Building an Effective VSOC With A Partner Approach
TEAM UPSTREAM
Share on:
Our VSOC is a key component in any Cybersecurity Management System (CSMS). Whether managing your VSOC in-house or looking to build one together, our Build, Operate, Transfer (BOT) model, offers the flexibility you need to meet regulatory concerns and prepare your team based on automotive-specific cyber threat intelligence needed for today’s connected vehicles. Want to see how it can work for you?
Script
How to build and operate a VSOC is a top-of-mind question for many in the automotive industry, either for handling existing and emerging cybersecurity threats or complying with the UNECE WP.29’s R155 regulation. The VSOC, as we see it, is a key operational component of the OEM’s CSMS – or Cyber Security Management System, as stipulated in this regulation.
As a first step to building a VSOC, some of our clients choose to use our VSOC framework to lay out the different components and capabilities that should be in place. Our clients are working with us to structure, develop, and operate their VSOC with the intention for us to pass it off to an in-house capacity at a later date.
This Build Operate Transfer, or BOT model is intended to be transferable between us and our clients and/or partners. The most common two reasons are 1) either the OEM does not have enough manpower and/or the right skills to fully take on the responsibility at the time of development, or 2) their internal team would like to work together in tandem, ensuring they have all the necessary capabilities in place, before bringing all tasks in-house.
As we see when we build and operate VSOCs, a great deal of the use cases we monitor are new to the OEMs, and therefore it is quite often we see that effective response processes and procedures are not in place, and require creating them from scratch. We build with our clients end-to-end processes that rest firmly on our experience and expertise. We document these processes in playbooks that lay out all the necessary steps to take, from containment through eradication and recovery, to ensuring that lessons are learned from and future threats and vulnerabilities can be mitigated.
To summarize, the key to working effectively using a BOT model with Upstream, is having a clear framework and action plan, robust processes backed with clear documentation, and well-defined protocols.
