Support Site

NCCoE

TDi Technologies and Seven Other Companies Invited to Demonstrate Practical, Standards-Based Cybersecurity for Distributed, Grid-Connected Assets

by

AnterixBlackRidge TechnologyCiscoRadiflowSpherical AnalyticsSumo LogicTDi Technologies, and Xage Security have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Securing the Industrial Internet of Things (IIoT): Cybersecurity for Distributed Energy Resources Project.*

In response to a call in the Federal Register, these companies submitted capabilities that aligned with desired solution characteristics listed in the project description and were invited to collaborate with the NCCOE. By signing a cooperative research and development agreement (see example), they will collaborate in a newly established consortium and contribute products and expertise to create a standards-based reference design for IIoT cybersecurity focused on data integrity.

This collaboration will result in a publicly available National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide (Special Publication 1800 series), which will document the reference design for securing IIoT in commercial- and/or utility-scale distributed energy resource (DER) environments and will include an example solution that uses existing, commercially available cybersecurity products.

TDi is working with the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) in the Securing the Industrial Internet of Things (IIoT) Use Case to develop practical, interoperable cybersecurity approaches that address the real-world needs of distributed energy resource environments. By accelerating dissemination and use of these integrated tools and technologies for protecting IIoT in and among distributed energy resources, the NCCoE will enhance trust in U.S. information technology (IT) and operational technology (OT) communications, data, and storage systems; reduce risk for companies and individuals using IT/OT systems; and encourage development of innovative, job-creating cybersecurity products and services. NIST does not evaluate commercial products under this consortium and does not endorse any product or service used. Additional information on this consortium can be found at https://www.nccoe.nist.gov/projects/use-cases/energy-sector/asset-management.

The U.S. Power Grid is Moving Toward a Future Full of DERs

Use of DERs—such as wind and solar photovoltaics—is growing and transforming the traditional power grid. As the use of DERs expands, the distribution network is changing from a single-source radial network to a multisource grid of devices and systems. Proper management of these devices and their power flows is heavily dependent on digital communication and control across public communication networks. DER integration—driven by IIoT devices, data flow, and information management—poses a widening attack surface and growing cybersecurity challenge for the energy sector.

This NCCoE project will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. The solution will use security controls that map to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a freely available NIST cybersecurity practice guide and document an approach for improving the overall security of IIoT in a DER environment. The project will address the following areas of interest:

  • the information exchanges between and among DER systems and distribution facilities/entities and the cybersecurity considerations involved in these interactions
  • the processes and cybersecurity technologies needed for trusted device identification and communication with other devices
  • the ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring
  • the mechanisms that can be used for protecting both system and data transmission components
  • data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks

How to Participate

Interested parties are encouraged to engage with us through our project web page.

If you have additional comments or questions or would like to join the Community of Interest helping to guide this project and providing feedback, please email us at energy_nccoe@nist.gov.

Key URLs

Below are some key uniform resource locators (URLs) that link to the practice guide and the comment form.

Frequently Asked Questions

What Is IIoT?

Industrial Internet of Things (IIoT) can be defined in many ways. The National Cybersecurity Center of Excellence (NCCoE) does not seek to authoritatively define IIoT but rather to provide examples of generally accepted IIoT applications in the real world and the commensurate cybersecurity challenges that arise. That said, there are several characteristics of IIoT, such as:

  • IIoT is similar in concept to a collection of Internet of Things devices that are used for industrial purposes.
  • An IIoT device can provide computation and communication combined with one or more of the following functions: sensing, actuation, storage.
  • An IIoT device may perform its function(s) without user interaction.

In this project, the IIoT comprises interconnected sensors, data transfer and communications systems, instruments, and other commercial off-the-shelf devices networked together for an industrial purpose—providing electricity to the grid.

What Are the Challenges for DER Infrastructure?

In the energy sector, distributed energy resources (DERs), such as solar photovoltaics and wind turbines, introduce information exchanges between a utility’s distribution control system and the DERs to manage the flow of energy in the distribution grid. These information exchanges often employ IIoT technologies that may lack communications security. Additionally, the operating characteristics of DERs are dynamic and significantly different from those of traditional power generation capabilities, and the DERs may not be owned by or configurable by the distribution utility. Timely management of DER capabilities often requires a higher degree of automation. Introduction of additional automation into DER management and control systems can also introduce cybersecurity risks. Managing the automation, the increased need for information exchanges, and the cybersecurity associated with these presents significant challenges.

What Do You Hope to Demonstrate in This Project?

