83 FR 12940 - National Cybersecurity Center of Excellence (NCCoE) Energy Sector Asset Management
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology Federal Register Volume 83, Issue 58 (March 26, 2018)
National Institute of Standards and Technology
Federal Register Volume 83, Issue 58 (March 26, 2018)
| Page Range | 12940-12941 | |
| FR Document | 2018-06024 |
[Federal Register Volume 83, Number 58 (Monday, March 26, 2018)] [Notices] [Pages 12940-12941] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2018-06024] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No. 180306249-8249-01] National Cybersecurity Center of Excellence (NCCoE) Energy Sector Asset Management AGENCY: National Institute of Standards and Technology, Department of Commerce. ACTION: Notice. ----------------------------------------------------------------------- SUMMARY: The National Institute of Standards and Technology (NIST) invites organizations to provide products and technical expertise to support and demonstrate security platforms for the Energy Sector Asset Management Project. This notice is the initial step for the National Cybersecurity Center of Excellence (NCCoE) in collaborating with technology companies to address cybersecurity challenges identified under the Energy Sector Asset Management use case. Participation in the use case is open to all interested organizations. DATES: Interested parties must contact NIST to request a letter of interest template to be completed and submitted to NIST. Letters of interest will be accepted on a first come, first served basis. Collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than April 25, 2018. When the use case has been completed, NIST will post a notice on the NCCoE Energy Sector Asset Management use case website at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management announcing the completion of the use case and informing the public that it will no longer accept letters of interest for this use case. ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway, Rockville, MD 20850. Letters of interest must be submitted to [email protected] or via hardcopy to National Institute of Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850. Organizations whose letters of interest are accepted in accordance with the process set forth in the SUPPLEMENTARY INFORMATION section of this notice will be asked to sign a consortium Cooperative Research and Development Agreement (CRADA) with NIST. An NCCoE consortium CRADA template can be found at: http://nccoe.nist.gov/node/138. FOR FURTHER INFORMATION CONTACT: Jim McCarthy via email to [email protected]; by telephone 301-975-0228; or by mail to National Institute of Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850. Additional details about the Energy Sector Asset Management use case are available at: https://nccoe.nist.gov/projects/use-cases/energy-sector. SUPPLEMENTARY INFORMATION: Background: The NCCoE, part of NIST, is a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The NCCoE brings together experts from industry, government, and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real-world needs of complex Information Technology (IT). By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cybersecurity products and services. Process: NIST is soliciting responses from all sources of relevant security capabilities (see below) to enter into a Cooperative Research and Development Agreement (CRADA) to provide products and technical expertise to support and demonstrate platforms for the Energy Sector Asset Management use case. The full use case can be viewed at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management. Interested parties should contact NIST using the information provided in the FOR FURTHER INFORMATION CONTACT section of this notice. NIST will then provide each interested party with a letter of interest template, which the party must complete, certify that it is accurate, and submit to NIST. NIST will contact interested parties if there are questions regarding the responsiveness of the letters of interest to the use case objective or requirements identified below. NIST will select participants who have submitted complete letters of interest on a first come, first served basis within each category of product components or capabilities listed below up to the number of participants in each category necessary to carry out this use case. However, there may be continuing opportunity to participate even after initial activity commences. Selected participants will be required to enter into a consortium CRADA with NIST (for reference, see ADDRESSES section above). NIST published a notice in the Federal Register on October 19, 2012 (77 FR 64314) inviting U.S. companies to enter into a National Cybersecurity Excellence Partnerships (NCEPs) in furtherance of the NCCoE. For this demonstration project, NCEP partners will not be given priority for participation. Use case Objective: The objective of this use case is to provide guidance on how energy companies may enhance OT (Operational Technology)/ICS (Industrial Controls System) asset management by leveraging