Date Published: January 2018
Comments Due:
Email Questions to:
Author(s)
James McCarthy (NIST), Michael Powell (NIST), Titilayo Ogunyale (MITRE), John Wiltberger (MITRE), Devin Wynne (MITRE)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project to enhance the energy sector’s asset management capabilities for operational technology (OT). This project will include the development of a reference design and use commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.
Vulnerabilities in OT assets present opportunities for malicious actors to cause disruptions and power outages. To properly assess cybersecurity risk within the OT network, energy companies must be able to identify all their assets, especially the most critical.
This project will describe methods for managing, monitoring, and baselining assets and will also include information to help identify threats to these OT assets. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.
Industrial control systems (ICS) comprise a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power. There is a wide variety of ICS assets, such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other devices (e.g., programmable logic controllers [PLCs]), that provide command and control functions on operational technology (OT) networks. These assets are primary targets of cyber attacks. Vulnerabilities within these systems and devices present opportunities for malicious actors to cause disruptions to the power grid.
Energy sector companies must monitor and manage ICS assets at all times to reduce the risk of such attacks. The NCCoE, in collaboration with members of the energy community and with cybersecurity technology providers, is planning a project to create an example solution to address this complex asset management challenge. This project will result in a freely available NIST Cybersecurity Practice Guide that includes an example solution for electric utilities and for oil and gas companies to effectively track and manage their assets.
Industrial control systems (ICS) comprise a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power. There is a wide variety of ICS assets, such as supervisory control and data acquisition (SCADA) systems, distributed control...
See full abstract
Industrial control systems (ICS) comprise a core part of our nation’s critical infrastructure. Energy sector companies rely on ICS to generate, transmit, and distribute power. There is a wide variety of ICS assets, such as supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other devices (e.g., programmable logic controllers [PLCs]), that provide command and control functions on operational technology (OT) networks. These assets are primary targets of cyber attacks. Vulnerabilities within these systems and devices present opportunities for malicious actors to cause disruptions to the power grid.
Energy sector companies must monitor and manage ICS assets at all times to reduce the risk of such attacks. The NCCoE, in collaboration with members of the energy community and with cybersecurity technology providers, is planning a project to create an example solution to address this complex asset management challenge. This project will result in a freely available NIST Cybersecurity Practice Guide that includes an example solution for electric utilities and for oil and gas companies to effectively track and manage their assets.
Hide full abstract
Keywords
malicious actor; monitoring; operational technology (OT); supervisory control and data acquisition system (SCADA); industrial control system(s) (ICS); energy sector asset management (ESAM)
Control Families
None selected