Strategies And Lessons Learned From Internal Network Security Monitoring At Scale

The bulk electric sector is preparing for NERC CIP 015-1, which requires internal network security monitoring (INSM) for OT networks. Dominion Energy is a large utility that is tackling this INSM requirement. Wes describes Dominion's approach and lessons learned throughout the design, planning, implementation and support of this project across power generation and 100s of substations. Both the monitoring infrastructure and the process to deal with the monitored system data scale an already challenging task. While this project was driven by an electric sector regulatory requirement, the adoption of INSM technologies is applicable to all sectors as their OT security program matures.