News and Events

Let's Act Now to Prevent Hacking of the Power Grid

March 04, 2017

The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity. As the grid has become more dependent on computers and data-sharing, it has become more responsive to changes in power demand and better at integrating new sources of energy. But its computerized control could be abused by attackers who get into the systems.

NIST Releases Cybersecurity Practice Guide

March 02, 2017

The National Cybersecurity Center of Excellence (NCCoE) released a draft of the National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide, Special Publication 1800-7: "Situational Awareness for Electric Utilities." The Practice Guide includes a model solution that can be used by electric sector companies to alert their staff to potential or actual cyber attacks.  

Centralizing Situational Awareness in Energy Companies

February 23, 2017

Waratek, along with a group of companies including Hewlett Packard Enterprise, Siemens, and RSA, worked closely with the National Cybersecurity Center of Excellence (NCCoe) to develop an example solution for electric companies to alert their staff to potential or actual cyberattacks directed at the grid. The example draft outlines the implementation of this solution and comments from the public are sought until April 17, 2017.

Cybersecurity of the power grid: A growing challenge

February 23, 2017

Security standards can help ensure utility companies keep their protection strong. The U.S. National Institute of Standards and Technology has its own recommendations, though they are not mandatory for utilities. A draft version of a new set of guidelines was just released, adding both urgency and detail for utility companies.

NIST seeks comment on draft 'situational' cyber guide for electric utilities

February 17, 2017

The National Institute of Standards and Technology has released for public comment a draft guide for electric utilities to detect and remediate cyber anomalies, investigate those incidents and share findings with other energy companies. The draft guide on “Situational Awareness for Electric Utilities” was developed by NIST's National Cybersecurity Center of Excellence with input from industry, and provides an “example solution” to help utilities alert staff to potential and actual cyber attacks on the electric grid.

New Guide to Help Electric Utilities Improve Cybersecurity, Situational Awareness

February 16, 2017

As part of their current cybersecurity efforts, many electric utilities monitor data from the various systems and devices they rely on to keep the power flowing and to secure both their information technology and facilities. Pulling these data together and correlating events across data streams can be a time-consuming process, so the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology collaborated with a team of experts from industry, academia and government to develop a guide utilities can use to improve situational awareness and better respond to potential cyber attacks.

GridSecCon 2016

October 17, 2016

NCCoE Senior Security Engineer Jim McCarthy will help lead a full day NIST NCCoE Workshop at GridSecCon on October 18, 2016 in Quebec City, Quebec. The  workshop will discuss top challenges facing the energy industry today, and review profiles and worked example solutions in IdAM, Situational Awareness, and Industrial Control Systems. Topics will also include the NIST Cybersecurity Portfolio and Cybersecurity Framework (CSF). 

Electric Utility Cybersecurity Workshop to Address Top Industry Concerns

October 13, 2016

Cyberattacks are on the rise, and a staggering 41% of them target the energy sector. In order to protect the nation’s critical infrastructure, the sector must contend with a diverse set of unique challenges, from aging and disparate networks to a lack of awareness of threats and vulnerabilities. The National Cybersecurity Center of Excellence (NCCoE), in collaboration with energy sector stakeholders and cybersecurity technology vendors, has developed example solutions that utilities can use to help bolster their security postures. The NCCoE, a part of the National Institute of Standards and Technology (NIST), will host a workshop on October 18, 2016 at the North American Electric Reliability Corporation’s (NERC) Grid Security Conference (GridSecCon) in Quebec City, Canada. GridSecCon...

NCCoE Energy Sector Use Case Enters New Phase

December 21, 2014

The NCCoE’s Identity and Access Management use case for the energy sector is now in the build phase. The focus of this project is to help energy company security personnel control physical and logical access to their resources, authenticate with certainty the individuals and systems that have access rights, and enforce access control policies effectively across resources.

In the Lab

In NCCoE Lab 2, senior security engineer Jim McCarthy has been overseeing the installation of secure operating system configurations and some of the project’s core products, and the team is beginning to install operational technology devices (a remote terminal unit).

NCCoE Seeks Comments on Energy Industry Use Cases

July 24, 2013

The National Cybersecurity Center of Excellence invites comments on two technical descriptions, or use cases, of cybersecurity challenges faced by the energy sector:

  • Identity and Access Management
  • Data Aggregation and Monitoring

Comments from the public will help the NCCoE couch the use cases so that the solutions are as widely applicable as possible. Please submit comments to energy_nccoe@nist.govby Aug. 12, 2013.

After the public comment period, the use cases will be revised and a notice in the Federal Register will invite organizations to participate in developing solutions.