News and Events

October 17, 2016

NCCoE Senior Security Engineer Jim McCarthy will help lead a full day NIST NCCoE Workshop at GridSecCon on October 18, 2016 in Quebec City, Quebec. The  workshop will discuss top challenges facing the energy industry today, and review profiles and worked example solutions in IdAM, Situational Awareness, and Industrial Control Systems. Topics will also include the NIST Cybersecurity Portfolio and Cybersecurity Framework (CSF). 

October 13, 2016

Cyberattacks are on the rise, and a staggering 41% of them target the energy sector. In order to protect the nation’s critical infrastructure, the sector must contend with a diverse set of unique challenges, from aging and disparate networks to a lack of awareness of threats and vulnerabilities. The National Cybersecurity Center of Excellence (NCCoE), in collaboration with energy sector stakeholders and cybersecurity technology vendors, has developed example solutions that utilities can use to help bolster their security postures. The NCCoE, a part of the National Institute of Standards and Technology (NIST), will host a workshop on October 18, 2016 at the North American Electric Reliability Corporation’s (NERC) Grid Security Conference (GridSecCon) in Quebec City, Canada. GridSecCon...

June 26, 2016

NCCoE Senior Cybersecurity Engineer Jim McCarthy will host the workshop "Remaining Ahead of the Curve: Applying the NIST/NCCoE Energy Sector Practice Guides to the Cyber Security Challenges of the Oil & Gas Industry" at the 4th Annual Cyber Security for Oil & Gas Summit on June 27 at 2:30pm. The summit, held from June 27 - 29 in Houston, TX, will bring together industry experts who will address critical concerns and trends regarding cyber security for the oil & gas industry, and cover how to address these concerns in a down market. Download the full agenda.

June 06, 2016

NCCoE senior security engineer Jim McCarthy will be presenting a webinar on Identity and Access Management in conjunction with the energy sector build team collaborator AlertEnterprise on June 7 from 1pm to 2pm ET. In this session hear directly from industry as well as the nation’s leading research organization about techniques they have been developed to extend identity information beyond the traditional purview of IT by including physical access and OT (operational Technology) access to deliver a more holistic view of security. Learn correlating identity and roles-based attributes to determine access to IT systems, facilities and critical operating assets provides a 360-degree view of security to uncover gaps that cannot be identified by IT or Corporate Security alone.

May 28, 2016

Leverage government-industry partnerships such as NIST's National Cybersecurity Center of Excellence (NCCoE) to help jump start your IAM and situational awareness implementations. NCCoE has a plethora of cybersecurity implementation examples that can help all size energy organizations leverage proven third-party products to address cybersecurity framework, NERC CIP, and other standards and best practices. 

April 10, 2016

NCCoE associate director of operations Tim McBride will be speaking at the ISACA Spring Conference 2016. The conference will be held from April 11-13 at the Hilton Los Angeles/Universal City in Los Angeles, CA.

March 28, 2016

Leverage government-industry partnerships such as NIST’s National Cybersecurity Center of Excellence (NCCoE) to help jump start your IAM and situational awareness implementations. NCCoE has a plethora of cybersecurity implementation examples that can help all size energy organizations leverage proven third-party products to address cybersecurity framework, NERC CIP, and other standards and best practices.

February 02, 2016

Radiflow, a pioneer developer of ICS/SCADA network security, today issued an analysis of the December 2015 cyber-attack on a Ukrainian power provider.

According to multiple accounts, multiple western-Ukrainian power utilities were attacked, disconnecting thirty substations, and leaving 80,000 customers without power for hours. Using compromised HMI software and remote access software, the attackers targeted specific servers on the utilities' operational networks and deleted their attack paths-which delayed the response to the attack.

December 21, 2015

Kee noted that the NCCoE's Identity and Access Management for Electric Utilities cyber-security guide addresses the exact issue that played out at Calpine. In the Calpine attack, information was allegedly stolen from a contractor that had access to data.

November 29, 2015

The US National Cybersecurity Center of Excellence (NCCoE) recently released a draft document called "Identity and Access Management for Electric Utilities," which was based on the NIST Cybersecurity Practice Guide. The proposals underscored the need for energy sector companies to do better and also displayed the state they are in through inference. Industry comment on the proposals from Lieberman Software Corporation can be found here.

October 20, 2015

Over the last several months, TDi Technologies has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a cybersecurity project for the energy sector.

As the country’s national lab for cybersecurity, the NCCoE brings together people from industry, technology companies, government agencies, and academia to collaborate on applied cybersecurity to address broad challenges of national importance.

September 30, 2015

GlobalSign, a leading provider of identity services for commerce, communications, content, and communities, today announced a collaboration with the National Cybersecurity Center of Excellence (NCCoE) to develop a draft guide that will help energy companies implement Identity and Access Management practices to achieve secure access and authentication controls and reduce cybersecurity risk.

August 27, 2015

In the US, the National Cybersecurity Center of Excellence (NCC0E) has released a draft guide for utilities as part of a drive to move away from decentralised identity management practices. 

The guide, Identity and Access Management for Electric Utilities, could help energy companies reduce their risk by showing them how they can control access to facilities and devices from a single console.

August 26, 2015

The federal government wants utilities companies to keep people from gaining unauthorized access to buildings, networks, data and control systems and potentially triggering power outages.

In a new guide, the National Institutes of Standards and Technology aims to teach energy companies to protect their digital and physical assets by using a platform that could let them see who has access to any part of a system at any time. 

August 26, 2015

The National Cybersecurity Center of Excellence is urging utility companies to change decentralized identity management practices at their facilities to shore up a weak link against online attack.

The NCCoE, which is a partnership of the National Institute of Standards and Technology, Maryland and Montgomery County, released a draft guide to walk utility companies through the process of setting up a single identity management system that can work for employees no matter which department they work under.

August 25, 2015

The National Institute of Standards and Technology‘s National Cybersecurity Center of Excellence has opened the comment period for a draft guide on access control measures for energy companies to reduce cyber risk.

NIST said Tuesday the “Identity and Access Management for Electric Utilities” guide is based on NCCoE’s discussions with the energy sector on cybersecurity challenges.

August 25, 2015

The National Cybersecurity Center of Excellence, part of the National Institute of Standards and Technology, is seeking comments on a security guide for power companies.

The "Identity and Access Management for Electric Utilities" guide aims to help energy companies keep their systems safer by using better, centralized identity management.

August 25, 2015

The U.S. government is asking energy experts and the general public to weigh in on a new plan to protect the power grid from cyberattacks.

The draft proposal, titled "Identity and Access Management for Electric Utilities," is the result of a partnership between energy companies' security teams and the National Cybersecurity Center of Excellence (NCCoE), a division of the National Institute of Standards and Technology (NIST).

August 25, 2015

The National Cybersecurity Center of Excellence has issued for public comment a draft guide on identity and access management for the electric sector.

The center, which is part of the National Institute of Standards and Technology, on Tuesday released "Identity and Access Management for Electric Utilities" and is seeking comments by Oct. 23.

August 25, 2015

The National Institute of Standards and Technology is stepping up its efforts to help energy companies keep their critical networks under lock and key.

The nonregulatory agency announced yesterday that it's seeking input on a draft how-to guide for managing access to electric utilities, from their physical control rooms to any Internet-connected computers.