system which is no longer supported.

Critical system protection:

It is lightweight security client for the industrial IOT devices which is being used by many manufacturing suppliers for building the security which has small footprint and uses the minimal power resources into the industrial control devices.

Validation and ID protection service (VIP):

It is strong authentication which gives the organization’s secure access to networks. Weak authentication is a huge vulnerability in most of the ICS systems, which is due to the authorized access to OT and the office IT systems, applications and the data.

Managed PKI service:

It provides trust based security for the authentication purpose of IOT devices ad other in the production environment.

Encryption (PGP):

It protects the confidential information in the manufacturing firms for usage in transit or in the rest. It is being often deployed in cooperation with DLP.

Cyber Security Services:

It addresses the critical shortage of the security expertise and it also extends the security capabilities. The smaller manufacturing companies or the suppliers are increasingly being attacked by malicious code. It provides the additional insight and the context across the managed security services.

Control compliance suite:

Manufacturing security and the risk support IT governance risk and compliance enables the auto discovery of the systems in IT and OT office and it automates the security assessment for procedural and the technical controls.

Email and the web security:

It secures the gateway control points for email and the web in cloud services.

Endpoint protection and the management:

It secure manages and deploys the endpoints with the standard operating systems.

Advance threat protection:

It uncovers, prioritises and remediates the advanced attacks across the several manufacturing control points.

Anomaly detection for the control system of industry:

The solution which detects the IOT devices and their network traffic by the identification of IOT devices and analyse it in the network traffic. It creates an asset map in detail.

Data Loss prevention:

It detects the stored data across the endpoints, storage system, mobiles and the networks in the cloud.

Identity Access manager (SAM):

It solves cloud security challenges which use identity and the context based access control across the multiple cloud and web based applications.

Incident Management

In SOC technology, the main scope of the incident management is in the field of happening incident in manufacturing process and to the external SOC itself. In this, it will focus on handling those incidents in the manufacturing process. This same process can be applied in the SOC incidents itself but it can require some extra adjustment, when the system which is being used in the incident handling is itself affected by the incident.

Incident Handling:

This figure will be used for the proposed framework description for the incident management in the SOC technology: (Cichonski et al., 2012)

Figure6. Life cycle for Incident response (Cichonski et al., 2012).

Preparation:

In the incident management the preparation is important for four reasons and these are:

• For ensuring the measures to be taken for the incidents occurring prevention.
• For ensuring the incidents is being detected in the given timeframe.
• For defining the baselines for the network traffic.
• For the detection of the abnormal traffic.

Detection and the analysis:

An intrusion can also be detected in the several ways range s user sent the request to the supporting helpdesk and the intrusion detection system sent the automatic alarm. So it is important to be able for detection and identifying the incidents, that SOC technology has up to date intelligence for the latest attack vectors. An attack vector could be the Email, Web, the improper usage etc.

Containment, eradication and the recovery:

After the detected incidents analysis, the SOC technology should start the processes for isolating the incident form the systems affection, carefully problem fixing by the incident causes and the data recovery from the incident on the minimal loss.

Post- incident Activity:

After the incidents, when the system is up and it running again it is important to analyse that what happened. How could it happen? How to avoid such incidents again in future?

How was this incident communicated?

Business continuity Management

Data Recovery:

For the data recovery purpose, there are two terms which is being applied in the system and these are:

Recovery Time Objective:

This is the time which allowed for the recovery when an IT network failure occurs.

Recovery point objective (RPO):

The maximum amount of data set which are willing to lose.

Figure7. Visual explanation for RTO and RPO (sqlity.net, 2014).

Data Backup and Recovery:

However an internal backup will have the shorter RTO but the external backups are required if the SOC technology is unable to perform the duties form the main site. For the instance, that a small fire breaks out in the SOC technology makes it impossible for the SOC to operate with the manufacturing firm. It would require a temporary backup site.

Communication:

It is really crucial to have the efficient communication with all the stakeholders when the disruptive event occurs. It includes the working communication links like the telephones and the live chats for knowing that who is responsible for which service, and having the trained staff for communicating properly in the potential crisis.

Backup Site:

The backup site which is also known as the work area recovery site is a location in which the SOC technology could relocate if the main working area is unavailable.

Disaster drills:

It is being used for the flaws detection in the disaster procedures before the disaster arise is the decisive for the avoidance of the silly mistakes during the disaster. And it is best done by the disaster drill performance.

