Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.
Asset Management for the Energy Sector
Energy companies face many challenges in cybersecurity asset management, from aggregating disparate data sets to setting up real-time visibility into operational technology (OT) assets in a fluid environment. Without an effective asset management solution, organizations may unnecessarily expose themselves to cybersecurity risks.
An example cybersecurity solution helping utilities and the oil and gas industry better manage their OT assets
Project Abstract
Energy companies own, run, and support critical OT assets that have unique requirements for availability and reliability. These assets must be monitored and managed to reduce the risk of cyber attacks on ICS-networked environments. Key factors in strengthening OT asset management capabilities include knowing which tools can collect asset information and what type of communications infrastructure is needed to send this information.
The capabilities demonstrated in this NCCoE cybersecurity practice guide were selected to address several key tenets of asset management: establish a baseline of known assets; establish a dynamic asset management platform that can alert operators to changes in the baseline; capture as many attributes about the assets as possible via the automated capabilities implemented.
In addition to these key tenets, this practice guide offers methods of asset management that address particular challenges in an OT environment, including the need to: account for geographically dispersed and remote assets; have a consolidated view of the sum total of OT assets; be able to readily identify an asset’s disposition, or level of criticality, in the overall operational environment.
Key factors in strengthening OT asset management capabilities include knowing which tools can collect asset information and what type of communications infrastructure is needed to send this information.
Collaborating Vendors
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.