The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a laboratory environment to demonstrate how energy organizations can strengthen their operational technology (OT) asset management practices by leveraging capabilities that may already exist within their operating environment or by implementing new capabilities.
As electric utilities and the oil and gas industry are some of the nation’s critical infrastructures, the incapacitation or destruction of assets, systems, and networks in the energy sector could have serious negative effects on the economy, public health and safety, notes the report.
"As industrial control systems (ICS) in the energy sector become more interconnected, vulnerabilities within OT assets and processes are targets for malicious actors. A challenge for energy organizations is maintaining an updated asset inventory. It is difficult to protect what cannot be seen or is not known. Without an effective asset management solution, organizations that are unaware of any assets in their infrastructure may be unnecessarily exposed to cybersecurity risks," says the report.
The NIST Cybersecurity Practice Guide provides detailed steps on how energy organizations can identify and manage OT assets and detect cybersecurity risks associated with those assets.