Home > Projects > Energy

Energy

Securing Networked Infrastructure for the Energy Sector


In July 2013, the National Cybersecurity Center of Excellence (NCCoE) posted drafts of the first of several use cases addressing cybersecurity issues that are relevant across the energy sector. The public was invited to comment. We received more than 130 comments from 40 reviewers regarding the two draft use cases. We grouped comments according to their commonalities, then distilled those grouped comments into brief statements. We have provided a response to each statement and revised the use cases accordingly. You can download the revised use cases and their comments below.

Use Case: Identity and Access Management V.2 (PDF)

In order to protect power generation, transmission and distribution, energy companies need to be able to control physical and logical access to their resources, including buildings, equipment, information technology, and industrial control systems. They need to be able to authenticate the individuals and systems to which they are giving access rights with a high degree of certainty. In addition, energy companies need to be able to enforce access control policies (e.g. allow, deny, inquire further) consistently, uniformly and quickly across all of their resources.

Use Case: Situational Awareness V.2 (PDF)

Formerly Data Aggregation and Monitoring

To improve the security of information and operational technology, including industrial control systems, energy companies need mechanisms to capture, transmit, analyze and store real-time or near-real-time data from these networks and systems. With such mechanisms in place, energy providers can more readily detect and remediate anomalous conditions, investigate the chain of events that led to the anomalies, and share findings with other energy companies. Obtaining real-time and near-real-time data from networks also has the benefit of helping to demonstrate compliance with information security standards.

NCCoE cybersecurity experts will address these challenges through collaboration with members of the energy sector and vendors of cybersecurity solutions. The solutions proposed by this effort will not be the only ones available in the fast-moving cybersecurity technology market. If you would like to propose an alternative architecture or know of products that might be applicable to this challenge, please contact us at energy_nccoe@nist.gov.

Next steps:

  • We will publish notices in the Federal Register to invite participation from members of the cybersecurity technology community to address the use case problems
    • To receive announcements about the publication of the Federal Register notices, sign up for our email alerts by entering your email address in the box at the top right of this page
  • Technology community members will submit letters of interest
  • The NCCoE will host a meeting of technology community members
  • The NCCoE will sign collaborative agreements with community members and begin technical work
Footer line image