Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry

McCarthy, James; Powell, Michael; Ogunyale, Titilayo; Wiltberger, John; Wynne, Devin

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]

Project Description (Initial Public Draft)

Obsoleted on March 01, 2018 by Project Description

Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry

Documentation Topics

Date Published: January 2018
Comments Due: February 16, 2018 (public comment period is CLOSED)
Email Questions to: energy_nccoe@nist.gov

Author(s)

James McCarthy (NIST), Michael Powell (NIST), Titilayo Ogunyale (MITRE), John Wiltberger (MITRE), Devin Wynne (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to enhance the energy sector’s asset management capabilities for operational technology (OT). This project will include the development of a reference design and use commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.

Vulnerabilities in OT assets present opportunities for malicious actors to cause disruptions and power outages. To properly assess cybersecurity risk within the OT network, energy companies must be able to identify all their assets, especially the most critical.

This project will describe methods for managing, monitoring, and baselining assets and will also include information to help identify threats to these OT assets. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Abstract

Industrial control systems (ICS) comprise a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power. There is a wide variety of ICS assets, such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other devices (e.g., programmable logic controllers [PLCs]), that provide command and control functions on operational technology (OT) networks. These assets are primary targets of cyber attacks. Vulnerabilities within these systems and devices present opportunities for malicious actors to cause disruptions to the power grid.

Energy sector companies must monitor and manage ICS assets at all times to reduce the risk of such attacks. The NCCoE, in collaboration with members of the energy community and with cybersecurity technology providers, is planning a project to create an example solution to address this complex asset management challenge. This project will result in a freely available NIST Cybersecurity Practice Guide that includes an example solution for electric utilities and for oil and gas companies to effectively track and manage their assets.

Keywords

malicious actor; monitoring; operational technology (OT); supervisory control and data acquisition system (SCADA); industrial control system(s) (ICS); energy sector asset management (ESAM)

Control Families

None selected

Documentation

Publication:
Project Description (pdf)

Supplemental Material:
Project homepage

Document History:
01/16/18: Project Description (Draft)
03/01/18: Project Description (Final)

Topics

Security and Privacy

asset management, maintenance, vulnerability management

Applications

industrial control systems

Sectors

energy