News and Events

The Future of Cyber Security: Spotlight on Oil and Gas

February 16, 2017

NCCoE Project Engineer Julie Snyder will lead the conversation "Understanding the Cyber Challenge" at 9:30am CT at the Four Seasons Hotel in Houston, TX. Featuring oil and gas leaders, this conversation will cover innovative technology trends being adopted by the oil industry and the potential risks they pose to the security of oil networks and infrastructure, and provide insights into how risk is driving industry decision-making and how companies are responding to the need to defend their systems. 

USCG and NCCoE develop a Cybersecurity Framework Profile for maritime bulk liquid transfer

November 18, 2016

 This is interesting as the Coast Guard develops the NVIC and may be a sign of future regulation with regard to cyber security of an asset in the Marine Transportation Sector.  Future profiles may include mobile offshore drilling operations, passenger vessel and terminal operations.  

NIST Partners With Coast Guard, Industry to Create Cyber Risk Mgmt Profile for Maritime Bulk Liquid Transfers

November 16, 2016

The National Institute of Standards and Technology (NIST) has collaborated with the U.S. Coast Guard and the oil and natural gas industry to develop a cybersecurity document that aims to ensure the safe transfer of hazardous liquids from marine vessels to ground pipelines and vehicles. NIST’s National Cybersecurity Center of Excellence (NCCoE) developed the cybersecurity framework profile in an effort to help risk managers, vessel operators, cyber professionals and operations executives evaluate cyber risks related to the “maritime bulk liquid transfer” process.

Cybersecurity for the oil industry supply chain

November 15, 2016

The U.S. Coast Guard, the National Institute of Standards and Technology and stakeholders in the maritime and oil and natural gas industries have created a “profile” of voluntary guidelines to help secure the computers used to control valves, pumps and sensors used at facilities that transfer liquids on and off of shipping vessels.

Cybersecurity to bolster safe transfer of hazardous liquids at ports

November 15, 2016

The U.S. Coast Guard (USCG) oversees approximately 800 waterfront facilities that, among other activities, transfer hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles. These “maritime bulk liquid transfers” increasingly rely on computers to operate valves and pumps, monitor sensors, and perform many other vital safety and security functions. This makes the whole system more vulnerable to cybersecurity issues ranging from malware to human error, and is the reason behind a new voluntary cybersecurity guide for the industry. Maritime bulk liquid transfer processes are part of a complex and sophisticated supply chain of the oil and natural gas industry that brings together various types of organizations and systems. The USCG and industry representatives...

NIST, Coast Guard issue cyber framework 'profile' for maritime sector

November 14, 2016

The National Institute of Standards and Technology and the U.S. Coast Guard have issued a final version of a cybersecurity “profile” mapping the federal framework of cybersecurity standards to ports that manage hazardous liquids. The document, released Nov. 10, is the first in a series that will provide guidance to the maritime industry in implementing the NIST cybersecurity framework to specific maritime settings.

Medical devices pose weak link in preventing cyber attacks

November 14, 2016

The National Institute of Standards and Technology (NIST) is launching a collaborative project to improve the security of wireless infusion pumps. The goal of the work, which is being conducted by NIST’s National Cybersecurity Center of Excellence (NCCoE), is to create a security structure that can protect the pumps—and the information systems to which they connect—from hacking.

Coast Guard develops cyber standard for bulk liquids transfer

November 14, 2016

The U.S. Coast Guard, the National Institute of Standards and Technology (NIST), and maritime industry stakeholders have developed a voluntary cybersecurity “profile” for maritime bulk liquid transfer (MBLT) facilities. This profile will be released at the American Petroleum Institute’s 11th Annual Cybersecurity Conference in Houston. The profile implements the NIST Cybersecurity Framework, which was developed in 2014 to address and manage cybersecurity risk in a cost-effective way based on business needs and without placing additional regulatory requirements on businesses. The profile is how organizations align the framework’s cybersecurity activities, outcomes, and informative references to organizational business requirements, risk tolerances, and resources.

