The NCCoE is developing example solutions so that energy companies can better control physical and logical access to their resources, including buildings, equipment, information technology, and industrial control system networks and systems. Vendors of commercial technologies for identity and access management will provide the products that are modules in the end-to-end approach to this challenge. (See the use case document.)
On May 20, 2014, the NCCoE hosted 20 representatives from 13 cybersecurity technology companies that responded to a March Federal Register notice calling for participation. The companies presented their products’ capabilities and learned about the cooperative research and development agreement (CRADA; see an example) that will guide their collaboration with NIST. Once the CRADAs are signed, collaboration will begin under the direction of an NCCoE project manager.
The solution developed by these collaborators in the NCCoE labs will help
- reduce opportunities for attack or error, as well as the impact of such incidents on energy delivery, thereby lowering overall business risk
- increase the probability that investigations of attacks or anomalous system behavior will reach successful conclusions
- improve accountability and traceability, leading to valuable operational lessons learned
- simplify regulatory compliance by automating generation and collection of access information