The NCCoE released the NIST Cybersecurity Practice Guide, SP 1800-23, Energy Sector Asset Management. For ease of use, the final guide is available to download or read in volumes.
Energy companies own, run, and support critical OT assets that have unique requirements for availability and reliability. These assets must be monitored and managed to reduce the risk of cyber attacks on ICS-networked environments. Key factors in strengthening OT asset management capabilities include knowing which tools can collect asset information and what type of communications infrastructure is needed to send this information.
The capabilities demonstrated in this NCCoE cybersecurity practice guide were selected to address several key tenets of asset management: establish a baseline of known assets; establish a dynamic asset management platform that can alert operators to changes in the baseline; capture as many attributes about the assets as possible via the automated capabilities implemented.
In addition to these key tenets, this practice guide offers methods of asset management that address particular challenges in an OT environment, including the need to: account for geographically dispersed and remote assets; have a consolidated view of the sum total of OT assets; be able to readily identify an asset’s disposition, or level of criticality, in the overall operational environment.
Key factors in strengthening OT asset management capabilities include knowing which tools can collect asset information and what type of communications infrastructure is needed to send this information.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
A Community of Interest (COI) is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. We communicate regularly with members through email or web conference calls, and participation is voluntary. Share your expertise and consider becoming a member of this project's COI.