CYBER SECURITY OPERATIONS CENTRE 2.0 (CYBERSOC 2.0) TEAM (DSTA, MSD, DSO)

Defence Science and Technology Agency, Military Security Department, DSO National Laboratories

CITATION

The Cyber Security Operations Centre 2.0 is a major cybersecurity development that has enhanced MINDEF's and the SAF's ability to monitor, detect, analyse and respond to cyber incidents. The team developed and integrated advanced artificial intelligence techniques, custom sensors and cyber analytics into the system, enabling it to pick up anomalies and potential threats. To better coordinate ongoing cyber operations on a larger scale, the team also introduced an intuitive Command & Control Information System that automatically prioritises alerts and recommends follow-up actions. In recognition of its outstanding contributions and innovation, the team is awarded the DTP2020 Team (Engineering) Award.

ABOUT THE CYBERSOC 2.0 TEAM

CyberSOC 2.0 combines the advanced technical cyber capabilities of DSTA and DSO National Laboratories together with the operational experience of the Military Security Department to provide a comprehensive spectrum of capabilities that significantly enhance our cyber defence posture. The team's areas of expertise includes cybersecurity, system architecting and engineering, systems integration, data analytics, command and control development and large display visualisation.

TECHNICAL INNOVATION AND OPERATIONAL IMPACT

While it was effective in its time, the first version of CyberSOC was based on incorporating best-of-breed commercially available detection solutions. With rapid advances in technology, the next generation system had to be adaptable enough to fend off increasingly sophisticated cyberattacks. Thus, CyberSOC 2.0 was conceptualised to harness not only best-of-breed commercially available solutions, but also integrate indigenous technical solutions developed by the team. This new system provides agile detection, analysis and response capabilities. The team's innovations include:

   a) Built-in Artificial Intelligence, Machine Learning, and Analytic Capabilities

The team designed CyberSOC 2.0 with advanced AI and machine learning techniques, which allow the system to learn and adapt constantly over time. These techniques help uncover potential cyberattacks by performing automated anomaly detection on large amounts of data.

The team also developed a scoring expert system using machine learning that prioritises alerts on cyber incidents, which significantly accelerates the analysis process and provides operators with more targeted response options.

   b) Command & Control Information System for Efficient Cyber Monitoring and Response

The team re-engineered the entire SOC concept with an innovative command and control-based interface to improve operators' situational awareness during cyber monitoring and incident handling.

The CCIS analyses incident alerts and swiftly recommends response approaches when potential threats are detected. This allows SOC operators to scale their analysis across a greater range and volume of incidents and improves coordination of response measures. In addition, the system is designed with novel display visualisation techniques to make it more intuitive for operators.

The team also boosted operational efficiency by automating cyber incident responses. This was done by codifying and validating key workflows and processes for information gathering and analysis based on past operational experience.

   c) Modular System Architecture for Insertion of New Technology Solutions

CyberSOC 2.0 was designed to enable rapid and seamless integration of emerging technologies as and when needed. The team adopted a spiral-development process where modules and capabilities were progressively rolled out and implemented as they were being developed. Besides facilitating greater ops-tech integration, having a working prototype also enabled them to experiment with data and technologies in order to innovate new ways to detect cyber threats.

PROFILE OF TEAM REPRESENTATIVE