Over the past several months, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has been working on a cybersecurity project involving asset management to help energy utilities and the oil & gas industry develop an automated solution to better manage their industrial control system (ICS) assets.
As part of our partnership with NCCoE and the industrial cybersecurity community, Dragos provided expertise and tools such as Dragos Platform to help develop this practical guidance that industrial security teams can utilize to implement standards-based security controls.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released draft practice guide NIST Special Publication 1800-23, Energy Sector Asset Management.
This project explores methods for managing, monitoring, and baselining assets and includes information to help identify threats to these OT assets. Both standards and best practices were used to develop reference designs leveraging commercially available technologies. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
“Almost everything you do in cybersecurity relies on a foundation of knowing your assets and how they are being managed,” said Jim McCarthy, NCCoE senior security engineer. “This guide provides a practical approach to OT asset management to help energy sector organizations identify the physical and logical assets on their network and detect changes to their inventories.”
Read more at: Dragos