U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

White Paper (Draft)

[Project Description] Securing the Industrial Internet of Things: Scenario-Based Cybersecurity for the Energy Sector

Date Published: May 2019
Comments Due: June 5, 2019 (public comment period is CLOSED)
Email Questions to: energy_nccoe@nist.gov


James McCarthy (NIST), Don Faatz (MITRE), Eileen Division (MITRE)


The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description that will focus on securing Industrial Internet of Things (IIoT) information exchanges of distributed energy resources (DERs) in their operating environments. As an increasing number of DERs are connected to the grid, there is a need to examine the potential cybersecurity concerns that may arise from these interconnections.   

The goal of this project is to document an approach for improving the overall security of IIoT in a DER environment that will address the following areas of interest: 

  • The information exchanges between and among DER systems and distribution facilities/entities, and the cybersecurity considerations involved in these interactions.  
  • The processes and cybersecurity technologies needed for trusted device identification and communication with other devices.
  • The ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring.
  • The mechanisms that can be used for ensuring the integrity of command and operational data and the components that produce and receive this data.  
  • Data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks. 

This project will result in a publicly-available NIST Cybersecurity Practice Guide (SP 1800 series)—a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.



data integrity; distributed energy resource (DER); industrial control system; Industrial Internet of Things; malware; microgrid; smart grid
Control Families

None selected


Project Description

Supplemental Material:
Submit Comments (other)
Project homepage (other)

Document History:
05/06/19: White Paper (Draft)
08/15/19: White Paper (Final)