To protect power generation, transmission, and distribution, energy companies need to control physical and logical access to their resources, including substations, equipment, and IT and OT resources. They must authenticate authorized individuals to these devices and facilities with a high degree of certainty. In addition, they need to enforce access control policies (e.g., allow, deny, inquire further) consistently, uniformly, and quickly across all their facilities.
In this project, the NCCoE demonstrates a converged, standards-based technical approach that unifies identity and access management (IdAM) functions across OT networks, physical access control systems, and IT systems. These networks often operate independently, which can result in identity and access information disparity, increased costs, inefficiencies, and a loss of capacity and service delivery capability. Also, these networks support different infrastructures, each with unique security risks. A converged IdAM solution can help effectively secure a utility’s complex infrastructure.
This NIST Cybersecurity Practice Guide provides a modular, end-to-end example solution of a converged IdAM system that can be tailored and implemented by energy providers of varying sizes and levels of IT sophistication. It shows energy providers how we met the IdAM security challenge using open-source and commercially available tools and technologies that are consistent with cybersecurity and NERC CIP standards.
A converged IdAM solution can help effectively secure a utility’s complex infrastructure.