National Cybersecurity Center of Excellence (NCCoE) Energy Sector Asset Management, 12940-12941 [2018-06024]
Download as PDF
<![CDATA[
12940
Federal Register / Vol. 83, No. 58 / Monday, March 26, 2018 / Notices
III. Committee Discussion: human trafficking
a. Vote on agenda of upcoming speakers
IV. Public Comment
V. Next Steps
VI. Adjournment
Exceptional Circumstance: Pursuant
to 41 CFR 102–3.150, the notice for this
meeting is given less than 15 calendar
days prior to the meeting because of the
exceptional circumstance of this
Committee preparing for its upcoming
public meeting to hear testimony.
Dated: March 21, 2018.
David Mussatt,
Supervisory Chief, Regional Programs Unit.
[FR Doc. 2018–06053 Filed 3–23–18; 8:45 am]
BILLING CODE P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No. 180306249–8249–01]
National Cybersecurity Center of
Excellence (NCCoE) Energy Sector
Asset Management
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for the Energy Sector Asset
Management Project. This notice is the
initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the Energy Sector Asset
Management use case. Participation in
the use case is open to all interested
organizations.
DATES: Interested parties must contact
NIST to request a letter of interest
template to be completed and submitted
to NIST. Letters of interest will be
accepted on a first come, first served
basis. Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than April 25, 2018. When the
use case has been completed, NIST will
post a notice on the NCCoE Energy
Sector Asset Management use case
website at: https://nccoe.nist.gov/
projects/use-cases/energy-sector/assetmanagement announcing the
completion of the use case and
sradovich on DSK3GMQ082PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
16:38 Mar 23, 2018
Jkt 244001
informing the public that it will no
longer accept letters of interest for this
use case.
ADDRESSES: The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to energy_nccoe@nist.gov or
via hardcopy to National Institute of
Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville,
MD 20850. Organizations whose letters
of interest are accepted in accordance
with the process set forth in the
SUPPLEMENTARY INFORMATION section of
this notice will be asked to sign a
consortium Cooperative Research and
Development Agreement (CRADA) with
NIST. An NCCoE consortium CRADA
template can be found at: https://
nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT: Jim
McCarthy via email to energy_nccoe@
nist.gov; by telephone 301–975–0228; or
by mail to National Institute of
Standards and Technology, NCCoE;
9700 Great Seneca Highway, Rockville,
MD 20850. Additional details about the
Energy Sector Asset Management use
case are available at: https://
nccoe.nist.gov/projects/use-cases/
energy-sector.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT). By
accelerating dissemination and use of
these integrated tools and technologies
for protecting IT assets, the NCCoE will
enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate platforms for
the Energy Sector Asset Management
use case. The full use case can be
viewed at: https://nccoe.nist.gov/
projects/use-cases/energy-sector/assetmanagement.
Interested parties should contact NIST
using the information provided in the
FOR FURTHER INFORMATION CONTACT
PO 00000
Frm 00003
Fmt 4703
Sfmt 4703
section of this notice. NIST will then
provide each interested party with a
letter of interest template, which the
party must complete, certify that it is
accurate, and submit to NIST. NIST will
contact interested parties if there are
questions regarding the responsiveness
of the letters of interest to the use case
objective or requirements identified
below. NIST will select participants
who have submitted complete letters of
interest on a first come, first served
basis within each category of product
components or capabilities listed below
up to the number of participants in each
category necessary to carry out this use
case. However, there may be continuing
opportunity to participate even after
initial activity commences. Selected
participants will be required to enter
into a consortium CRADA with NIST
(for reference, see ADDRESSES section
above). NIST published a notice in the
Federal Register on October 19, 2012
(77 FR 64314) inviting U.S. companies
to enter into a National Cybersecurity
Excellence Partnerships (NCEPs) in
furtherance of the NCCoE. For this
demonstration project, NCEP partners
will not be given priority for
participation.
Use case Objective: The objective of
this use case is to provide guidance on
how energy companies may enhance OT
(Operational Technology)/ICS
(Industrial Controls System) asset
management by leveraging capabilities
that may already exist in an operating
environment or by implementing new
ones. A detailed description of the
Energy Sector Asset Management use
case is available at: https://
nccoe.nist.gov/projects/use-cases/
energy-sector/asset-management.
