Security Experts:

NIST Working on Industrial IoT Security Guide for Energy Companies

The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.

A draft of the project was published on Monday and the NCCoE is hoping to get some feedback until June 5 that would help it “refine the challenge and scope.”

IIoT is represented by sensors, instruments and communication systems networked together in an effort to make operations more efficient in industrial organizations. In the case of the energy sector, wind turbines, solar panels and other distributed energy resources (DERs) communicate with a utility’s distribution control systems to manage energy flow.NIST working on IIoT security guide for energy sector

However, NCCoE points out, the IIoT technologies involved in these information exchanges can lack security. The organization also notes that managing these DER capabilities can require a higher degree of automation, which can introduce additional cybersecurity risks.

Studies have shown that cyberattacks against the energy sector are higher than average and research into the activities of threat actors has demonstrated that the energy sector is the target of several groups.

“The National Cybersecurity Center of Excellence (NCCoE) is proposing a project that will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections,” the NCCoE says.

Learn More About IIoT Security at SecurityWeek’s 2019 ICS Cyber Security Conference

The project focuses on five main areas of interest: information exchanges between distribution facilities and DER systems, processes and security technologies for trusted device identification and communication between devices, malware detection and prevention, ensuring the integrity of data, and data-driven cybersecurity analytics. The result will be a freely available cybersecurity practice guide.

Laurence Pitt, Global Security Strategy Director at Juniper Networks, shared some thoughts on securing IIoT in a recent SecurityWeek column.

“The security challenges SCADA and IIoT present may seem more complex at-a-glance, but actually are not all that different from the challenges that any enterprise business encounters on a daily basis: keep threats out, know what is on the network, who has access and react fast when a breach occurs,” Pitt said. “This means that the team responsible for SCADA and IIoT security can learn a lot from their co-workers securing the corporate enterprise network – in fact, by working together, these teams can ensure better security across the whole enterprise environment and that can only be good for business.”

Related: Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey

Related: Flaws in Moxa IIoT Product Expose ICS to Remote Attacks

Related: How the Secure Development Lifecycle Can Help Protect IIoT Deployments

Related: M2M Protocols Expose Industrial Systems to Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.