DSTA has delivered the first phase of the Cyber Security Operations Centre (Cyber SOC) 2.0, incorporating into the system content scanning engines, custom data analytics, visualisation capabilities and security assessment tools.
Over the years, DSTA has been incorporating best-of-breed commercially available solutions to protect the security of MINDEF’s and the SAF’s computer networks. Where gaps existed, in-house technical solutions were developed.
Cyber SOC 2.0 was developed by DSTA to better detect and respond to advanced threats. Given that threats are evolving constantly, the team designed Cyber SOC 2.0 with artificial intelligence and machine learning techniques, which allow the system to learn and adapt constantly. The system can also easily add on new capabilities, as it was built on a modular architecture.
Furthermore, machine learning systems incorporated into Cyber SOC 2.0 can better prioritise alerts on cyber incidents for operators to isolate compromised machines remotely if required. The team also incorporated incident response automation by codifying the workflows, information gathering and analysis processes. This significantly accelerates the analysis process and provides more targeted response options for operators.
In addition, the team designed a Command and Control dashboard that allows operators to map out cyber incidents, building up visualisation capabilities for Cyber SOC 2.0. Doing so gives commanders a common and comprehensive overview of ongoing cyber operations in MINDEF’s and the SAF’s networks at any time. With improved situational awareness, commanders can make more timely and informed decisions.
Overall, the development of these Cyber SOC 2.0 capabilities will allow operators to better detect, investigate, contain and recover rapidly from cyberattacks, thus strengthening the protection of MINDEF’s and the SAF’s networks.