Requirements: Each responding
organization’s letter of interest should
identify which security platform
component(s) or capability(ies) it is
offering. Letters of interest should not
include company proprietary
information, all components and
capabilities must be commercially
available, and all products must be able
to specifically address OT/ICS
environments in order to be considered
for collaboration on this project.
Components are listed in section 3 of
the Energy Sector Asset Management
use case (for reference, please see the
link in the PROCESS section above) and
include, but are not limited to:
• OT/ICS-specific asset discovery and
management tools
• Reliable/secure/encrypted
communication devices
• Cybersecurity event/attack detection
capability
E:\FR\FM\26MRN1.SGM
26MRN1
sradovich on DSK3GMQ082PROD with NOTICES
Federal Register / Vol. 83, No. 58 / Monday, March 26, 2018 / Notices
• Alerting capability (e.g. Security
Information and Event Management
or SIEM)
Each responding organization’s letter
of interest should identify how their
products address one or more of the
following desired solution
characteristics in section 3 of the Energy
Sector Asset Management use case (for
reference, please see the link in the
PROCESS section above):
• OT/ICS asset inventory (to include
devices using serial connections)
• high-speed communication
mechanisms for remote asset
management
• reliable/secure/encrypted
communications
• continuous asset monitoring
• log analysis and correlation
• cybersecurity event/attack detection
• patch level information
Responding organizations need to
understand and, in their letters of
interest, commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
organization’s experts necessary to make
functional connections among security
platform components.
2. Support for development and
demonstration of the Energy Sector
Asset Management use case in NCCoE
facilities which will be conducted in a
manner consistent with the following
standards and guidance: NIST Special
Publications 1800–5 (DRAFT); 1800–7
(DRAFT); 800–40; 800–53;800–82; 800–
160; 800–52; NIST Cybersecurity
Framework; NIST Cryptographic
Standards and Guidelines; ISO/IEC
27001 Information security
management; and NERC CIP 002–5–
014–2.
Additional details about the Energy
Sector Asset Management use case are
available at: https://nccoe.nist.gov/
projects/use-cases/energy-sector/assetmanagement.
NIST cannot guarantee that all of the
products proposed by respondents will
be used in the demonstration. Each
prospective participant will be expected
to work collaboratively with NIST staff
and other project participants under the
terms of the consortium CRADA in the
development of the Energy Sector Asset
Management use case. Prospective
participants’ contribution to the
collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate the desired
VerDate Sep<11>2014
16:38 Mar 23, 2018
Jkt 244001
capabilities. Each participant will train
NIST personnel, as necessary, to operate
its product in capability
demonstrations. Following successful
demonstrations, NIST will publish a
description of the security platform and
its performance characteristics sufficient
to permit other organizations to develop
and deploy security platforms that meet
the security objectives of the Energy
Sector Asset Management use case.
These descriptions will be public
information.
Under the terms of the consortium
CRADA, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of the
Energy Sector Asset Management use
case capability will be announced on
the NCCoE website at least two weeks
in advance at https://nccoe.nist.gov/. The
expected outcome of the demonstration
is to improve security across the energy
sector. Participating organizations will
gain from the knowledge that their
products are interoperable with other
participants’ offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
the NCCoE website https://
nccoe.nist.gov/.
Kevin Kimball,
NIST Chief of Staff.
[FR Doc. 2018–06024 Filed 3–23–18; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
NIST Smart Grid Advisory Committee
Meeting
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice of open meeting.
AGENCY:
The National Institute of
Standards and Technology (NIST) Smart
Grid Advisory Committee (SGAC or
Committee) will meet in open session
on Tuesday, April 24, 2018 from 8:30
a.m. to 5:00 p.m. Eastern time and
Wednesday, April 25, 2018 from 8:30
a.m. to 12:00 p.m. Eastern time. The
primary purposes of this meeting are to
provide updates on NIST Smart Grid
activities and the intersections with
SUMMARY:
PO 00000
Frm 00004
Fmt 4703
Sfmt 4703
12941
Cyber-Physical Systems program
activities, and discuss development and
stakeholder engagement for the NIST
Framework and Roadmap for Smart
Grid Interoperability Standards, Release
4.0. The agenda may change to
accommodate Committee business. The
final agenda will be posted on the Smart
Grid website at https://www.nist.gov/
smartgrid.
