This was a great debate from S4x18. Many owner / operators have an Enterprise Secure Operations Center (SOC), and they are considering how best to handle OT incident detection and response. There are two main approaches:

  1. Add OT data and incident response capabilities to an Enterprise SOC or
  2. Set up and run a SOC dedicated to the OT environment


Dan Scali of FireEye took the Enterprise SOC side and debated with Rob Lee of Dragos, who argued the OT SOC side. The great thing was these two guys are friends and respect each other, so they didn’t hesitate to argue directly and strongly.

It’s set up as a classic debate with opening statements, rebuttals and then questions to each other. Take a listen and let me know what you think about the issue in the comments.