NIST Cybersecurity Practice Guide for Energy Sector Asset Management

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute for Standards and Technology (NIST) has released the final version of the Cybersecurity Practice Guide SP 1800-23, Energy Sector Asset Management. With this guide, the NCCoE intends to enhance the energy sector’s asset management capabilities for operational technology (OT).  The guide describes methods for managing, monitoring, and baselining assets and also includes information to help identify threats to these OT assets. Additionally, it includes a reference design and uses commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management. Although this guide is specifically intended for the energy sector, water and wastewater utilities will likely still find it applicable and relevant to their environments. WaterISAC also reminds its members that the first fundamental in its 15 Cybersecurity Fundamentals for Water and Wastewater Utilities is “Perform Asset Inventories.” Access the guide at NIST NCCoE.