Does your Security Operations Center do what you need it to do?


No matter what combination of letters it goes by (SOC, ESOC, GSOC, AMC, NOC, MC, OC, PCC, SCC – the list seems to go on forever), most Security Operations Center have two common features:

  • A bank of operator workstations, each with two to six monitors
  • A wall of monitors displaying a continuous stream of information

 

Command Center

 

But are they all really the same?

  • Some are public relations showpieces. These commonly have glass walls, shiny desks and lot
    s of monitors.
  • Some are small and look like they were shoehorned into a closet. Here you will likely see one or two computer workstations and one or two monitors on the wall displaying news, weather, and some video.
  • Some look like the bridge of the USS Enterprise from Star Trek.

 

So what do you need really need?

The answer to that question will vary widely from one organization to the next.  So before you set out to design a new operations center, ask yourself a few key questions.

  1. How will the design impact the effectiveness of the operations center?
  • Display placement, resolution, and content management – The content to be displayed needs to match the screen capabilities at a reasonable price point.
  1. Ops Center LayoutWhat elements of the operation should drive the design?
  • Staff planning for normal and crisis level needs
  • Flexibility to operate with lower staff levels during normal operations and expand quickly in a crisis. How do you manage the transition from the time an issue is identified until full staffing is in place?  How do you ramp back down when the situation is under control?
  • Familiarization with the language and culture of the areas and operations supported by center and personnel with whom they must deal with to effectively manage situations.
  • Level of training provided to operators. How do operators move from novice to expert?
  • Availability of food, restrooms, resting areas, and health support in times of extended crisis management (i.e. hurricane, blizzard, sustained attack, plant conflagration, etc.)
  • Availability, accessibility, and effectiveness of backup operations centers in the event the main operations center is rendered unusable.
  1. What design elements are the most important to your organization?
  • Form vs function?
  • How will it be used?
  • How will key stakeholders measure value provided?
  • Can you afford to staff it once it is built?

 

Case Study

Butchko was invited to review an Enterprise Security Operations Center and provide input based upon our multi-project and multinational experience.  The center was responsible for monitoring and coordinating response to security alarms for critical public infrastructure across the United States.  The center included:

  1. Nine (9) operator stations, complimented by one (1) training station and two (2) supervisor stations
  2. 32’ x 7’ video wall
  3. Audio speakers under operator control
  4. Indirect light fixtures
  5. Air purification systems
  6. Access control to the room and support equipment
  7. Formal, multi-month training program for operators
  8. Infrastructure and telecommunications redundancy
  9. Integrated security systems – intrusion, video, access control, audio to varying degrees

Not long after the operations center was commissioned, the operators complained that the light from the video wall was inhibiting their ability to view workstation monitors.  The wall was simply too bright.  To mitigate the problem, the operators turned off all the interior lights.

The company also incorporated a market-leading Physical Security Implementation Management (PSIM) system to tie their systems together and display the information on the video wall.  Within three years the PSIM was decommissioned because it did not function as intended.  Operators felt they were more effective managing systems directly than working through the PSIM.  Subsequent investigation and data analysis supported this theory.  The good news is that the operational effectiveness of the center improved.  The bad news was that a lot of time and money was wasted along the way.  We were glad that we didn’t recommend that design approach.

One gem that the company discovered was that by implementing the air purification system, operator sick days diminished, morale improved, and productivity increased.  It is likely that the benefits stemmed from both from improved air quality and the operators’ perception that the company was investing in their personal wellbeing.

Lessons Learned:

  1. Attention to ergonomics provides significant benefits to operator performance, effectiveness, and fatigue management.
  2. The ergonomic benefits of workstations that raise and lower to meet operator needs can obscure the view of operators behind or beside them. Thus the tradeoff needs to be addressed early in the design layout phase.
  3. Tactical operations and strategic operations have different needs and design requirements, but must peacefully coexist within the security operations center. Controlled information sharing between the two is critical, but the manner in which the information needs to be presented can vary significantly.
  4. Videoconferencing and/or audio-visual broadcasting from an Operations Center is a tool that can allow a secure Operations Center in a protected location to communicate with the public, company executives, and field operators with improved effectiveness.
  5. If an Operations Center deals with classified or sensitive information and at the same time is used in corporate public relations (selling the sizzle and sexy of the operation), a clear plan to obscure the sensitive information during tours is crucial. Designers must also figure out how operators will deal with a critical event that takes place during times when visitors are touring the center. How will the operators view the sensitive information they need, without disclosing it to the outsiders?

The bottom line is that while many Operations Centers are conceived and designed for a tactical security or process control need, they are often used for promotional benefits.  Both can have significant value to the organization and justify the investment into the Operations Center.

There is no single recipe for success for a Security Operations Center.  But the best results come when time is taken to examine the many ways the center will be used before a single design is drawn.