This project explores several scenarios in which information exchanges among commercial- and utility-scale DERs and electric distribution grid operations can be protected from certain cybersecurity compromises. The following cybersecurity capabilities will be demonstrated:

  • analysis and visualization processes to monitor data, identify anomalies, and alert operators
  • behavioral monitoring to detect deviations from operational norms
  • communications integrity to ensure that information is not modified in transit
  • authentication and access control to ensure that only known, authorized systems can exchange information
  • command register that maintains an independent, immutable record of information exchanges between distribution and DER operators
  • malware detection to monitor information exchanges and processing to identify potential malware infections

How Was Your Company Selected to Collaborate in This Project?

We responded to a Federal Register notice that invited cybersecurity vendors and other interested collaborators to participate in the project. The NCCoE then selected companies that submitted a completed Letter of Interest on a first-come, first-served basis within each category of components or characteristics/capabilities listed in the Federal Register notice up to the number of participants in each category necessary to carry out the project build.

Will NIST Be Developing Standards for DER Cybersecurity in This Project?

No. NCCoE projects do not create standards; rather, they demonstrate how to apply National Institute of Standards and Technology (NIST) and industry standards to help solve specific cybersecurity challenges.

What Is a Command Register?

We refer to a command register as the means to capture the sequence of events related to DER management across all DERs connected to, monitored, and controlled by a distribution control system. Its purpose is to provide an immutable record of transactions/communications among a distribution control system and the control systems managing the DER, verify the integrity of information exchanges, and provide a comprehensive audit trail of information exchanges.

About the National Cybersecurity Center of Excellence

The NCCoE, a part of NIST, is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under CRADAs, including technology partners—from Fortune 50 market leaders to smaller companies specializing in information technology and operational technology security—the NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions by using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to re-create the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland. Information is available at https://www.nccoe.nist.gov.

*Certain commercial entities, equipment, products, or materials may be identified to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.

NCCoE and Industry Collaborate to Secure Property Management Systems for the Hospitality Sector

by

CryptoniteNXT, ForeScout, Häfele America, Remediant, StrongKey, and TDi Technologies have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Securing Property Management Systems project.* In response to a call in the Federal Register, these companies submitted capabilities that aligned with desired solution characteristics listed in the project description. The technology collaborators were extended a Cooperative Research and Development Agreement (CRADA; see example) enabling them to participate in a consortium where they will contribute expertise and hardware or software to help refine a reference design and build an example standards-based implementation. This collaboration will result in a publicly available Cybersecurity Practice Guide (NIST Special Publication 1800 series) that will document a reference design for hospitality organizations to improve the cybersecurity within and around a property management system (PMS).

Increasing Reliance on Technology in the Hospitality Sector

The role of technology in the hospitality industry is growing rapidly, and the PMS is increasingly integrated with systems and services that extend well beyond front desk operations. As the operations hub, the PMS interfaces with services and components within a property’s IT systems, such as Point-of-Sale systems, door locks, Wi-Fi networks, and other guest service applications. Adding to the complexity of connections, external business partners’ components and services are also typically connected to the PMS, such as on-site spas or restaurants, online travel agents, and customer relationship management partners or applications. This expanding PMS ecosystem provides a wider attack surface for vulnerabilities to be exploited by malicious actors. Improper configuration of the diverse applications that connect to or run through a PMS can create cybersecurity vulnerabilities.

Advancing the State of Cybersecurity for Hospitality Organizations

The NCCoE is working closely with the hospitality business community, managed security service providers, and cybersecurity technology vendors to develop a standards-based reference design that aims to advance the cybersecurity of property management systems and to demonstrate:

  • system protection and authentication with enforcement that will help prevent damage to PMS functionality and security
  • data protection and encryption to reduce the risk of a data breach of guest payment card information or personally identifiable information, and to protect the confidentiality and integrity of system data
  • auditing and analytics such as complete, real-time auditing and reporting of user activity

In partnership with technology collaborators, the NCCoE will build the reference design in a lab environment. The following diagram depicts the reference design’s high-level architecture.

The reference design will use commercially available products from the project’s technology collaborators—CryptoniteNXTForeScoutHäfele AmericaRemediantStrongKey, and TDi Technologies—along with open source products.

How to Participate

Interested parties are encouraged to engage with us through our project web page.

If you have additional comments, questions, or would like to join the Community of Interest helping to guide this project and provide feedback, please email us at hospitality-nccoe@nist.gov.

*Certain commercial entities, equipment, products, or materials may be identified to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.

