Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

NIST Working on Industrial IoT Security Guide for Energy Companies

The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.

The U.S. National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), this week announced that it’s working on a project whose goal is to help the energy sector secure industrial Internet of Things (IIoT) systems.

A draft of the project was published on Monday and the NCCoE is hoping to get some feedback until June 5 that would help it “refine the challenge and scope.”

IIoT is represented by sensors, instruments and communication systems networked together in an effort to make operations more efficient in industrial organizations. In the case of the energy sector, wind turbines, solar panels and other distributed energy resources (DERs) communicate with a utility’s distribution control systems to manage energy flow.NIST working on IIoT security guide for energy sector

However, NCCoE points out, the IIoT technologies involved in these information exchanges can lack security. The organization also notes that managing these DER capabilities can require a higher degree of automation, which can introduce additional cybersecurity risks.

Studies have shown that cyberattacks against the energy sector are higher than average and research into the activities of threat actors has demonstrated that the energy sector is the target of several groups.

“The National Cybersecurity Center of Excellence (NCCoE) is proposing a project that will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections,” the NCCoE says.

Learn More About IIoT Security at SecurityWeek’s 2019 ICS Cyber Security Conference

The project focuses on five main areas of interest: information exchanges between distribution facilities and DER systems, processes and security technologies for trusted device identification and communication between devices, malware detection and prevention, ensuring the integrity of data, and data-driven cybersecurity analytics. The result will be a freely available cybersecurity practice guide.

Laurence Pitt, Global Security Strategy Director at Juniper Networks, shared some thoughts on securing IIoT in a recent SecurityWeek column.

Advertisement. Scroll to continue reading.

“The security challenges SCADA and IIoT present may seem more complex at-a-glance, but actually are not all that different from the challenges that any enterprise business encounters on a daily basis: keep threats out, know what is on the network, who has access and react fast when a breach occurs,” Pitt said. “This means that the team responsible for SCADA and IIoT security can learn a lot from their co-workers securing the corporate enterprise network – in fact, by working together, these teams can ensure better security across the whole enterprise environment and that can only be good for business.”

Related: Endpoints a Top Security Concern for Industrial Organizations: IIoT Survey

Related: Flaws in Moxa IIoT Product Expose ICS to Remote Attacks

Related: How the Secure Development Lifecycle Can Help Protect IIoT Deployments

Related: M2M Protocols Expose Industrial Systems to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.