Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

NIST Working on Industrial IoT Security Guide for Energy Companies

The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.

The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.

A draft of the project was published on Monday and the NCCoE is hoping to get some feedback until June 5 that would help it “refine the challenge and scope.”

IIoT is represented by sensors, instruments and communication systems networked together in an effort to make operations more efficient in industrial organizations. In the case of the energy sector, wind turbines, solar panels and other distributed energy resources (DERs) communicate with a utility’s distribution control systems to manage energy flow.NIST working on IIoT security guide for energy sector

However, NCCoE points out, the IIoT technologies involved in these information exchanges can lack security. The organization also notes that managing these DER capabilities can require a higher degree of automation, which can introduce additional cybersecurity risks.

Studies have shown that cyberattacks against the energy sector are higher than average and research into the activities of threat actors has demonstrated that the energy sector is the target of several groups.

“The National Cybersecurity Center of Excellence (NCCoE) is proposing a project that will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections,” the NCCoE says.

Learn More About IIoT Security at SecurityWeek’s 2019 ICS Cyber Security Conference

The project focuses on five main areas of interest: information exchanges between distribution facilities and DER systems, processes and security technologies for trusted device identification and communication between devices, malware detection and prevention, ensuring the integrity of data, and data-driven cybersecurity analytics. The result will be a freely available cybersecurity practice guide.

Laurence Pitt, Global Security Strategy Director at Juniper Networks, shared some thoughts on securing IIoT in a recent SecurityWeek column.

Advertisement. Scroll to continue reading.

“The security challenges SCADA and IIoT present may seem more complex at-a-glance, but actually are not all that different from the challenges that any enterprise business encounters on a daily basis: keep threats out, know what is on the network, who has access and react fast when a breach occurs,” Pitt said. “This means that the team responsible for SCADA and IIoT security can learn a lot from their co-workers securing the corporate enterprise network – in fact, by working together, these teams can ensure better security across the whole enterprise environment and that can only be good for business.”

Related: Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey

Related: Flaws in Moxa IIoT Product Expose ICS to Remote Attacks

Related: How the Secure Development Lifecycle Can Help Protect IIoT Deployments

Related: M2M Protocols Expose Industrial Systems to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Cloud security giant Wiz has named Fazal Merchant as President and Chief Financial Officer.

Cybersecurity and data protection company Acronis has appointed Gerald Beuchelt as CISO.

Adam Zoller has joined CrowdStrike as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.