Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, has announced that is has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a project to help energy utilities and the oil & gas industry develop an automated solution to better manage their industrial control system (ICS) assets.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released draft practice guide NIST Special Publication 1800-23, Energy Sector Asset Management.
This practice guide aims to help energy sector companies implement an asset management solution to monitor and manage ICS assets at all times. Standards and best practices were used to deploy strong asset management solutions that use open and scalable standards. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
“Many organizations lack a complete view of their operational technology assets and processes. This guide presents the cybersecurity risks associated with a lack of visibility of energy sector assets and how to mitigate those risks using commercially available technology,” said Jim McCarthy, NCCoE senior security engineer.
This practice guide demonstrates how commercially available technologies, like Tripwire Industrial Visibility*, can be integrated with existing tools to monitor activity in industrial control environments and detect anomalies.
“Tripwire provides industrial organizations visibility into cyber events that could affect the safety, productivity and quality of their operations,” said Tim Erlin, vice president of product management and strategy. “Our anomaly detection capabilities deliver deep, granular visibility into industrial devices and network activity to provide a baseline of normal operations and alert to any changes, without disrupting operational processes.”
*While the example implementation uses certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.
Read more at: Tripwire