Security Testing

The security testing is also known as the Penetration tests or the Pen testing. It is the process of application testing for the vulnerabilities and answering the simple question such as what could a hacker do to harm the application or he organization out from the real world?  The SOC technology must have the security mechanism to ensure that it can protect by itself against the threats it includes protecting the service itself and the information within it. For testing the SOC technology s in the fact which is sufficiently protected against the external an internal threats the following ideologies should be considered: (Pearson, 2014).

Internal Testing:

SOC technology analysis has a unique insight the daily operation of the SOC technology and it should be both encouraged and supported for testing and evaluation of procedures which is undertaken. (National Cyber Security Centre, 2016)

External testing:

However the SOC analyst has the key insights into the daily operations so it is easy to be blinded by the particular procedure. For getting the fresh and the independent review of the SOC security, an external security tester must be hired for performing the security testing. The diagram which is being shown below, elaborates the six step security testing life cycle, but it can vary by choosing the testing vendors.

Figure8. Phases of security testing  (Aerstone, n.d.).

The diagram which is being shown below is the good starting point. The steps from 1 to 4 must always be conducted by the SOC team, while the step 2 and the steep 3 could either be conducted externally and internally. The key success factor for the testing purpose can be clearly defined by the objective of the testing and for performing the thorough evaluation of the research in the step 3.

Figure9. Security testing Life cycle steps (Techmahindra.com, n.d).

Audit Assurance and Review

The scope for the external audits, assurance and the review are the SC technology itself. For the protection of the manufacturing process it is crucial that the SOC does not contain any vulnerability which could prevent it from the preformed duties. (VALIPOUR, MORADI & MOAZAMINEZHAD 2012) 

The government of UK is being defined the information assurance as the confidence that information systems will protect the information handled and it will be the function which required, under the legitimate users control.

However the SOC technology clearly defined as what output is being expected by the audit. It should include the documents which are being described as:

• The degree of compliance with the relevant laws, best practices and the standards etc. for determining the laws, standards, best practices which are being relevant with the manufacturing firms and its employees.
• For providing the estimation of the security maturity in the SOC technology. It would include the daily operation and assessing the security culture between the SOC staff.
• Assess, detect and the recommended mitigation strategies on the vulnerabilities of technologies and the procedures which is being embedded in the SOC.
• The Assess user policies and the user policy enforcement, it would include looking at the increased security gain of the enforcement for each user policy, and also look at which degree of user policies are being properly enforced. (Cabinet Office, 2008)

Areas for the further investigation

Cyber risk is having the different challenges than the traditional IT risks such as:

• To understand and establish the baseline for what is normal on the network might be challenging, that making it difficult for spotting the anomalous activity, or compromise indicators, which is having the requirement for the further investigation.
• Preventive technologies exampled as the firewall and the intrusion prevention system will not prevent the most sensitive information   which is being sent over the internet if that activity is instigated with the legitimate user of the system.
• The increment of sophistication in the ways by the attackers gain of initial foothold can make it more difficult in attack detection in the early stage- that is the sophistication phishing techniques because it can be almost impossible to malicious email from the real one, and making the difficulty for educate the organization’s people on how to spot the attack on the traditional detection and the preventions methods. It would not detect the sophisticated attacks, which is being made for the environment.
• The lead time of attacks detection can be significant for the reason of blind spots and the advanced techniques which is being used by the attackers for hiding the presence.

Additional area for the network design

EY is being developed the cyber security compromise diagnostic for the helping purpose of organizations to identify the compromising signs.

It can leave other parts of the network as compromised and in exposed position, because the full extent of the breach is never being uncovered.  It is clear that information technology and the risk personnel requirement need to be considered as how to protect the IT systems from the cyber criminals, but also consider:

• How to determine that the attackers have slipped past the security defences?
• What can be done if it happened?

This can help in the time reduction in exposing the network and mitigate the data loss which provides the result and increase the probability of catching the perpetrator to helping in:

1. Detection of compromised system within the environment of organization.
2. Evaluation of the effectiveness in current cyber security control.
3. Assisting with responding to the discovered threats.
4. Raising user awareness and the ability to handle the targeted attacks.

The diagnostic helps in addressing the threat of the hosts within the network which is being compromised by using the market leading technology for suspicious processes detection and for the traffic generation by the hosts of the network.

