Tripwire Contributes to NIST’s New Guide Available to Help Electric Utilities, Oil & Gas Industry with Asset Management
PORTLAND, Ore. – September 23, 2019 – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, has announced that is has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on a project to help energy utilities and the oil & gas industry develop an automated solution to better manage their industrial control system (ICS) assets.
The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released draft practice guide NIST Special Publication 1800-23, Energy Sector Asset Management.
This practice guide aims to help energy sector companies implement an asset management solution to monitor and manage ICS assets at all times. Standards and best practices were used to deploy strong asset management solutions that use open and scalable standards. The guide also maps capabilities to NIST guidance and control families, including the NIST Cybersecurity Framework.
“Many organizations lack a complete view of their operational technology assets and processes. This guide presents the cybersecurity risks associated with a lack of visibility of energy sector assets and how to mitigate those risks using commercially available technology,” said Jim McCarthy, NCCoE senior security engineer.
This practice guide demonstrates how commercially available technologies, like Tripwire Industrial Visibility*, can be integrated with existing tools to monitor activity in industrial control environments and detect anomalies.
“Tripwire provides industrial organizations visibility into cyber events that could affect the safety, productivity and quality of their operations,” said Tim Erlin, vice president of product management and strategy. “Our anomaly detection capabilities deliver deep, granular visibility into industrial devices and network activity to provide a baseline of normal operations and alert to any changes, without disrupting operational processes.”
*While the example implementation uses certain products, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.
Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s award-winning portfolio delivers top critical security controls, including asset discovery, secure configuration management, vulnerability management and log management. As the pioneers of file integrity monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations discover, minimize and monitor their attack surfaces.
Learn more at https://www.tripwire.com/, get security news, trends and insights at www.tripwire.com/blog, or connect with us on LinkedIn, Twitter and Facebook.