New cybersecurity framework profile to ensure safe transfer of hazardous liquids at ports

November 11, 2016

The document is the first in a series of planned profiles that will help maritime industry organizations make the most of the voluntary Framework for Improving Critical Infrastructure Cybersecurity, published by NIST in February 2014. The profile pulls into one document recommended  safeguards to provide a starting point for organizations to review and adapt their risk management processes, and it describes a desired minimum state of cybersecurity.

U.S. Coast Guard, NIST develop cyber standard for maritime facilities

November 11, 2016

The dangers involved in shifting volatile liquids from ship to shore may not appear to have a cybersecurity angle, but according to the U.S. Coast Guard (USCG) many transfter facilities are computer controlled and thus vulnerable to cyberattack. With this in mind the USCG, National Institute of Standards and Technology (NIST) and the maritime industry came together to create a voluntary framework to help protect these computer systems. 

New Cybersecurity Framework Profile to Help Ensure Safe Transfer of Hazardous Liquids at Ports

November 10, 2016

The U.S. Coast Guard (USCG) oversees approximately 800 waterfront facilities that, among other activities, transfer hazardous liquids between marine vessels and land-based pipelines, tanks or vehicles. These “maritime bulk liquid transfers” increasingly rely on computers to operate valves and pumps, monitor sensors and perform many other vital safety and security functions. This makes the whole system more vulnerable to cybersecurity issues ranging from malware to human error, and is the reason behind a new voluntary cybersecurity guide for the industry.

API Cybersecurity Conference for the Oil & Natural Gas Industry

November 09, 2016

The NCCoE will lead  a talk on "Industry/Government Partnership: Cybersecurity through Development of a NIST CSF Profile with US Coast Guard" as part of the NIST Cybersecurity Framework: Use & Deployment session at the 11th Annual Cybersecurity Conference for the Oil & Natural Gas Industry in Houston, Texas on Thursday, November 10, 1:00-2:10 pm CT. 

4th Annual Cyber Security for Oil & Gas Summit

June 26, 2016

NCCoE Senior Cybersecurity Engineer Jim McCarthy will host the workshop "Remaining Ahead of the Curve: Applying the NIST/NCCoE Energy Sector Practice Guides to the Cyber Security Challenges of the Oil & Gas Industry" at the 4th Annual Cyber Security for Oil & Gas Summit on June 27 at 2:30pm. The summit, held from June 27 - 29 in Houston, TX, will bring together industry experts who will address critical concerns and trends regarding cyber security for the oil & gas industry, and cover how to address these concerns in a down market. Download the full agenda.

NCCoE Explores Cybersecurity Challenges in Maritime and Oil & Natural Gas Industry

April 11, 2016

On April 5, 2016, in coordination with the National Institute of Standards and Technology (NIST) Cybersecurity Framework Workshop 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted a pre-workshop with members of the maritime and oil & natural gas industries to begin identifying and prioritizing cybersecurity challenges facing the industry. This NCCoE-facilitated open session was the first in a series of discussions with this industry sector to help define cybersecurity challenges to address jointly with industry and technology providers in NCCoE labs.

Coast Guard maritime 'profile' aimed at setting minimum cyber standards

April 07, 2016

A new “profile” mapping the federal framework of cybersecurity standards to the maritime sector is intended to establish a baseline for what the Coast Guard expects from industry on cyber protections, a Coast Guard official said today...The Coast Guard hopes to expand its framework profile work to other maritime subsectors, including offshore drilling, navigation, and commercial vessels, according to Dan Tobin, a senior security engineer at NIST’s National Cybersecurity Center of Excellence, which has assisted the Coast Guard in developing the profile.

The profile creation has resulted from collaboration between the Coast Guard, NIST, and industry, Tobin said.

Pre-Workshop: Maritime and Oil & Natural Gas Open Session

April 04, 2016

In coordination with the upcoming National Institute of Standards and Technology (NIST) Cybersecurity Framework Workshop 2016, the NCCoE invites interested members of the maritime and oil & natural gas industries to identify and prioritize hard cybersecurity challenges that can be addressed jointly by the NCCoE and industry.

Area Maritime Security Committee Delaware Bay Meeting

May 14, 2015

Don Tobin, senior security engineer at the NCCoE, will be speaking at the Area Maritime Security Committee Delaware Bay Meeting on May 15, 2015.