capabilities that may already exist in an operating environment or by implementing new ones. A detailed description of the Energy Sector Asset Management use case is available at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management. Requirements: Each responding organization's letter of interest should identify which security platform component(s) or capability(ies) it is offering. Letters of interest should not include company proprietary information, all components and capabilities must be commercially available, and all products must be able to specifically address OT/ICS environments in order to be considered for collaboration on this project. Components are listed in section 3 of the Energy Sector Asset Management use case (for reference, please see the link in the PROCESS section above) and include, but are not limited to:OT/ICS-specific asset discovery and management tools Reliable/secure/encrypted communication devices Cybersecurity event/attack detection capability [[Page 12941]] Alerting capability (e.g. Security Information and Event Management or SIEM) Each responding organization's letter of interest should identify how their products address one or more of the following desired solution characteristics in section 3 of the Energy Sector Asset Management use case (for reference, please see the link in the PROCESS section above): OT/ICS asset inventory (to include devices using serial connections) high-speed communication mechanisms for remote asset management reliable/secure/encrypted communications continuous asset monitoring log analysis and correlation cybersecurity event/attack detection patch level information Responding organizations need to understand and, in their letters of interest, commit to provide: 1. Access for all participants' project teams to component interfaces and the organization's experts necessary to make functional connections among security platform components. 2. Support for development and demonstration of the Energy Sector Asset Management use case in NCCoE facilities which will be conducted in a manner consistent with the following standards and guidance: NIST Special Publications 1800-5 (DRAFT); 1800-7 (DRAFT); 800-40; 800- 53;800-82; 800-160; 800-52; NIST Cybersecurity Framework; NIST Cryptographic Standards and Guidelines; ISO/IEC 27001 Information security management; and NERC CIP 002-5-014-2. Additional details about the Energy Sector Asset Management use case are available at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management. NIST cannot guarantee that all of the products proposed by respondents will be used in the demonstration. Each prospective participant will be expected to work collaboratively with NIST staff and other project participants under the terms of the consortium CRADA in the development of the Energy Sector Asset Management use case. Prospective participants' contribution to the collaborative effort will include assistance in establishing the necessary interface functionality, connection and set-up capabilities and procedures, demonstration harnesses, environmental and safety conditions for use, integrated platform user instructions, and demonstration plans and scripts necessary to demonstrate the desired capabilities. Each participant will train NIST personnel, as necessary, to operate its product in capability demonstrations. Following successful demonstrations, NIST will publish a description of the security platform and its performance characteristics sufficient to permit other organizations to develop and deploy security platforms that meet the security objectives of the Energy Sector Asset Management use case. These descriptions will be public information. Under the terms of the consortium CRADA, NIST will support development of interfaces among participants' products by providing IT infrastructure, laboratory facilities, office facilities, collaboration facilities, and staff support to component composition, security platform documentation, and demonstration activities. The dates of the demonstration of the Energy Sector Asset Management use case capability will be announced on the NCCoE website at least two weeks in advance at http://nccoe.nist.gov/. The expected outcome of the demonstration is to improve security across the energy sector. Participating organizations will gain from the knowledge that their products are interoperable with other participants' offerings. For additional information on the NCCoE governance, business processes, and NCCoE operational structure, visit the NCCoE website http://nccoe.nist.gov/. Kevin Kimball, NIST Chief of Staff. [FR Doc. 2018-06024 Filed 3-23-18; 8:45 am] BILLING CODE 3510-13-P
![12940 Federal Register / Vol. 83, No. 58 / Monday, March 26, 2018 / Notices
III. Committee Discussion: human trafficking informing the public that it will no section of this notice. NIST will then
a. Vote on agenda of upcoming speakers longer accept letters of interest for this provide each interested party with a
IV. Public Comment use case. letter of interest template, which the
V. Next Steps
ADDRESSES: The NCCoE is located at party must complete, certify that it is
