City of San Antonio Plans to Open First Security Operations Center

The city expects to share the new center with CPS Energy, San Antonio Water System and VIA Metropolitan Transit, according to the San Antonio Business Journal. For security purposes, the organizations’ data streams would be kept separate.

• By Jessica Davis
• Feb 06, 2019

The city of San Antonio plans to open its first security operations center in the coming year. The new center would help monitor the city’s vast computer infrastructure 24/7.

The city expects to share the new center with CPS Energy, San Antonio Water System and VIA Metropolitan Transit, according to the San Antonio Business Journal. For security purposes, the organizations’ data streams would be kept separate.

Local leaders are looking for a secure place to house the operations center.

“We’re still in the beginning stages considering a physical location, what types of capabilities we would like to have that we’d have to maintain,” said Patsy Boozer, chief information security officer at the city of San Antonio. “It’s more cost effective for us to have a shared concept.”

A security operations center, or SOC, is an office where agents monitor traffic in and out of a computer network around the clock, in real time. The agencies also plan to collaborate on an information sharing and analysis organization, in which they would share threat intelligence data with the goal of reducing the prevalence of malware.

The city of San Antonio has more than 12,000 employees, which means it needs to secure tens of thousands of internet-connected devices. CPS Energy’s grid infrastructure supports a power system across the county as the only local electricity provider, and San Antonio Water System plans to implement smart meters in the future, which will likely also be internet-connected.

The new center will likely leverage software with artificial intelligence that might be able to identify network traffic anomalies more quickly and alert agencies to potential problems.

According to Boozer, while all of these municipal agencies employ people to deflect outside attacks to computer infrastructure, bad actors trying to access infrastructure most commonly try to access computer systems via phishing emails.

“A lot of what we see come through are phishing attempts, but our employees have been well-trained,” Boozer said. "We even have a phishing notification system through our [Microsoft] Outlook to report it."