As cybersecurity continues to weigh on the shoulders of industrial organizations worldwide, the push to identify standards-based methods for protecting networked systems from cyber attacks is heating up. One of the latest initiatives to take on this issue is an effort by the National Cybersecurity Center of Excellence (NCCoE), dubbed the “Situational Awareness Use Case for the Energy Sector,” which aims to improve the security of networked technologies in the energy space via commercially available technologies.
NCCoE is a partnership of the National Institute of Standards and Technology (NIST), the State of Maryland, and Maryland’s Montgomery County designed to facilitate real-world cybersecurity solutions based on commercially available technologies. As part of the “Situational Awareness Use Case for the Energy Sector” challenge, NCCoE is seeking collaborators to help energy companies improve the security of the networked technologies they rely upon to control the generation, transmission and distribution of power. Participants will provide products and technical expertise to create a model, standards-based system that could capture, transmit and analyze data from industrial control systems and related networking equipment—in real or near-real time.
The “Situational Awareness Use Case for the Energy Sector” challenge is among the latest in what has been a flood of new programs that have come to market over the past year with the aim of protecting critical infrastructure in the U.S. from cyber threats. Earlier this month, Honeywell Process Solutions launched a Cybersecurity Research Lab with the aim of advancing its development and testing of new technologies and software to defend industrial facilities and operations, such as refineries and manufacturing plants, from cyber attacks.
READ ALSO: Industrial Cybersecurity—Where Do We Start?
The NCCoE’s “Situational Awareness Use Case” challenge is one of two current center efforts focused on the energy sector. While there are a number of useful products on the market for monitoring enterprise networks for possible security events, NCCoE says they tend to be imperfect fits for the unusual requirements of control system networks. Alternatively, the NCCoE says a network monitoring solution that is tailored to the needs of control systems would reduce security blind spots.
Technology vendors participating in the “Situational Awareness Use Case” challenge will provide commercially available products to serve as modules in an end-to-end sample solution. NIST will not endorse particular products, but will use them as references that provide certain capabilities and conform to existing standards. To adopt this situational awareness system, NCCoE says energy companies can use similar products with the same capabilities.
As part of the project, NIST will also produce a free practice guide, including a materials list and instructions for implementing the reference design. The NCCoE will seek the public’s feedback on reference designs and make improvements accordingly.
Companies interested in participating in the reference design project must submit a letter of interest in which they outline their proposed contribution. Full details of this process are published in a Federal Register notice (docket number 141231999-4999-01). Those selected to participate will enter into a Cooperative Research and Development Agreement with NIST.
To learn more about the NCCoE and how to collaborate on its projects, visit http://nccoe.nist.gov.
Matt Migliore is the director of content for Flow Control magazine and FlowControlNetwork.com. He has covered technology and industry for 12-plus years. Matt can be reached at 610 828-1711 or [email protected].