VI. Adjournment
9700 Great Seneca Highway, Rockville, accurate, and submit to NIST. NIST will
Exceptional Circumstance: Pursuant MD 20850. Letters of interest must be contact interested parties if there are
to 41 CFR 102–3.150, the notice for this submitted to energy_nccoe@nist.gov or questions regarding the responsiveness
meeting is given less than 15 calendar via hardcopy to National Institute of of the letters of interest to the use case
days prior to the meeting because of the Standards and Technology, NCCoE; objective or requirements identified
exceptional circumstance of this 9700 Great Seneca Highway, Rockville, below. NIST will select participants
Committee preparing for its upcoming MD 20850. Organizations whose letters who have submitted complete letters of
public meeting to hear testimony. of interest are accepted in accordance interest on a first come, first served
Dated: March 21, 2018. with the process set forth in the basis within each category of product
David Mussatt, SUPPLEMENTARY INFORMATION section of components or capabilities listed below
Supervisory Chief, Regional Programs Unit. this notice will be asked to sign a up to the number of participants in each
[FR Doc. 2018–06053 Filed 3–23–18; 8:45 am] consortium Cooperative Research and category necessary to carry out this use
Development Agreement (CRADA) with case. However, there may be continuing
BILLING CODE P
NIST. An NCCoE consortium CRADA opportunity to participate even after
template can be found at: http:// initial activity commences. Selected
nccoe.nist.gov/node/138. participants will be required to enter
DEPARTMENT OF COMMERCE into a consortium CRADA with NIST
FOR FURTHER INFORMATION CONTACT: Jim
National Institute of Standards and McCarthy via email to energy_nccoe@ (for reference, see ADDRESSES section
Technology nist.gov; by telephone 301–975–0228; or above). NIST published a notice in the
by mail to National Institute of Federal Register on October 19, 2012
[Docket No. 180306249–8249–01] (77 FR 64314) inviting U.S. companies
Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville, to enter into a National Cybersecurity
National Cybersecurity Center of Excellence Partnerships (NCEPs) in
Excellence (NCCoE) Energy Sector MD 20850. Additional details about the
Energy Sector Asset Management use furtherance of the NCCoE. For this
Asset Management demonstration project, NCEP partners
case are available at: https://
AGENCY: National Institute of Standards nccoe.nist.gov/projects/use-cases/ will not be given priority for
and Technology, Department of energy-sector. participation.
Commerce. SUPPLEMENTARY INFORMATION: Use case Objective: The objective of
ACTION: Notice. Background: The NCCoE, part of this use case is to provide guidance on
NIST, is a public-private collaboration how energy companies may enhance OT
SUMMARY: The National Institute of for accelerating the widespread (Operational Technology)/ICS
Standards and Technology (NIST) adoption of integrated cybersecurity (Industrial Controls System) asset
invites organizations to provide tools and technologies. The NCCoE management by leveraging capabilities
products and technical expertise to brings together experts from industry, that may already exist in an operating
support and demonstrate security government, and academia under one environment or by implementing new
platforms for the Energy Sector Asset roof to develop practical, interoperable ones. A detailed description of the
Management Project. This notice is the cybersecurity approaches that address Energy Sector Asset Management use
initial step for the National the real-world needs of complex case is available at: https://
Cybersecurity Center of Excellence Information Technology (IT). By nccoe.nist.gov/projects/use-cases/
(NCCoE) in collaborating with accelerating dissemination and use of energy-sector/asset-management.
technology companies to address these integrated tools and technologies Requirements: Each responding
cybersecurity challenges identified for protecting IT assets, the NCCoE will organization’s letter of interest should
under the Energy Sector Asset enhance trust in U.S. IT identify which security platform
Management use case. Participation in communications, data, and storage component(s) or capability(ies) it is
the use case is open to all interested systems; reduce risk for companies and offering. Letters of interest should not
organizations. individuals using IT systems; and include company proprietary
DATES: Interested parties must contact encourage development of innovative, information, all components and
NIST to request a letter of interest job-creating cybersecurity products and capabilities must be commercially
template to be completed and submitted services. available, and all products must be able
to NIST. Letters of interest will be Process: NIST is soliciting responses to specifically address OT/ICS
accepted on a first come, first served from all sources of relevant security environments in order to be considered
basis. Collaborative activities will capabilities (see below) to enter into a for collaboration on this project.
