The National Cybersecurity Center of Excellence (NCCoE) at NIST published a practice guide to enhance the energy sector’s asset management capabilities for operational technology (OT). This project includes a reference design and uses commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.
Vulnerabilities in OT assets present opportunities for malicious actors to cause disruptions and power outages. To properly assess cybersecurity risk within the OT network, energy companies must be able to identify all their assets, especially the most critical.
This project describes methods for managing, monitoring, and baselining assets and also includes information to help identify threats to these OT assets. The project has resulted in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.