This diagnostics typically allows identifying the further work for the investigation. Threat indicators can also include:

• The evidence for using the remote access software from the unauthorized sources.
• Indicators for showing the presence of active malware.
• Persistent connection in other countries or the unauthorized entities.
• Back channel data flow in and out at the organization.
• Data harvesting indicators by the employees.
• Unauthorized data access and the systems additionally for these indicators.

There are some other findings which relate with the IT security which includes:

• Existing security policies limitations.
• Confidential data storage in unprotected areas.
• Inappropriate usage of IT resources.
• Misconfigured devise of networks.
• Installation for the unauthorized hardware and the software.

The key factors for the critical success in solution development

A good functioning security operation centre SOC provides the formation of the heart of the effective detection, which can enable the information security functions for responding in the faster way, work with more collaboration, and share some effective knowledge. However the organization is looking for the improvement in the existing capabilities but there are 10 main factors which are being considerate for the success which is being elaborated below:

1. Executive and the bard supporting system:

A grassroots ideology for the security has the minimum chances of survival and the even smaller chance for getting succeeded. Without clear support system of the executive, SOC might be ineffective because by creating the SOC requirement support it is being possible to establish the long term strategy and the clear charter for SOC.

• Investment:

SOC technology and the operational model has took the another large amount from the budget. Open-source tools are free to use but it will also require the advanced practitioners for the customization and operating them. The vendor- supported solution can easily use but it comes with the expensive licensing and the support fees. By giving these two extremes, it is important to find the right balance which makes most of the limited funding.

• Strategy:

It should have the clear vision, mission and the objectives with the context of three critical priorities:

• Alignment with the overall risk posture.
• Support in business aims.
• Meeting compliance obligations assistance.
• People:

It requires the talented resources that possess the great technical knowledge and a broad range of the capabilities with the experience diversity. The staff should be able to analyse the large volume of data efficiently and recognize the need for the further investigation purpose. An effective SOC should strike the right balancing between the security professional and the internal IT transfers which can bring the solid understanding for company’s IT environment and the business functions and the infrastructure support

• Processes:

This is the well-defined procedure which enables the consistent operations and the repeatable results. The SOC needs to communicate and document the processes in effective manner and implement the change management mechanism for quickly update the processes when improvement opportunities rises.

The process of SOC technology is being derived the figure shown below:

Figure10. Security testing Life cycle steps (Torres, 2015).

• Technology:

Organizations sometimes deploy the technology for the meaning o business addressing or the security imperatives. Projects which named after the technical solutions are measured in frequent manner by the implementation success rather than the value of the technology which is being provided.

•  Environment:

The overreaching aim of the SOC technology is to secure and enable the business. For doing that, SOC personnel must understand the business and the value association with the specific decision in order to prioritizing the appropriate response.

The two factors of SOC technology provides the immediate benefits in internal transfer for bringing the new SOC and these factors are:

• Business Knowledge
• Infrastructure familiarity
• Analytics and reporting:

The SOC technology can bring unique value for activities monitoring by using the behaviour based analytics against the environmental baselines. By using the advanced techniques, the SOC technology can analyse the data across the different system and the devices, by providing the visibility into the unique trends and the patterns which may have been occurred.

• Physical space:

The SOC technology should maintain its own physical space in the secure facility. By creating the distinct location for the SOC, along with the requisite hardware and software will facilitate the shorter response time and the promote unity, closer teamwork and the knowledge sharing.

1. Continuous improvement:

The SOC technology requires providing the proper education and on-going training by which the skills and the knowledge of the people can evolve with the threat landscape changing. Similarly, the processes will require to constantly evaluate the technical capabilities for assess the relevance and effectiveness against the evolving external and the internal threats. These features should be built inherently into the SOC organization design and its operation.

Conclusion

The SOC technology is being used in the different concern of the automated mass manufacturing in this research. Automated mass manufacturing is being used for facilitation purpose in the cost reduction, the quality expectation establishment and the consistency availability, the regions is being created with the control of central office on the administration and the manufacturing procedure foe the reduction in carbon emission central hub. The production line is being controlled completely by using the SOC technology.

The main issue of various benefits for modernized the manufacturing firm with security of SOC technology is being resolved in it.

References

Yalman, Y. and Yesilyurt, M. (2013) Information Security Threats and Information Assurance. TEM Journal. 2(3), pp. 247-252. Available from: www.temjournal.com [Accessed 5 november 2019].

