The increasing integration of cyber-physical systems (CPS) into critical infrastructure—such as power grids, water treatment plants, and manufacturing facilities—has heightened the need for specialized security strategies, especially for Industrial Control Systems (ICS). Unlike traditional IT environments, ICS requires continuous availability and real-time performance, making conventional IT security measures inadequate. To address this gap, this project proposes the development of a Security Operation and Event Management (SOEM) platform specifically tailored for Operational Technology (OT) environments.
The SOEM platform aims to provide comprehensive monitoring, incident detection, and response capabilities for ICS, akin to the role of Security Information and Event Management (SIEM) systems in IT. The platform will collect and analyze logs, system tags, and parameters from multiple layers of the Purdue model, integrating diverse data sources, including non-TCP/IP-connected devices and physical process measures. Key components include a database built on the ELK stack, correlation rules enhanced with machine learning algorithms, and a user-friendly dashboard for real-time monitoring.
