Security Experts:

Connect with us

Hi, what are you looking for?



NIST Working on Industrial IoT Security Guide for Energy Companies

The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.

The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.

A draft of the project was published on Monday and the NCCoE is hoping to get some feedback until June 5 that would help it “refine the challenge and scope.”

IIoT is represented by sensors, instruments and communication systems networked together in an effort to make operations more efficient in industrial organizations. In the case of the energy sector, wind turbines, solar panels and other distributed energy resources (DERs) communicate with a utility’s distribution control systems to manage energy flow.NIST working on IIoT security guide for energy sector

However, NCCoE points out, the IIoT technologies involved in these information exchanges can lack security. The organization also notes that managing these DER capabilities can require a higher degree of automation, which can introduce additional cybersecurity risks.

Studies have shown that cyberattacks against the energy sector are higher than average and research into the activities of threat actors has demonstrated that the energy sector is the target of several groups.

“The National Cybersecurity Center of Excellence (NCCoE) is proposing a project that will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections,” the NCCoE says.

Learn More About IIoT Security at SecurityWeek’s 2019 ICS Cyber Security Conference

The project focuses on five main areas of interest: information exchanges between distribution facilities and DER systems, processes and security technologies for trusted device identification and communication between devices, malware detection and prevention, ensuring the integrity of data, and data-driven cybersecurity analytics. The result will be a freely available cybersecurity practice guide.

Laurence Pitt, Global Security Strategy Director at Juniper Networks, shared some thoughts on securing IIoT in a recent SecurityWeek column.

“The security challenges SCADA and IIoT present may seem more complex at-a-glance, but actually are not all that different from the challenges that any enterprise business encounters on a daily basis: keep threats out, know what is on the network, who has access and react fast when a breach occurs,” Pitt said. “This means that the team responsible for SCADA and IIoT security can learn a lot from their co-workers securing the corporate enterprise network – in fact, by working together, these teams can ensure better security across the whole enterprise environment and that can only be good for business.”

Related: Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey

Related: Flaws in Moxa IIoT Product Expose ICS to Remote Attacks

Related: How the Secure Development Lifecycle Can Help Protect IIoT Deployments

Related: M2M Protocols Expose Industrial Systems to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.