Dushie, D. (2014) Business Continuity Planning: An Empirical Study of Factors that Hinder Effective Disaster Preparedness of Businesses. Journal of Economics and Sustainable Development. 5(27), pp. 185-192. Available from: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.663.9880&rep=rep1&type=pdf [Accessed 7 november 2019].

Lee, M. (2014) Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method. International Journal of Computer Science & Information Technology. 6(1), pp. 29-45. Available from: http://airccse.org/journal/jcsit/6114ijcsit03.pdf [Accessed 7 november 2019].

Valipour, H., Moradi, J. and Moazaminezhad, H. (2012) Auditors’ perceptions of reasonable assurance the effectiveness of the audit risk model. Case from Iran. International Journal of Academic Research in Accounting, Finance and Management Sciences. 2(3), pp. 17-34. Available from: http://hrmars.com/admin/pics/914.pdf [Accessed 7 november 2019].

Nathans, D. (2015). Designing and Building Security Operations Center. 1st ed. Syngress.

Rothke, B. (2012). Building a Security Operations Center (SOC) Available at: https://www.rsaconference.com/writable/presentations/file_upload/tech-203.pdf [Accessed 7 November 2019].

Cichonski, P., Millar, T., Grance, T. and Scarfone, K. (2012). Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology.

Pearson, A. (2014). What is Penetration Testing and Why is It Important?. [online] Securityinnovationeurope.com. Available at: http://www.securityinnovationeurope.com/blog/what-is-penetration-testing-and-why-is-it-important [Accessed 7 Novemnber 2019].

Cabinet Office, (2008). Independent Review of Government Information Assurance. [online] Available at: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/60967/ia_review.pdf [Accessed 7 November 2017].

Houngbo, P. and Hounsou, J. (2015) Measuring Information Security: Understanding And Selecting Appropriate Metrics. International Journal of Computer Science and Security. 9(2), pp. 108-120. Available from: https://www.cscjournals.org/manuscript/Journals/IJCSS/Volume9/Issue2/IJCSS-1006.pdf [Accessed 7 november 2019].

Singh, A., Vaish, A. and Keserwani, P. (2014) Information Security: Components and Techniques. International Journal of Advanced Research in Computer Science and Software Engineering. 4(1), pp. 1072- 1077. Available from: http://ijarcsse.com/Before_August_2017/docs/papers/Volume_4/1_January2014/V4I1-0528.pdf [Accessed 7 november 2019].

National Cyber Security Centre (2016) Security operations centre (SOC) buyers guide: guidance. Available at: https://www.ncsc.gov.uk/guidance/security-operations-centre-soc-buyers-guide [Accessed: 07 November 2017]. 

Illustrations

Figure1.

Yalman, Y. and Yesilyurt, M. (2013) Information Security Threats and Information Assurance. [Online] TEM Journal. Available at: www.temjournal.com [Accessed 5 november 2019].

Figure2., Figure3., Figure4. and Figure 5.

Symantec. (n.d.) Smarter Security for Manufacturing in The Industry 4.0 Era. [Online] Availbale at:https://www.symantec.com/content/dam/symantec/docs/solution-briefs/industry-4.0-en.pdf[Accessed 5 november 2019].

Figure 6.

Cichonski, P., Millar, T., Grance, T. and Scarfone, K. (2012). Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology.

Figure 7.

sqlity.net. (2014). Recovery Point & Recovery Time Objectives Demystified. [online] Available at: http://sqlity.net/en/2803/recovery-point-objective-recovery-time-objective/

[Accessed 7 November 2017].

Figure 8.

 Aerstone. (n.d.). Penetration Testing. [online] Available at: https://aerstone.com/assess/penetration-testing/

[Accessed 6 November 2019].

Figure 9.

Techmahindra.com. (n.d.). Penetration, Vulnerability & Rapid Security Testing. [online] Available at: http://www.techmahindra.com/services/testing/security_testing/service_offerings/penetration_testing.aspx

[Accessed 7 November 2019].

Figure 10.

Torres, A. (2015). Building a World-Class Security Operations Center: A Roadmap. [online] SANS. Available at: https://www.sans.org/reading-room/whitepapers/analyst/building-world-class-security-operations-center-roadmap-35907 [Accessed 6 Novemeber 2019].

Bibliography

Cichonski, P., Millar, T., Grance, T. and Scarfone, K. (2012). Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology.

Intel Security, (2016). Threats Report

Nathans, D. (2015). Designing and Building Security Operations Center. 1st ed. Syngress.

Rothke, B. (2012). Building a Security Operations Center (SOC).