NCCoE Seeks Comments on Cybersecurity for IIoT in the Energy Sector

The National Cybersecurity Center of Excellence (NCCoE) is excited to announce the release of a new energy sector draft project description: Securing the Industrial Internet of Things (IIoT): Scenario-based Cybersecurity for the Energy Sector. Download the PDF.

We would like your feedback on this draft to help refine the challenge and scope. The comment period is now open and will close on Wednesday, June 5, 2019.

This NCCoE project will focus on helping energy companies secure IIoT information exchanges of distributed energy resources (DERs) in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections.  

The solution will use security controls that map to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a freely available NIST cybersecurity practice guide and document an approach for improving the overall security of IIoT in a DER environment that will address the following areas of interest:

  • the information exchanges between and among DER systems and distribution facilities/entities and the cybersecurity considerations involved in these interactions
  • the processes and cybersecurity technologies needed for trusted device identification and communication with other devices
  • the ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring
  • the mechanisms that can be used for protecting both system and data transmission components 
  • data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks