The National Cybersecurity Center of Excellence (NCCoE) has drafted the first of several use cases addressing cybersecurity issues that are relevant across the energy sector. You can download the use cases below.
NCCoE cybersecurity experts will address these challenges through collaboration with members of the energy sector and vendors of cybersecurity solutions. The solutions proposed by this effort will not be the only ones available in the fast-moving cybersecurity technology market. If you would like to propose an alternative architecture or know of products that might be applicable to this challenge, please contact us at firstname.lastname@example.org.
Draft use cases are published here so that interested members of the public can comment. The use cases will be revised accordingly.
In order to protect power generation, transmission and distribution, energy companies need to be able to control physical and logical access to their resources, including buildings, equipment, information technology, and industrial control systems. They need to be able to authenticate the individuals and systems to which they are giving access rights with a high degree of certainty. In addition, energy companies need to be able to enforce access control policies (e.g. allow, deny, inquire further) consistently, uniformly and quickly across all of their resources.
To improve the security of information and operational technology, including industrial control systems, energy companies need mechanisms to capture, transmit, analyze and store real-time or near-real-time data from these networks and systems. With such mechanisms in place, energy providers can more readily detect and remediate anomalous conditions, investigate the chain of events that led to the anomalies, and share findings with other energy companies. Obtaining real-time and near-real-time data from networks also has the benefit of helping to demonstrate compliance with information security standards.