Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Situational Awareness for Electric Utilities



James J. McCarthy, Otis Alexander, Sallie Edwards, Don Faatz, Chris Peloquin, Susan Symington, Andre Thibault, John Wiltberger, Karen Viani


Through direct dialogue between NCCoE staff and members of the energy sector (comprised mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high level of visibility into their operating environments to ensure the security of their operational resources (operational technology [OT]), including industrial control systems, buildings, and plant equipment. However, energy companies, as well as all other utilities with similar infrastructure and situational awareness challenges, also need insight into their corporate or information technology (IT) and physical access control systems (PACS). The convergence of data across these three often self‐contained silos (OT, IT, and PACS) can better protect power generation, transmission, and distribution. Real‐time or near real‐time situational awareness is a key element in ensuring this visibility across all resources. Situational awareness, as defined in this use case, is the ability to comprehensively identify and correlate anomalous conditions pertaining to industrial control systems, IT resources, access to buildings, facilities, and other business mission‐essential resources. For energy companies, having NIST SP 1800‐7b: Situational Awareness for Electric Utilities iii This publication is available free of charge from:‐7. mechanisms to capture, transmit, view, analyze, and store real‐time or near‐real‐time data from industrial control systems (ICS) and related networking equipment provides energy companies with the information needed to deter, identify, respond to, and mitigate cyber attacks against their assets. With such mechanisms in place, electric utility owners and operators can more readily detect anomalous conditions, take appropriate actions to remediate them, investigate the chain of events that led to the anomalies, and share findings with other energy companies.
Special Publication (NIST SP) - 1800-7
Report Number


correlated events, cybersecurity, energy sector, information technology, operational technology, physical access control systems, security event and incident management, situational awareness
Created August 7, 2019, Updated January 27, 2020