Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high level of visibility into their operating environments to ensure the security of their operational resources (operational technology [OT]), including industrial control systems, buildings, and plant equipment. However, energy companies, as well as all other utilities with similar infrastructure and situational awareness challenges, also need insight into their corporate or information technology (IT) and physical access control systems (PACS). The convergence of data across these three often self‐contained silos (OT, IT, and PACS) can better protect power generation, transmission, and distribution. Real‐time or near real‐time situational awareness is a key element in ensuring this visibility across all resources. Situational awareness, as defined in this use case, is the ability to comprehensively identify and correlate anomalous conditions pertaining to industrial control systems, IT resources, access to buildings, facilities, and other business mission‐essential resources. For energy companies, having NIST SP 1800‐7b: Situational Awareness for Electric Utilities iii This publication is available free of charge from: http://dx.doi.org/10.6028/NIST.SP.1800
‐7. mechanisms to capture, transmit, view, analyze, and store real‐time or near‐real‐time data from industrial control systems (ICS) and related networking equipment provides energy companies with the information needed to deter, identify, respond to, and mitigate cyber attacks against their assets. With such mechanisms in place, electric utility owners and operators can more readily detect anomalous conditions, take appropriate actions to remediate them, investigate the chain of events that led to the anomalies, and share findings with other energy companies.