U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Project Description (Initial Public Draft)

Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry

Date Published: January 2018
Comments Due: February 16, 2018 (public comment period is CLOSED)
Email Questions to: energy_nccoe@nist.gov

Author(s)

James McCarthy (NIST), Michael Powell (NIST), Titilayo Ogunyale (MITRE), John Wiltberger (MITRE), Devin Wynne (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to enhance the energy sector’s asset management capabilities for operational technology (OT). This project will include the development of a reference design and use commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.

Vulnerabilities in OT assets present opportunities for malicious actors to cause disruptions and power outages. To properly assess cybersecurity risk within the OT network, energy companies must be able to identify all their assets, especially the most critical.

This project will describe methods for managing, monitoring, and baselining assets and will also include information to help identify threats to these OT assets. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Abstract

Keywords

malicious actor; monitoring; operational technology (OT); supervisory control and data acquisition system (SCADA); industrial control system(s) (ICS); energy sector asset management (ESAM)
Control Families

None selected

Documentation

Publication:
Project Description (pdf)

Supplemental Material:
Project homepage

Document History:
01/16/18: Project Description (Draft)
03/01/18: Project Description (Final)

Topics

Security and Privacy

asset management, maintenance, vulnerability management

Applications

industrial control systems

Sectors

energy