As industrial control systems (ICS) in the energy sector become increasingly interconnected, companies looking to modernize operating technology processes will have to find automated methods to strengthen their asset management capabilities. How can energy organizations do this by leveraging resources they already have in their operating environment or by leveraging existing resources?
O National Cybersecurity Center of Excellence (NCCoE), arm of National Institute of Standards and Technology (NIST), built a laboratory environment to demonstrate that this is possible and compiled the detailed steps in one guide that has just been released. TI Safe, aligned with the purpose of ensuring the secure digital transformation for critical infrastructures, is contributing to the disclosure of this document that shows how energy companies can identify and manage OT assets and detect cybersecurity risks associated with them.
According to the guide, NCCoE used existing technologies that provided the following resources:
- inventory of OT / ICS assets (including devices using serial connections)
- high-speed communication mechanisms for remote management of reliable / secure / encrypted communications assets
- continuous asset monitoring
- log analysis and correlation
- cyber security event / attack detection
- patch-level information
- awareness of vulnerabilities
The content of the material produced by NCCoE can help companies to: reduce the risk of cybersecurity and, consequently, minimize the impact of operational and security risks, such as power interruption, for example; develop and execute a strategy that provides ongoing management and monitoring of OT assets; respond more quickly to security alerts through automated cybersecurity event capabilities and implement current cybersecurity standards and best practices.