NIST SP 1800-23, Energy Sector Asset Management: Securing Industrial Control Systems

Industrial organizations face a growing list of digital threats these days. Fortunately, these fail to go unnoticed by the broader industrial security community. Many in the industrial security space carefully tracked these stories and shared IoCs/other threat intel with industrial organizations to help them stay safe. Some decided to do even more.

Among them was the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST),  a collaborative hub where industry organizations, government agencies and academic institutions work together to address businesses’ most pressing cybersecurity challenges. NCCoE began working on developing a cybersecurity project involving asset management a short time ago. The purpose of the project was to help energy utilities and the oil the gas industry develop an automated solution to better manage their industrial control system (ICS) assets.

Towards that end, the NCCoE released a draft practice guide NIST Special Publication 1800-23, Energy Sector Asset ManagementThis practice guide explores methods for managing, monitoring and baselining assets and includes information to help identify threats to these OT assets. In these efforts, researchers drew upon both standards and best practices to develop reference designs leveraging commercially available technologies. They also mapped capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.

“Collaborating with key stakeholders in the energy sector, technology providers, and integrators to produce viable cybersecurity solutions is key to the NCCoE’s success. The Energy Sector Asset Management Practice Guide is another example of how stakeholders engage with the NCCoE to produce solutions to real-world problems.” said Jim McCarthy, NCCoE senior security engineer.


Read more at: Tripwire