Energy Control System Help Sought

Monday, February 16, 2015 @ 08:02 AM gHale

In an effort to help energy companies improve the security of the networked technologies they rely upon to control the generation, transmission and distribution of power, the National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators to model systems to monitor attacks.

Participants would provide products and technical expertise to create a model, standards-based system that could capture, transmit and analyze data from industrial control systems and related networking equipment.

NIST Offers Mobile App Guidance
DoE Releases Framework Guidance
Smart Grid Framework Updated
Security a Top Concern at Utilities

To improve the security of operational technology, energy companies need mechanisms to capture, transmit, analyze and store real-time or near-real-time data from industrial control systems (ICS) and related networking equipment.

With such mechanisms in place, electric utility owners and operators can more readily detect anomalous conditions, take appropriate actions to remediate them, investigate the chain of events that led to the anomalies, and share findings with other energy companies. Obtaining real-time and near-real-time data from networks also has the benefit of helping to demonstrate compliance with information security standards.

The NCCoE is a partnership of the National Institute of Standards and Technology (NIST), the State of Maryland and Maryland’s Montgomery County, dedicated to furthering rapid adoption of practical, standards-based cybersecurity solutions for business and public organizations using commercially available technologies. This project is one of two current center efforts focused on the energy sector.

There are products on the market for monitoring enterprise networks for possible security events, but they tend to be imperfect fits for the unusual requirements of control system networks. A network monitoring solution tailored to the needs of control systems would reduce security blind spots.

Details of the challenge are in an NCCoE use case that defines specific function requirements of the system. The center invited public comment on a draft version of the use case in 2013 and used that input to develop the final version.

Participating technology vendors will provide commercially available products to serve as modules in an end-to-end sample solution. NIST will not endorse particular products, but will use them as references that provide certain capabilities and conform to existing standards. To adopt this situational awareness system, energy companies can use similar products with the same capabilities.

The project also will result in a freely available NIST practice guide that includes a materials list and instructions for implementing the reference design. The NCCoE will seek the public’s feedback on reference designs, and improve them accordingly.

Companies interested in participating in the reference design project must submit a letter of interest in which they outline their proposed contribution. Full details of this process are in a Federal Register notice (docket number 141231999-4999-01).

Those selected to participate will enter into a Cooperative Research and Development Agreement with NIST.

Leave a Reply

You must be logged in to post a comment.