Energy Sector Cybersecurity – New Practice Guide Released

We are pleased to announce the release of the draft National Institute of Standards and Technology (NIST) Special Publication (SP) 1800-23: Energy Sector Asset Management. The NIST National Cybersecurity Center of Excellence (NCCoE) seeks your feedback on this cybersecurity practice guide. 

Energy sector companies rely on industrial control system (ICS) assets within operational technology (OT) environments to generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas. Given the growing complexity and critical role of these ICS assets, energy sector entities must be able to effectively identify, control, and monitor all of their OT assets to strengthen cybersecurity. We demonstrate how OT asset management practices can be enhanced by leveraging tools that may already exist in the environment or by implementing new capabilities.

This practice guide aims to help energy sector companies implement an asset management solution to monitor and manage OT assets at all times. Standards and best practices were used to deploy strong asset management solutions using commercially available technology. The guide also maps asset management capabilities to the NIST Cybersecurity Framework.