I designed this solution based on specs from AT&T USM Anywhere being used as the basis for the Cloud Based SIEM, however you could essentially swap USM Anywhere for almost any other Cloud Based Security Log Collection Service. The purpose of this USE CASE is to show how modern IT Security Technology can be deployed to monitor and provide security services within an IT and an OT environment simultaneously.
In order for this solution properly I recommend utilizing Next Gen or UTM Firewalls abundantly to provide network segmentation and interconnectivity security. It is very important to put security first and to use interoperable and integrated security systems to ensure the highest level of security across the enterprise.
I only designed this solution after working with multiple OT organizations. Operational Technology generally is used for critical infrastructure such as water providers, sewerage providers, electric providers and manufacturing organizations. One of the most difficult aspects of designing this type of solution is that most OT manager are very cautious about allowing the open internet to touch the OT environment. This is especially true when you integrate OT and SCADA environments.
Other key aspects to consider:
Physical vs logical network segmentation is of the utmost importance as the only way to ensure privacy and security within the OT/ICS/SCADA environment
Deep level encryption between terminating interfaces on the firewalls is extremely important to protect against certain attack techniques used in modern cybercrime.
Deploying best of breed firewall UTM or Next Gen solutions are very important to ensure the integrity of the security definitions across the platform. You should also work to find a platform that supports OT/IT/ICS/SCADA IOCs as these IOCs are unique in relation to standard Security IOCs.
Ensure the firewalls are either managed and monitored or integrated at the API level for automated or intelligent response with the Cloud Based SIEM platform to ensure machine speed responses to critical IOCs. Human speed in this USE Case is too slow.