DATES: The SGAC will meet on Tuesday,
April 24, 2018 from 8:30 a.m. to 5:00
p.m. Eastern time and Wednesday, April
25, 2018 from 8:30 a.m. to 12:00 p.m.
Eastern time.
ADDRESSES: The meeting will be held in
Conference Room C103, Building 215
(Advanced Measurement Laboratory),
National Institute of Standards and
Technology, 100 Bureau Drive,
Gaithersburg, Maryland 20899. Please
note admittance instructions under the
SUPPLEMENTARY INFORMATION section of
this notice.
FOR FURTHER INFORMATION CONTACT: Mr.
Cuong Nguyen, Smart Grid and CyberPhysical Systems Program Office,
National Institute of Standards and
Technology, 100 Bureau Drive, Mail
Stop 8200, Gaithersburg, MD 20899–
8200; telephone 301–975–2254, fax
301–948–5668; or via email at
cuong.nguyen@nist.gov.
SUPPLEMENTARY INFORMATION: The
Committee was established in
accordance with the Federal Advisory
Committee Act, as amended, 5 U.S.C.
App. The Committee is composed of
nine to fifteen members, appointed by
the Director of NIST, who were selected
on the basis of established records of
distinguished service in their
professional community and their
knowledge of issues affecting Smart
Grid deployment and operations. The
Committee advises the Director of NIST
in carrying out duties authorized by
section 1305 of the Energy
Independence and Security Act of 2007
(Pub. L. 110–140). The Committee
provides input to NIST on Smart Grid
standards, priorities, and gaps, on the
overall direction, status, and health of
the Smart Grid implementation by the
Smart Grid industry, and on the
direction of Smart Grid research and
standards activities. Background
information on the Committee is
available at https://www.nist.gov/
smartgrid/.
Pursuant to the Federal Advisory
Committee Act, as amended, 5 U.S.C.
App., notice is hereby given that the
NIST Smart Grid Advisory Committee
(SGAC or Committee) will meet in open
session on Tuesday, April 24, 2018 from
8:30 a.m. to 5:00 p.m. Eastern time and
Wednesday, April 25, 2018 from 8:30
E:\FR\FM\26MRN1.SGM
26MRN1
]]>Agencies
[Federal Register Volume 83, Number 58 (Monday, March 26, 2018)]
[Notices]
[Pages 12940-12941]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-06024]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No. 180306249-8249-01]
National Cybersecurity Center of Excellence (NCCoE) Energy Sector
Asset Management
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for the Energy Sector Asset
Management Project. This notice is the initial step for the National
Cybersecurity Center of Excellence (NCCoE) in collaborating with
technology companies to address cybersecurity challenges identified
under the Energy Sector Asset Management use case. Participation in the
use case is open to all interested organizations.
DATES: Interested parties must contact NIST to request a letter of
interest template to be completed and submitted to NIST. Letters of
interest will be accepted on a first come, first served basis.
Collaborative activities will commence as soon as enough completed and
signed letters of interest have been returned to address all the
necessary components and capabilities, but no earlier than April 25,
2018. When the use case has been completed, NIST will post a notice on
the NCCoE Energy Sector Asset Management use case website at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management
announcing the completion of the use case and informing the public that
it will no longer accept letters of interest for this use case.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to
[email protected] or via hardcopy to National Institute of
Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville,
MD 20850. Organizations whose letters of interest are accepted in
accordance with the process set forth in the SUPPLEMENTARY INFORMATION
section of this notice will be asked to sign a consortium Cooperative
Research and Development Agreement (CRADA) with NIST. An NCCoE
consortium CRADA template can be found at: https://nccoe.nist.gov/node/138.
FOR FURTHER INFORMATION CONTACT: Jim McCarthy via email to
[email protected]; by telephone 301-975-0228; or by mail to
National Institute of Standards and Technology, NCCoE; 9700 Great
Seneca Highway, Rockville, MD 20850. Additional details about the
Energy Sector Asset Management use case are available at: https://nccoe.nist.gov/projects/use-cases/energy-sector.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT). By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate platforms for the Energy Sector
Asset Management use case. The full use case can be viewed at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management.
Interested parties should contact NIST using the information
provided in the FOR FURTHER INFORMATION CONTACT section of this notice.