commence as soon as enough completed Cooperative Research and Development Components are listed in section 3 of
and signed letters of interest have been Agreement (CRADA) to provide the Energy Sector Asset Management
returned to address all the necessary products and technical expertise to use case (for reference, please see the
components and capabilities, but no support and demonstrate platforms for link in the PROCESS section above) and
earlier than April 25, 2018. When the
sradovich on DSK3GMQ082PROD with NOTICES
the Energy Sector Asset Management include, but are not limited to:
use case has been completed, NIST will use case. The full use case can be
post a notice on the NCCoE Energy • OT/ICS-specific asset discovery and
viewed at: https://nccoe.nist.gov/
Sector Asset Management use case management tools
projects/use-cases/energy-sector/asset-
website at: https://nccoe.nist.gov/ management. • Reliable/secure/encrypted
projects/use-cases/energy-sector/asset- Interested parties should contact NIST communication devices
management announcing the using the information provided in the • Cybersecurity event/attack detection
completion of the use case and FOR FURTHER INFORMATION CONTACT capability
VerDate Sep<11>2014 16:38 Mar 23, 2018 Jkt 244001 PO 00000 Frm 00003 Fmt 4703 Sfmt 4703 E:\FR\FM\26MRN1.SGM 26MRN1](https://thefederalregister.org/doc/83_FR_12998/page/1.svg)
![Federal Register / Vol. 83, No. 58 / Monday, March 26, 2018 / Notices 12941
• Alerting capability (e.g. Security capabilities. Each participant will train Cyber-Physical Systems program
Information and Event Management NIST personnel, as necessary, to operate activities, and discuss development and
or SIEM) its product in capability stakeholder engagement for the NIST
Each responding organization’s letter demonstrations. Following successful Framework and Roadmap for Smart
of interest should identify how their demonstrations, NIST will publish a Grid Interoperability Standards, Release
products address one or more of the description of the security platform and 4.0. The agenda may change to
following desired solution its performance characteristics sufficient accommodate Committee business. The
characteristics in section 3 of the Energy to permit other organizations to develop final agenda will be posted on the Smart
Sector Asset Management use case (for and deploy security platforms that meet Grid website at http://www.nist.gov/
reference, please see the link in the the security objectives of the Energy smartgrid.
PROCESS section above): Sector Asset Management use case. DATES: The SGAC will meet on Tuesday,
• OT/ICS asset inventory (to include These descriptions will be public April 24, 2018 from 8:30 a.m. to 5:00
devices using serial connections) information. p.m. Eastern time and Wednesday, April
• high-speed communication Under the terms of the consortium 25, 2018 from 8:30 a.m. to 12:00 p.m.
mechanisms for remote asset CRADA, NIST will support Eastern time.
management development of interfaces among ADDRESSES: The meeting will be held in
• reliable/secure/encrypted participants’ products by providing IT Conference Room C103, Building 215
communications infrastructure, laboratory facilities, (Advanced Measurement Laboratory),
• continuous asset monitoring office facilities, collaboration facilities, National Institute of Standards and
• log analysis and correlation and staff support to component Technology, 100 Bureau Drive,
• cybersecurity event/attack detection composition, security platform Gaithersburg, Maryland 20899. Please
• patch level information documentation, and demonstration note admittance instructions under the
Responding organizations need to activities. SUPPLEMENTARY INFORMATION section of
The dates of the demonstration of the this notice.
understand and, in their letters of
Energy Sector Asset Management use
interest, commit to provide: FOR FURTHER INFORMATION CONTACT: Mr.
case capability will be announced on
1. Access for all participants’ project Cuong Nguyen, Smart Grid and Cyber-
the NCCoE website at least two weeks
teams to component interfaces and the Physical Systems Program Office,
in advance at http://nccoe.nist.gov/. The
organization’s experts necessary to make National Institute of Standards and
expected outcome of the demonstration
functional connections among security Technology, 100 Bureau Drive, Mail
is to improve security across the energy
platform components. Stop 8200, Gaithersburg, MD 20899–
2. Support for development and sector. Participating organizations will
8200; telephone 301–975–2254, fax
demonstration of the Energy Sector gain from the knowledge that their 301–948–5668; or via email at
Asset Management use case in NCCoE products are interoperable with other cuong.nguyen@nist.gov.
facilities which will be conducted in a participants’ offerings.
