Industrial organizations face a growing list of digital threats these days. Back in April 2019, for instance, FireEye revealed that it had observed an additional intrusion by the threat group behind the destructive TRITON malware at another critical infrastructure. This discovery came less than two years after the security firm discovered an attack in which the threat actor leveraged their TRITON attack framework to manipulate safety systems and cause a shutdown at a critical infrastructure organization.

TRITON isn’t the only threat that’s recently preyed on organizations, either. In June 2019, for example, researchers at Dragos uncovered new threat activity from the XENOTIME group where attackers expanded their targeting beyond oil and gas companies to electric utilities. It was a short time thereafter that the industrial security company spotted another actor called “HEXANE” going after oil and gas companies in the Middle East as well as telcom providers in the Middle East, Central Asia and Africa.

Fortunately, these and other incidents failed to go unnoticed by the broader industrial security community. Many in the industrial security space carefully tracked these stories and shared IoCs/other threat intel with industrial organizations to help them stay safe. Some decided to do even more.

Among them was the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST),  a collaborative hub where industry organizations, government agencies and academic institutions work together to address businesses’ most pressing cybersecurity challenges. NCCoE began working on developing a cybersecurity project involving asset management a short time ago. The purpose of the project was to help energy utilities and the oil the gas industry develop an automated solution to better manage their industrial control system (ICS) assets.

Towards that end, the NCCoE released a draft practice guide NIST Special Publication 1800-23, Energy Sector (Read more...)