Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Situational Awareness for Electric Utilities



James J. McCarthy, Otis Alexander, Sallie Edwards, Don Faatz, Chris Peloquin, Susan Symington, Andre Thibault, John Wiltberger, Karen Viani


Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high level of visibility into their operating environments to ensure the security of their operational resources (operational technology [OT]), including industrial control systems, buildings, and plant equipment. However, energy companies, as well as all other utilities with similar infrastructure and situational awareness challenges, also need insight into their corporate or information technology (IT) and physical access control systems (PACS). The convergence of data across these three often self‐contained silos (OT, IT, and PACS) can better protect power generation, transmission, and distribution. Real‐time or near real‐time situational awareness is a key element in ensuring this visibility across all resources. Situational awareness, as defined in this use case, is the ability to comprehensively identify and correlate anomalous conditions pertaining to industrial control systems, IT resources, access to buildings, facilities, and other business mission‐essential resources. For energy companies, having NIST SP 1800‐7b: Situational Awareness for Electric Utilities iii This publication is available free of charge from:‐7. mechanisms to capture, transmit, view, analyze, and store real‐time or near‐real‐time data from industrial control systems (ICS) and related networking equipment provides energy companies with the information needed to deter, identify, respond to, and mitigate cyber attacks against their assets. With such mechanisms in place, electric utility owners and operators can more readily detect anomalous conditions, take appropriate actions to remediate them, investigate the chain of events that led to the anomalies, and share findings with other energy companies.
Special Publication (NIST SP) - 1800-7
Report Number


correlated events, cybersecurity, energy sector, information technology, operational technology, physical access control systems, security event and incident management, situational awareness


McCarthy, J. , Alexander, O. , Edwards, S. , Faatz, D. , Peloquin, C. , Symington, S. , Thibault, A. , Wiltberger, J. and Viani, K. (2019), Situational Awareness for Electric Utilities, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 15, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created August 6, 2019, Updated March 1, 2021