Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (DRAFT)

[Project Description] Securing the Industrial Internet of Things: Scenario-Based Cybersecurity for the Energy Sector

Date Published: May 2019
Comments Due: June 5, 2019 (public comment period is CLOSED)
Email Questions to: energy_nccoe@nist.gov

Withdrawn: August 15, 2019

Author(s)

James McCarthy (NIST), Don Faatz (MITRE), Eileen Division (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description that will focus on securing Industrial Internet of Things (IIoT) information exchanges of distributed energy resources (DERs) in their operating environments. As an increasing number of DERs are connected to the grid, there is a need to examine the potential cybersecurity concerns that may arise from these interconnections.   

The goal of this project is to document an approach for improving the overall security of IIoT in a DER environment that will address the following areas of interest: 

  • The information exchanges between and among DER systems and distribution facilities/entities, and the cybersecurity considerations involved in these interactions.  
  • The processes and cybersecurity technologies needed for trusted device identification and communication with other devices.
  • The ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring.
  • The mechanisms that can be used for ensuring the integrity of command and operational data and the components that produce and receive this data.  
  • Data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks. 

This project will result in a publicly-available NIST Cybersecurity Practice Guide (SP 1800 series)—a detailed implementation guide of the practical steps needed to implement a cybersecurity reference design that addresses this challenge.

Abstract

Keywords

data integrity; distributed energy resource (DER); industrial control system; Industrial Internet of Things; malware; microgrid; smart grid
Control Families

None selected

Documentation

Publication:
Project Description

Supplemental Material:
Submit Comments (other)
Project homepage (other)

Document History:
Draft White Paper (5/6/19)
White Paper (8/15/19)