Protecting energy infrastructures from damage and disruption is a growing critical infrastructure challenge around the world. Safeguarding miles of pipelines and power lines, switching equipment, pumps and storage sites is already complex from a safety perspective, but the Internet of Things (IoT) Era introduces networked connectivity across assets and systems that formerly ran in obscure, isolated networks – or completely offline. Even longtime energy businesses, regulators and security professionals are challenged to map out the true scope of the resulting Industrial Internet of Things (IIoT), to restore visibility over where, and how, industrial control systems (ICS) and operational technology (OT) risk compromise or disruption from the Internet.
Forescout has been in the thick of critical infrastructure protection for years, given our capabilities for discovering, controlling and protecting connected devices – coupled with our extensive ICS and OT compatibility and many of our employees’ backgrounds in military, energy, transportation and other fields.
Our track record of securing the world’s IoT assets is now being extended into the energy sector, where the unique dual imperative is to not only discover and protect connected things – but, avoid any disturbances in the process. Power disruptions in the energy world are costly and dangerous, regardless of whether they occur from errors, malicious attacks or errant security efforts. This makes Forescout’s well-known passive detection capabilities in CounterACT a welcome and trusted resource for energy customers, relevant government agencies and others who are all seeking to map out more collaborative approaches to cyber risk.
A perfect example of this industry collaboration is the Energy Sector Asset Management (ESAM) Project1, a use case driven by the National Cybersecurity Center of Excellence (NCCoE) inside the U.S. National Institute of Standards and Technology (NIST). The NCCoE’s mission is to address the most pressing cybersecurity challenges and help businesses easily adapt more interoperable, standards-based security practices across various industries. Aligned to this mission, The ESAM Project will use commercially available technologies to craft an end-to-end example solution which includes a reference security architecture that energy stakeholders can use to address the evolving security challenges regarding OT asset management.
We recently received exciting news of Forescout’s selection among a select handful of vendors2 to join the ESAM Project as participants. Our team is working with these ESAM peers on managing, monitoring, and baselining OT assets. This will ultimately shape a publicly available NIST Cybersecurity Practice Guide detailing practical steps required to implement the ESAM Project’s recommended energy security architectures focused on achieving:
- Reduced cybersecurity risk to safety and operational risk, such as power disruption
- Continuous OT asset management and monitoring
- Faster responses to security alerts through automated cybersecurity event/attack capabilities
- Implementing current cybersecurity standards and best practices, while maintaining the performance of energy infrastructures
Watch for updates from our work in this critical national security program along the way. It is a privilege to be selected for this caliber of cybersecurity research and collaboration among some of the brightest security minds and highest protection requirements in the field. It also speaks volumes about the type of company and industry leadership every employee helps drive at Forescout, always standing up to bring our insights and experience to today’s greatest security challenges.
1 Asset Management | NCCoE. (2018). Retrieved from https://www.nccoe.nist.gov/projects/use-cases/energy-sector/asset-management
2 Cobbins, Joshua. “NCCoE Selects Technology Vendors to Collaborate on Asset Management Project for the Energy Sector” NCCoE/NIST, 9 July 2018, www.nccoe.nist.gov/news/nccoe-selects-technology-vendors-collaborate-asset-management-project-energy-sector