TDi Technologies and Other Vendors Selected by NCCoE to Collaborate on Asset Management Project for the Energy Sector

by

Project Aims to Help Energy Providers Monitor, Manage, and Secure Their Assets

ForeScout Technologies, Tripwire, Dragos, Splunk, KORE Wireless, TDi Technologies, FoxGuard Solutions, and Veracity Industrial Networks have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Energy Sector Asset Management (ESAM) Project.*

In response to a call in the Federal Register, these companies submitted capabilities that aligned with desired solution characteristics listed in the project description. These technology collaborators were extended a cooperative research and development agreement (CRADA; see example), allowing them to participate in a consortium where they will contribute expertise and hardware or software to help refine a reference design and build an example standards-based implementation.

As part of this collaboration, the NCCoE will compose and release a publicly available National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide (Special Publication 1800 series), which will document the reference design and help organizations in the energy sector effectively identify, control, and monitor their operational technology (OT) assets.

NCCoE Focuses on Critical Infrastructure Through Operational Technology Assets

OT /Industrial Control Systems (ICS) are used in the energy sector and other critical infrastructure sectors to manage industrial operations. Disruptions to OT/ICS assets can result in economic loss and interruption of critical services to millions of consumers. Energy providers recognize the need to improve their OT asset management capabilities, especially for remote assets, to mitigate vulnerabilities and opportunities for malicious attacks.

The project will aim to address the following characteristics of asset management:

  • Asset Discovery: establishment of a full baseline of physical and logical locations of assets
  • Asset Identification: capture of asset attributes, such as manufacturer, model, operating system, internet protocol (IP) addresses, media access control addresses, patch-level information, and firmware versions
  • Asset Visibility: continuous identification of newly connected or disconnected devices, and IP (routable and non-routable) and serial connections to other devices
  • Asset Disposition: the level of criticality (high, medium, or low) of an asset, its relation to other assets within the OT network, and its communication (including serial) with other devices
  • Alerting Capabilities: detection of a deviation from the expected operation of assets

Collaborating on an Advanced Strategy

In partnership with the selected technology collaborators, the NCCoE will implement the collaborators’ commercially available products in a laboratory environment to build a standards-based, modular, end-to-end example solution that will address the security challenges of OT asset management for the energy sector.

Business Benefits

The example solution for this project aims to provide the following business benefits:

  • reduces cybersecurity risk and potentially reduces impact to safety and operational risk such as power disruption
  • develops and executes a strategy that provides continuous OT asset management and monitoring
  • enables faster responses to security alerts through automated cybersecurity event/attack capabilities
  • implements current cybersecurity standards and best practices while maintaining the performance of energy infrastructures

How to Participate

Interested parties are encouraged to engage with us through our project web page.

If you have additional comments or questions or would like to join the community of interest that is helping guide this project and provide feedback, please email us at Energy_nccoe@nist.gov.

*Certain commercial entities, equipment, products, or materials may be identified to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.

Energy Sector Asset Management Architecture

 This diagram depicts the proposed high-level architecture to help improve an energy provider’s asset management capabilities. This architecture demonstrates a single physically remote site that contains the sensor and remote monitoring technologies specific to this project. This individual remote site is modular and can be scaled to represent other remote locations that feed information back to a single centralized enterprise location. There may be more than one remote site in this build.  

 

Centralizing Identity and Access Management in Energy Companies

by

Over the last several months, TDi Technologies has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on an Energy Sector Asset Management Project (ESAM).

As the country’s national lab for cybersecurity, the NCCoE brings together people from industry, technology companies, government agencies, and academia to collaborate on applied cybersecurity to address broad challenges of national importance.

I’m excited to share that the NCCoE has just released a draft guide of this cybersecurity project, titled Identity and Access Management. The guide shows how utilities can control physical and logical access to resources across the enterprise using standards, best practices, and commercially available products. The draft is available for download on the NCCoE website, and they are seeking feedback on it.

The U.S. Department of Homeland Security reported that five percent of the cybersecurity incidents its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to in 2014 were tied to weak authentication, while four percent were tied to abuse of access authority.

The NCCoE worked with technology vendors like TDi to develop an example solution demonstrating a centralized identity and access management system that would make changing or revoking privileges simple and quick. The step-by-step guide, which is modular and suitable for organizations of all sizes, also maps security characteristics to guidance and best practices from NIST and other standards organizations, and to North American Electric Reliability Corporation’s Critical Infrastructure Protection standards.

This practice guide can help energy companies reduce their risk by showing how commercially available technologies, like ConsoleWorks,* can be used to control access to facilities and devices from a centralized platform. The NCCoE and we think the guide helps meet a critical cybersecurity need, but we’d like to hear from you. Download the guide and provide your thoughts on the NCCoE website.

* While the example solution uses certain products, including ConsoleWorks, the NCCoE does not endorse these products in particular. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.

We can help

Reach out today, and we'll talk through how we might be able to help!

Contact us