As an organization operating the energy supply chain, a key national infrastructure, it was essential to enhance the response capability against cyber threats and maintain stable power supply. The existing system was operated individually, which limited comprehensive threat analysis.
We established an integrated security monitoring system based on SIEM and SOAR. Security logs generated from power plants and key operational systems are centrally managed, and automated analysis and response processes have been implemented.
We created an environment that allows for rapid threat blocking without impacting power plant operations, thereby increasing response speed in the event of a security incident and enhancing operational stability.