News and Events

June 08, 2018

The Lexington Institute is hosting a Cybersecurity of the Electric Grid Capitol Hill Forum on Friday, June 8 at 12 pm. National Institute of Standards and Technology's Senior Security Engineer Jim McCarthy will be one of several presenters, and will discuss the NCCoE's energy sector projects and collaboration process.  

June 05, 2018

On June 5 at 2:05 pm, NCCoE Chief Security Engineer Harry Perper will participate in the Identity panel at the 2018 DOE Cyber Conference. This session will focus on DOE Identity, Credential, and Access Management Program (ICAM) implementation with major focus on the OneID DOE enterprise identity service developed and supported by LLNL. This event will be a part of the Advancing Cybersecurity Excellence: Moving from Compliance to Risk Management track.

March 20, 2018

The 2018 AlertEnterprise User Group meeting will focus on Security Convergence with topics such as Physical and Cyber Security, as well as IoT security. NCCoE Egineer Harry Perper will present two sessions: "Leveraging Cyber/Physical Security Convergence for Critical Infrastructure Protection" and "Example Implementation of NIST SP 1800-2 – Adoption Case Study."

October 17, 2016

NCCoE Senior Security Engineer Jim McCarthy will help lead a full day NIST NCCoE Workshop at GridSecCon on October 18, 2016 in Quebec City, Quebec. The  workshop will discuss top challenges facing the energy industry today, and review profiles and worked example solutions in IdAM, Situational Awareness, and Industrial Control Systems. Topics will also include the NIST Cybersecurity Portfolio and Cybersecurity Framework (CSF). 

October 13, 2016

Cyberattacks are on the rise, and a staggering 41% of them target the energy sector. In order to protect the nation’s critical infrastructure, the sector must contend with a diverse set of unique challenges, from aging and disparate networks to a lack of awareness of threats and vulnerabilities. The National Cybersecurity Center of Excellence (NCCoE), in collaboration with energy sector stakeholders and cybersecurity technology vendors, has developed example solutions that utilities can use to help bolster their security postures. The NCCoE, a part of the National Institute of Standards and Technology (NIST), will host a workshop on October 18, 2016 at the North American Electric Reliability Corporation’s (NERC) Grid Security Conference (GridSecCon) in Quebec City, Canada. GridSecCon...

June 26, 2016

NCCoE Senior Cybersecurity Engineer Jim McCarthy will host the workshop "Remaining Ahead of the Curve: Applying the NIST/NCCoE Energy Sector Practice Guides to the Cyber Security Challenges of the Oil & Gas Industry" at the 4th Annual Cyber Security for Oil & Gas Summit on June 27 at 2:30pm. The summit, held from June 27 - 29 in Houston, TX, will bring together industry experts who will address critical concerns and trends regarding cyber security for the oil & gas industry, and cover how to address these concerns in a down market. Download the full agenda.

June 06, 2016

NCCoE senior security engineer Jim McCarthy will be presenting a webinar on Identity and Access Management in conjunction with the energy sector build team collaborator AlertEnterprise on June 7 from 1pm to 2pm ET. In this session hear directly from industry as well as the nation’s leading research organization about techniques they have been developed to extend identity information beyond the traditional purview of IT by including physical access and OT (operational Technology) access to deliver a more holistic view of security. Learn correlating identity and roles-based attributes to determine access to IT systems, facilities and critical operating assets provides a 360-degree view of security to uncover gaps that cannot be identified by IT or Corporate Security alone.

May 28, 2016

Leverage government-industry partnerships such as NIST's National Cybersecurity Center of Excellence (NCCoE) to help jump start your IAM and situational awareness implementations. NCCoE has a plethora of cybersecurity implementation examples that can help all size energy organizations leverage proven third-party products to address cybersecurity framework, NERC CIP, and other standards and best practices. 

April 10, 2016

NCCoE associate director of operations Tim McBride will be speaking at the ISACA Spring Conference 2016. The conference will be held from April 11-13 at the Hilton Los Angeles/Universal City in Los Angeles, CA.

March 28, 2016

Leverage government-industry partnerships such as NIST’s National Cybersecurity Center of Excellence (NCCoE) to help jump start your IAM and situational awareness implementations. NCCoE has a plethora of cybersecurity implementation examples that can help all size energy organizations leverage proven third-party products to address cybersecurity framework, NERC CIP, and other standards and best practices.

February 02, 2016

Radiflow, a pioneer developer of ICS/SCADA network security, today issued an analysis of the December 2015 cyber-attack on a Ukrainian power provider.

According to multiple accounts, multiple western-Ukrainian power utilities were attacked, disconnecting thirty substations, and leaving 80,000 customers without power for hours. Using compromised HMI software and remote access software, the attackers targeted specific servers on the utilities' operational networks and deleted their attack paths-which delayed the response to the attack.

December 21, 2015

Kee noted that the NCCoE's Identity and Access Management for Electric Utilities cyber-security guide addresses the exact issue that played out at Calpine. In the Calpine attack, information was allegedly stolen from a contractor that had access to data.

November 29, 2015

The US National Cybersecurity Center of Excellence (NCCoE) recently released a draft document called "Identity and Access Management for Electric Utilities," which was based on the NIST Cybersecurity Practice Guide. The proposals underscored the need for energy sector companies to do better and also displayed the state they are in through inference. Industry comment on the proposals from Lieberman Software Corporation can be found here.

October 20, 2015

Over the last several months, TDi Technologies has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a cybersecurity project for the energy sector.

As the country’s national lab for cybersecurity, the NCCoE brings together people from industry, technology companies, government agencies, and academia to collaborate on applied cybersecurity to address broad challenges of national importance.

September 30, 2015

GlobalSign, a leading provider of identity services for commerce, communications, content, and communities, today announced a collaboration with the National Cybersecurity Center of Excellence (NCCoE) to develop a draft guide that will help energy companies implement Identity and Access Management practices to achieve secure access and authentication controls and reduce cybersecurity risk.

August 27, 2015

In the US, the National Cybersecurity Center of Excellence (NCC0E) has released a draft guide for utilities as part of a drive to move away from decentralised identity management practices. 

The guide, Identity and Access Management for Electric Utilities, could help energy companies reduce their risk by showing them how they can control access to facilities and devices from a single console.

August 26, 2015

The federal government wants utilities companies to keep people from gaining unauthorized access to buildings, networks, data and control systems and potentially triggering power outages.

In a new guide, the National Institutes of Standards and Technology aims to teach energy companies to protect their digital and physical assets by using a platform that could let them see who has access to any part of a system at any time. 

August 26, 2015

The National Cybersecurity Center of Excellence is urging utility companies to change decentralized identity management practices at their facilities to shore up a weak link against online attack.

The NCCoE, which is a partnership of the National Institute of Standards and Technology, Maryland and Montgomery County, released a draft guide to walk utility companies through the process of setting up a single identity management system that can work for employees no matter which department they work under.

August 25, 2015

The National Cybersecurity Center of Excellence has issued for public comment a draft guide on identity and access management for the electric sector.

The center, which is part of the National Institute of Standards and Technology, on Tuesday released "Identity and Access Management for Electric Utilities" and is seeking comments by Oct. 23.

August 25, 2015

The National Institute of Standards and Technology is stepping up its efforts to help energy companies keep their critical networks under lock and key.

The nonregulatory agency announced yesterday that it's seeking input on a draft how-to guide for managing access to electric utilities, from their physical control rooms to any Internet-connected computers.