For additional information on the SUPPLEMENTARY INFORMATION: The
manner consistent with the following Committee was established in
NCCoE governance, business processes,
standards and guidance: NIST Special accordance with the Federal Advisory
and NCCoE operational structure, visit
Publications 1800–5 (DRAFT); 1800–7 Committee Act, as amended, 5 U.S.C.
the NCCoE website http://
(DRAFT); 800–40; 800–53;800–82; 800– App. The Committee is composed of
nccoe.nist.gov/.
160; 800–52; NIST Cybersecurity nine to fifteen members, appointed by
Framework; NIST Cryptographic Kevin Kimball, the Director of NIST, who were selected
Standards and Guidelines; ISO/IEC NIST Chief of Staff. on the basis of established records of
27001 Information security [FR Doc. 2018–06024 Filed 3–23–18; 8:45 am] distinguished service in their
management; and NERC CIP 002–5– BILLING CODE 3510–13–P professional community and their
014–2. knowledge of issues affecting Smart
Additional details about the Energy Grid deployment and operations. The
Sector Asset Management use case are DEPARTMENT OF COMMERCE Committee advises the Director of NIST
available at: https://nccoe.nist.gov/ in carrying out duties authorized by
projects/use-cases/energy-sector/asset- National Institute of Standards and section 1305 of the Energy
management. Technology Independence and Security Act of 2007
NIST cannot guarantee that all of the (Pub. L. 110–140). The Committee
products proposed by respondents will NIST Smart Grid Advisory Committee provides input to NIST on Smart Grid
be used in the demonstration. Each Meeting standards, priorities, and gaps, on the
prospective participant will be expected AGENCY: National Institute of Standards overall direction, status, and health of
to work collaboratively with NIST staff and Technology, Department of the Smart Grid implementation by the
and other project participants under the Commerce. Smart Grid industry, and on the
terms of the consortium CRADA in the ACTION: Notice of open meeting. direction of Smart Grid research and
development of the Energy Sector Asset standards activities. Background
Management use case. Prospective SUMMARY: The National Institute of information on the Committee is
participants’ contribution to the Standards and Technology (NIST) Smart available at http://www.nist.gov/
collaborative effort will include Grid Advisory Committee (SGAC or smartgrid/.
assistance in establishing the necessary Committee) will meet in open session Pursuant to the Federal Advisory
sradovich on DSK3GMQ082PROD with NOTICES
interface functionality, connection and on Tuesday, April 24, 2018 from 8:30 Committee Act, as amended, 5 U.S.C.
set-up capabilities and procedures, a.m. to 5:00 p.m. Eastern time and App., notice is hereby given that the
demonstration harnesses, environmental Wednesday, April 25, 2018 from 8:30 NIST Smart Grid Advisory Committee
and safety conditions for use, integrated a.m. to 12:00 p.m. Eastern time. The (SGAC or Committee) will meet in open
platform user instructions, and primary purposes of this meeting are to session on Tuesday, April 24, 2018 from
demonstration plans and scripts provide updates on NIST Smart Grid 8:30 a.m. to 5:00 p.m. Eastern time and
necessary to demonstrate the desired activities and the intersections with Wednesday, April 25, 2018 from 8:30
VerDate Sep<11>2014 16:38 Mar 23, 2018 Jkt 244001 PO 00000 Frm 00004 Fmt 4703 Sfmt 4703 E:\FR\FM\26MRN1.SGM 26MRN1](https://thefederalregister.org/doc/83_FR_12998/page/2.svg)
Document Created: 2018-03-24 00:59:46
Document Modified: 2018-03-24 00:59:46
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice. | |
| Dates | Interested parties must contact NIST to request a letter of interest template to be completed and submitted to NIST. Letters of interest will be accepted on a first come, first served basis. Collaborative activities will commence as soon as enough completed and | |
| Contact | Jim McCarthy via email to [email protected]; by telephone 301-975-0228; or by mail to National Institute of Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville, MD 20850. Additional details about the Energy Sector Asset Management use case are available at: https:// nccoe.nist.gov/projects/use-cases/energy-sector. | |
| FR Citation | 83 FR 12940 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR