The National Cybersecurity Center of Excellence seeks public input on...

“represent sector-wide cybersecurity challenges that we will address through a collaborative effort between the NCCoE, the energy sector, and technology partners,” said Nate Lesser, NCCoE deputy director, in a news release. The first proposed use case solution focuses on energy companies’ “need to control physical and logical access to their resources, including buildings, equipment, information technology and industrial control systems,” NIST said. It said that need requires companies to authenticate identity with a “high level” of certainty and consistently enforce access controls. The second use case solution would allow security analysts to view operational and information technologies as a whole, which would make it easier to detect issues that could disrupt services, NIST said. The agency said energy companies rely on two distinct information technology system types: Business enterprise systems that run billing, personnel and other enterprise functions, and operational systems that generate, distribute and meter power. Operational systems rely heavily on “cyber-physical systems,” NIST said. Standard IT security products can protect enterprise systems, but are often inadequate for operational systems, requiring augmentation to avoid security blind spots, NIST said. Comments are due to the NCCoE by Aug. 12, NIST said (http://1.usa.gov/14M7j2W).