The Energy sector is one of the nation’s critical infrastructures - powering businesses, homes and critical business operations and any outages whether accidental or malicious can have serious impacts on the economy and public health & safety. With the ‘electrification of society’, industrial control systems (ICS) have become more interconnected and any vulnerability within operation technology, assets and processes have become a bigger target for malicious actors.
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has released a final cybersecurity practice guide involving asset management to help energy, utilities and the oil & gas industry develop an automated solution to better manage their industrial control system (ICS) assets.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released final practice guide NIST Special Publication 1800-23, Energy Sector Asset Management.
This project explores methods for managing, monitoring, and baselining assets and includes information to help identify threats to these OT assets. Both standards and best practices were used to develop reference designs leveraging commercially available technologies. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
To complete this guide, the NCCoE collaborated with other technology vendors, including Dragos, Forescout, FoxGuard Solutions, KORE Wireless Group, Splunk, TDi Technologies, and Tripwire.
In this collaboration KORE provided the wireless gateway and connectivity for the NCCoE to test and validate their solution for the Energy Sector Asset Management Guide. KORE team member, Ken Connor, Vice President of Enterprise Sales, participated in several planning sessions for this project and states, “I’m pleased to have had this opportunity to participate in the research for this guide. I think it’s going to really going to be impactful in the industrial and energy segments as they deploy remote monitoring and work to identify cybersecurity threats and how to mitigate those threats.”
The NCCoE believes the guide addresses a critical cybersecurity and economic need. Please download the practice guide and let the NCCoE know if you implemented or adopted the solution in part or in whole.