From National Institute of Standards and Technology (US) and From NIST National Cybersecurity Center of Excellence (US) : “Securing the Industrial Internet of Things”

From National Institute of Standards and Technology (US)

and

From NIST National Cybersecurity Center of Excellence (US)

1

Current Status

The NCCoE released for public comment a preliminary draft of Volumes A and B of NIST SP 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources. Implementation of the example solution at the NCCoE is ongoing. We are providing this preliminary draft to gather valuable feedback and inform stakeholders of the progress of the project. Organizations are encouraged to review the preliminary draft and provide feedback online or via email to energy_nccoe@nist.gov by May 24, 2021.

SP 1800-32A: Executive Summary (PDF)
SP 1800-32B: Approach, Architecture, and Security Characteristics (PDF)
SP 1800-32C: How-To Guides (under development)

Read the Securing Distributed Energy Resources one-page flyer to learn about the cybersecurity capabilities demonstrated in the project.

Read the two-page fact sheet for a brief overview of this project.

If you have questions or would like to join our Community of Interest, please email the project team at energy_nccoe@nist.gov.

Summary

The Industrial Internet of Things, or IIoT, refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and industrial sectors. In the energy sector, distributed energy resources (DERs), such as solar photovoltaics and wind turbines, introduce information exchanges between a utility’s distribution control system and the DERs to manage the flow of energy in the distribution grid. These information exchanges often employ IIoT technologies that may lack communications security. Additionally, the operating characteristics of DERs are dynamic and significantly different from those of traditional power generation capabilities. Timely management of DER capabilities often requires a higher degree of automation. Introduction of additional automation into DER management and control systems can also introduce cybersecurity risks. Managing the automation, the increased need for information exchanges, and the cybersecurity associated with these presents significant challenges.

The National Cybersecurity Center of Excellence (NCCoE) is proposing a project that will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections.

Our goal in this project is to document an approach for improving the overall security of IIoT in a DER environment that will address the following areas of interest:

The information exchanges between and among DER systems and distribution facilities/entities, and the cybersecurity considerations involved in these interactions.
The processes and cybersecurity technologies needed for trusted device identification and communication with other devices.
The ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring.
The mechanisms that can be used for ensuring the integrity of command and operational data and the components that produce and receive this data.
Data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

2
3
4
5
6
7
8
9

11

See the full article here.

five-ways-keep-your-child-safe-school-shootings

Please help promote STEM in your local schools.

Stem Education Coalition

The National Cybersecurity Center of Excellence (NCCoE) is a US government organization that builds and publicly shares solutions to cybersecurity problems faced by U.S. businesses. The center, located in Rockville, Maryland, was established in 2012 through a partnership with the National Institute of Standards and Technology (US), the State of Maryland, and Montgomery County. The center is partnered with nearly 20 market-leading IT companies, which contribute hardware, software and expertise.

The NCCoE asks industry sector members about their cybersecurity problems, then selects issues that affect an entire sector or reaches across sectors. The center forms a team of people from cybersecurity technology companies, other federal agencies and academia to address each problem. The teams work in the center’s labs to build example solutions using commercially available, off-the-shelf products. For each example solution, the NCCoE publishes a practice guide, a collection of the materials and information needed to deploy the example solution, and makes it available to the general public. The center’s goal is to “accelerate the deployment and use of secure technologies” that can help businesses improve their defenses against cyber attack.

In September 2014, the National Institute of Standards and Technology (NIST) awarded a contract to the MITRE Corporation to operate the Department of Commerce’s first Federally Funded Research and Development Center (FFRDC), the National Cybersecurity FFRDC, which supports the NCCoE. According to the press release on the NIST website, “this FFRDC is the first solely dedicated to enhancing the security of the nation’s information systems.” The press release states that the FFRDC will help the NCCoE “expand and accelerate its public-private collaborations” and focus on “boosting the security of U.S. information systems.” “FFRDCs operate in the public interest and are required to be free from organizational conflicts of interest as well as bias toward any particular company, technology or product—key attributes given the NCCoE’s collaborative nature…The first three task orders under the contract will allow the NCCoE to expand its efforts in developing use cases and building blocks and provide operations management and facilities planning.”

National Cybersecurity Excellence Partners (NCEPs) offer technology companies the opportunity to develop long-term relationships with the NCCoE and NIST. As core partners, NCEPs can provide hardware, software, or personnel who collaborate with the NCCoE on current projects.

NIST Campus, Gaitherberg, MD, USA

National Institute of Standards and Technology (US)‘s Mission, Vision, Core Competencies, and Core Values

Mission

To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

NIST’s vision

NIST will be the world’s leader in creating critical measurement solutions and promoting equitable standards. Our efforts stimulate innovation, foster industrial competitiveness, and improve the quality of life.

NIST’s core competencies

Measurement science
Rigorous traceability
Development and use of standards

NIST’s core values

NIST is an organization with strong values, reflected both in our history and our current work. NIST leadership and staff will uphold these values to ensure a high performing environment that is safe and respectful of all.

