Security Operations Center (SOC) (noun)
Rick Howard: The word is: SOC
Rick Howard: Spelled: S for Security, O for Operations, and C for Center
Rick Howard: Definition: A centralized facility or team responsible for monitoring, detecting, analyzing, and responding to cybersecurity incidents within an organization.
Rick Howard: Example sentence: SOC teams are typically staffed with skilled security analysts, incident responders, threat hunters, and other cybersecurity professionals who work in shifts to provide 24/7 monitoring and response capabilities.
Rick Howard: Origin and context: The idea of operation centers has been around seemingly forever. Friedrich Klemm in his "A History of Western technology," suggests that the concept goes as far back as 5,000 B.C. Klemm said that anytime an organization grows big enough, either in terms of people or in function where one small team can't do everything, leaders have built these centers to manage the workflow and status of the various groups and to coordinate actions among them.
Rick Howard: Fast forward to the early 1960s, AT&T handled most telephone switching in the United States and built a network operation center, a NOC to manage it in 1977 in Bedminster, New Jersey. In the aftermath of the infamous Morris Worm in 1988, the first destructive internet worm, the Defense Advanced Research Projects Agency, DARPA, a science and technology organization of the U.S. Department of Defense sponsored Carnegie Mellon University, who established the first CERT/Coordination center, CERT/CC in 1988.
Rick Howard: By 1990, the Form of Incident Response and Security Teams, FIRST had become a nonprofit to "bring together incident response and security teams from every country across the world to ensure a safe internet for all." As of today, there are 657 teams in 101 different countries that belong to FIRST. On the commercial side, it's unclear of the exact date, but we started to see the first Managed Security Service Providers, MSSPs in the late 1990s and early 2000s. MSSPs are essentially contracted SOCs. President Clinton established the ISAC system, the information sharing and analysis center framework when he signed Presidential Decision Directive-63, PDD-63 on May 22nd, 1998, in an effort to better protect the country's critical infrastructure.
Rick Howard: In February, 2015, president Obama established the Information Sharing and Analysis Organization ISAO framework clearing the legal hurdles for all like-minded organizations, not just critical infrastructure groups to share threatened intelligence with each other. CERTs, ISACs, ISAOs, and MSSPs provide SOC-type services for those that can't do it themselves or provide supplemental help for those that can. The bottom line is that when a task gets so big in scope that it requires multiple teams to complete it, an operation center is needed to coordinate those efforts. Just like Friedrich Clem said in terms of cybersecurity, a SOC is a network defender's centralized point, either physical or virtual, where they bring in relevant information from all corners of the organization. Analysts review the information and make recommendations to leadership. Leadership makes decisions, and then the SOC coordinates the deployment of those actions out to the individual organizational teams to execute.
Rick Howard: Nerd reference: In 1979, AT&T distributed a documentary film called AT&T Long Lines about their network operations center in Bedminster, New Jersey and just revel in the glory of that 1970s jazz rock, backbeat.
Speaker on a radio: Pittsburgh, Kansas City here. It looks like we might be in for some trouble.
Host of AT&T Tour: Hi. Oh. Before we start the tour, it'll only take a minute, if you don't mind.
Speaker on a radio: We've had some severe storms out here. We've really got generally hazardous conditions all along tornado alley and our radio tower at Plains, Kansas is on emergency power.
Host of AT&T Tour: Okay. I'll tell you what, while you're taking pre-plans, We'll establish the restoration priorities. Keep us posted. Just keep an eye on this screen please.
Host of AT&T Tour: Thanks for waiting. Sometimes the telephone network can't.
Host of AT&T Tour: You know, keeping the lines clear between more than 170 million telephones and making sure over half a billion local and long distance calls get to their destination every day. Well, that's quite a job, and basically that's what we do here. Welcome to the Network Operations Center, NOC for short, and to AT&T longlines Headquarters here in Bedminster, New Jersey.
Host of AT&T Tour: Some call. This
Rick Howard: Word Notes is written by Tim Nodar, executive produced by Peter Kilpe and edited by John Petrik and me, Rick Howard. The mix, sound design, and original music have all been crafted by the ridiculously talented Elliott Peltzman. Thanks for listening.