Communication, collaboration are heart of new Cyber Security Operations Center

ISO New England’s new Cyber Security Operations Center is stocked with technology that helps analysts assess information and respond rapidly in the event of a cybersecurity incident.

An interactive whiteboard allows staff to save digital notes and illustrations as they think through an issue. At the front of the room, an enormous screen provides situational awareness displays for data and threat visualizations, and information for daily briefings.

But the center’s most important feature revolves around the people who work there.

“It helps us meld six to eight brains into one,” Jason LeDuc, manager, Cyber Security Administration, said of the room’s focus on collaboration. “Having the team together in this space, it’s easy to share different perspectives and ideas as we work through issues.”     

LeDuc and his team spent six months last year working at the ISO’s Connecticut campus during the renovation of a former training classroom in Holyoke. The project was completed in December, and the team returned to their new workspace in January.

The CSOC defends the ISO’s technical infrastructure—which includes myriad software and cloud services, as well as thousands of desktop, server and network devices—from cyberattacks. In addition, the CSOC serves as the incident command for any digital threat to the region’s bulk electric system.

“If you have a big incident, time’s important,” said Al Evans, director, Cyber Security and Compliance. “That’s why the CSOC is set up for maximum collaboration—this is a space where you want folks to overhear other conversations in the room.”

Requirements for the new CSOC were modeled largely after those of the ISO’s control center, where system operators manage the grid—and where facilitating staff interaction is paramount. Both feature sit-stand desks at workstations that are aligned with specific roles. Also like the control center, the CSOC includes a refrigerator and sleeping space, allowing team members to remain on-site for the duration of any major incident.

“All of these tools, and the rigorous training our staff goes through, are there to make sure we’re prepared to defend our digital assets,” Evans said. “It’s a responsibility we take very seriously.”