A Commerce Department agency, energy sector and technology providers are partnering in a new initiative aimed at finding solutions for protecting critical assets used in the generation, transmission and distribution of power.
The National Cybersecurity Center of Excellence (NCCoE), part of Commerce's National Institute of Standards and Technology, has initiated a new project, Energy Sector Asset Management, that "will result in a freely available NIST Cybersecurity Practice Guide that includes an example solution for electric utilities and oil and gas companies to effectively track and manage their assets," according to the 14-page draft project description, which was released this week.
The NCCoE says the impetus for developing the new guide comes from the energy sector, which is seeking an automated operational technology asset management solution for its industrial control systems. With the project launch, the center wants to identify interested participants and "standards-based, commercially available, and/or open-source technologies."
Cyber security of the nation's power grid is a major concern given the potential for catastrophic consequences as a result of prolonged shutdown of portions of the nation's energy sector.
Desired outputs in terms of security capabilities for the example solution include operational technology asset inventory, patch management, high-speed communication mechanisms for remote asset management, encrypted communications, continuous asset monitoring, log analysis and correlation, and cyber security event and attack detection, the NCCoE says.
The comment period on the draft project announcement runs through Feb. 16. Comments can be made at: energy_nccoe@nist.gov.