In July 2013, the National Cybersecurity Center of Excellence (NCCoE) posted drafts of the first of several use cases addressing cybersecurity issues that are relevant across the energy sector. The public was invited to comment. We received more than 130 comments from 40 reviewers regarding the two draft use cases. We grouped comments according to their commonalities, then distilled those grouped comments into brief statements. We have provided a response to each statement and revised the use cases accordingly. You can download the revised use cases and their comments below.
In order to protect power generation, transmission and distribution, energy companies need to be able to control physical and logical access to their resources, including buildings, equipment, information technology, and industrial control systems. They need to be able to authenticate the individuals and systems to which they are giving access rights with a high degree of certainty. In addition, energy companies need to be able to enforce access control policies (e.g. allow, deny, inquire further) consistently, uniformly and quickly across all of their resources.
Formerly Data Aggregation and Monitoring
To improve the security of information and operational technology, including industrial control systems, energy companies need mechanisms to capture, transmit, analyze and store real-time or near-real-time data from these networks and systems. With such mechanisms in place, energy providers can more readily detect and remediate anomalous conditions, investigate the chain of events that led to the anomalies, and share findings with other energy companies. Obtaining real-time and near-real-time data from networks also has the benefit of helping to demonstrate compliance with information security standards.
NCCoE cybersecurity experts will address these challenges through collaboration with members of the energy sector and vendors of cybersecurity solutions. The solutions proposed by this effort will not be the only ones available in the fast-moving cybersecurity technology market. If you would like to propose an alternative architecture or know of products that might be applicable to this challenge, please contact us at firstname.lastname@example.org.