Infrastructure protectionImproving security monitoring of energy industry networked control systems
There are a number of useful products on the market for monitoring enterprise networks for possible security events, but they tend to be imperfect fits for the unusual requirements of control system networks. A network monitoring solution that is tailored to the needs of control systems would reduce security blind spots. The National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators on an effort to help energy companies improve the security of the networked technologies they rely upon to control the generation, transmission and distribution of power.
The National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators on an effort to help energy companies improve the security of the networked technologies they rely upon to control the generation, transmission and distribution of power. Participants would provide products and technical expertise to create a model, standards-based system that could capture, transmit, and analyze data from industrial control systems and related networking equipment — in real or near-real time.
NIST says that the NCCoE is a partnership of the National Institute of Standards and Technology (NIST), the State of Maryland, and Maryland’s Montgomery County. The partnership is dedicated to furthering rapid adoption of practical, standards-based cybersecurity solutions for business and public organizations using commercially available technologies. This project is one of two current center efforts focused on the energy sector.
NIST notes that while there are a number of useful products on the market for monitoring enterprise networks for possible security events, they tend to be imperfect fits for the unusual requirements of control system networks. A network monitoring solution that is tailored to the needs of control systems would reduce security blind spots.
Details of the challenge are laid out in an NCCoE “use case” that defines specific function requirements of the desired system. The center invited public comment on a draft version of the use case in 2013 and used that input to develop the final version.
Participating technology vendors will provide commercially available products to serve as modules in an end-to-end sample solution. NIST will not endorse particular products, but will use them as references that provide certain capabilities and conform to existing standards. To adopt this situational awareness system, energy companies can use similar products with the same capabilities.
The project also will result in a freely available NIST practice guide that includes a materials list and instructions for implementing the reference design. The NCCoE will seek the public’s feedback on reference designs, and improve them accordingly.
Companies interested in participating in the reference design project must submit a letter of interest in which they outline their proposed contribution. Full details of this process are published in a Federal Register notice (docket number 141231999-4999-01) at. Those selected to participate will enter into a Cooperative Research and Development Agreement with NIST.
To learn more about the NCCoE and how to collaborate on its projects, see here.