NIST will then provide each interested party with a letter of interest
template, which the party must complete, certify that it is accurate,
and submit to NIST. NIST will contact interested parties if there are
questions regarding the responsiveness of the letters of interest to
the use case objective or requirements identified below. NIST will
select participants who have submitted complete letters of interest on
a first come, first served basis within each category of product
components or capabilities listed below up to the number of
participants in each category necessary to carry out this use case.
However, there may be continuing opportunity to participate even after
initial activity commences. Selected participants will be required to
enter into a consortium CRADA with NIST (for reference, see ADDRESSES
section above). NIST published a notice in the Federal Register on
October 19, 2012 (77 FR 64314) inviting U.S. companies to enter into a
National Cybersecurity Excellence Partnerships (NCEPs) in furtherance
of the NCCoE. For this demonstration project, NCEP partners will not be
given priority for participation.
Use case Objective: The objective of this use case is to provide
guidance on how energy companies may enhance OT (Operational
Technology)/ICS (Industrial Controls System) asset management by
leveraging capabilities that may already exist in an operating
environment or by implementing new ones. A detailed description of the
Energy Sector Asset Management use case is available at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management.
Requirements: Each responding organization's letter of interest
should identify which security platform component(s) or capability(ies)
it is offering. Letters of interest should not include company
proprietary information, all components and capabilities must be
commercially available, and all products must be able to specifically
address OT/ICS environments in order to be considered for collaboration
on this project. Components are listed in section 3 of the Energy
Sector Asset Management use case (for reference, please see the link in
the PROCESS section above) and include, but are not limited to:
OT/ICS-specific asset discovery and management tools
Reliable/secure/encrypted communication devices
Cybersecurity event/attack detection capability
[[Page 12941]]
Alerting capability (e.g. Security Information and Event
Management or SIEM)
Each responding organization's letter of interest should identify
how their products address one or more of the following desired
solution characteristics in section 3 of the Energy Sector Asset
Management use case (for reference, please see the link in the PROCESS
section above):
OT/ICS asset inventory (to include devices using serial
connections)
high-speed communication mechanisms for remote asset
management
reliable/secure/encrypted communications
continuous asset monitoring
log analysis and correlation
cybersecurity event/attack detection
patch level information
Responding organizations need to understand and, in their letters
of interest, commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components.
2. Support for development and demonstration of the Energy Sector
Asset Management use case in NCCoE facilities which will be conducted
in a manner consistent with the following standards and guidance: NIST
Special Publications 1800-5 (DRAFT); 1800-7 (DRAFT); 800-40; 800-
53;800-82; 800-160; 800-52; NIST Cybersecurity Framework; NIST
Cryptographic Standards and Guidelines; ISO/IEC 27001 Information
security management; and NERC CIP 002-5-014-2.
Additional details about the Energy Sector Asset Management use
case are available at: https://nccoe.nist.gov/projects/use-cases/energy-sector/asset-management.
NIST cannot guarantee that all of the products proposed by
respondents will be used in the demonstration. Each prospective
participant will be expected to work collaboratively with NIST staff
and other project participants under the terms of the consortium CRADA
in the development of the Energy Sector Asset Management use case.
Prospective participants' contribution to the collaborative effort will
include assistance in establishing the necessary interface
functionality, connection and set-up capabilities and procedures,
demonstration harnesses, environmental and safety conditions for use,
integrated platform user instructions, and demonstration plans and
scripts necessary to demonstrate the desired capabilities. Each
participant will train NIST personnel, as necessary, to operate its
product in capability demonstrations. Following successful
demonstrations, NIST will publish a description of the security
platform and its performance characteristics sufficient to permit other
organizations to develop and deploy security platforms that meet the
security objectives of the Energy Sector Asset Management use case.
These descriptions will be public information.
Under the terms of the consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of the Energy Sector Asset
Management use case capability will be announced on the NCCoE website
at least two weeks in advance at https://nccoe.nist.gov/. The expected
outcome of the demonstration is to improve security across the energy
sector. Participating organizations will gain from the knowledge that
their products are interoperable with other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit the NCCoE website
https://nccoe.nist.gov/.
Kevin Kimball,
NIST Chief of Staff.
[FR Doc. 2018-06024 Filed 3-23-18; 8:45 am]
BILLING CODE 3510-13-P