Perseverance: We take the long view, planning the future with scientific knowledge and imagination to ensure continued impact and relevance for our stakeholders.
Integrity: We are ethical, honest, independent, and provide an objective perspective.
Inclusivity: We work collaboratively to harness the diversity of people and ideas, both inside and outside of NIST, to attain the best solutions to multidisciplinary challenges.
Excellence: We apply rigor and critical thinking to achieve world-class results and continuous improvement in everything we do.

Background

The Articles of Confederation, ratified by the colonies in 1781, contained the clause, “The United States in Congress assembled shall also have the sole and exclusive right and power of regulating the alloy and value of coin struck by their own authority, or by that of the respective states—fixing the standards of weights and measures throughout the United States”. Article 1, section 8, of the Constitution of the United States (1789), transferred this power to Congress; “The Congress shall have power…To coin money, regulate the value thereof, and of foreign coin, and fix the standard of weights and measures”.

In January 1790, President George Washington, in his first annual message to Congress stated that, “Uniformity in the currency, weights, and measures of the United States is an object of great importance, and will, I am persuaded, be duly attended to”, and ordered Secretary of State Thomas Jefferson to prepare a plan for Establishing Uniformity in the Coinage, Weights, and Measures of the United States, afterwards referred to as the Jefferson report. On October 25, 1791, Washington appealed a third time to Congress, “A uniformity of the weights and measures of the country is among the important objects submitted to you by the Constitution and if it can be derived from a standard at once invariable and universal, must be no less honorable to the public council than conducive to the public convenience”, but it was not until 1838, that a uniform set of standards was worked out. In 1821, John Quincy Adams had declared “Weights and measures may be ranked among the necessities of life to every individual of human society”.

From 1830 until 1901, the role of overseeing weights and measures was carried out by the Office of Standard Weights and Measures, which was part of the U.S. Coast and Geodetic Survey in the Department of the Treasury.

Bureau of Standards

In 1901 in response to a bill proposed by Congressman James H. Southard (R- Ohio) the National Bureau of Standards was founded with the mandate to provide standard weights and measures and to serve as the national physical laboratory for the United States. (Southard had previously sponsored a bill for metric conversion of the United States.)

President Theodore Roosevelt appointed Samuel W. Stratton as the first director. The budget for the first year of operation was $40,000. The Bureau took custody of the copies of the kilogram and meter bars that were the standards for US measures, and set up a program to provide metrology services for United States scientific and commercial users. A laboratory site was constructed in Washington DC (US) and instruments were acquired from the national physical laboratories of Europe. In addition to weights and measures the Bureau developed instruments for electrical units and for measurement of light. In 1905 a meeting was called that would be the first National Conference on Weights and Measures.

Initially conceived as purely a metrology agency the Bureau of Standards was directed by Herbert Hoover to set up divisions to develop commercial standards for materials and products. Some of these standards were for products intended for government use; but product standards also affected private-sector consumption. Quality standards were developed for products including some types of clothing; automobile brake systems and headlamps; antifreeze; and electrical safety. During World War I, the Bureau worked on multiple problems related to war production even operating its own facility to produce optical glass when European supplies were cut off. Between the wars Harry Diamond of the Bureau developed a blind approach radio aircraft landing system. During World War II military research and development was carried out including development of radio propagation forecast methods; the proximity fuze and the standardized airframe used originally for Project Pigeon; and shortly afterwards the autonomously radar-guided Bat anti-ship guided bomb and the Kingfisher family of torpedo-carrying missiles.

In 1948, financed by the United States Air Force the Bureau began design and construction of SEAC: the Standards Eastern Automatic Computer. The computer went into operation in May 1950 using a combination of vacuum tubes and solid-state diode logic. About the same time the Standards Western Automatic Computer, was built at the Los Angeles office of the NBS by Harry Huskey and used for research there. A mobile version- DYSEAC- was built for the Signal Corps in 1954.

Due to a changing mission, the “National Bureau of Standards” became the “National Institute of Standards and Technology (US)” in 1988.

Following September 11, 2001, NIST conducted the official investigation into the collapse of the World Trade Center buildings.

Organization

NIST is headquartered in Gaithersburg, Maryland, and operates a facility in Boulder, Colorado, which was dedicated by President Eisenhower in 1954. NIST’s activities are organized into laboratory programs and extramural programs. Effective October 1, 2010, NIST was realigned by reducing the number of NIST laboratory units from ten to six. NIST Laboratories include:

Communications Technology Laboratory (CTL)
Engineering Laboratory (EL)
Information Technology Laboratory (ITL)
Center for Neutron Research (NCNR)
Material Measurement Laboratory (MML)
Physical Measurement Laboratory (PML)

Extramural programs include:

Hollings Manufacturing Extension Partnership (MEP), a nationwide network of centers to assist small and mid-sized manufacturers to create and retain jobs, improve efficiencies, and minimize waste through process improvements and to increase market penetration with innovation and growth strategies;
Technology Innovation Program (TIP), a grant program where NIST and industry partners cost share the early-stage development of innovative but high-risk technologies;
Baldrige Performance Excellence Program, which administers the Malcolm Baldrige National Quality Award, the nation’s highest award for performance and business excellence.

NIST’s Boulder laboratories are best known for NIST‑F1 which houses an atomic clock. NIST‑F1 serves as the source of the nation’s official time. From its measurement of the natural resonance frequency of cesium—which defines the second—NIST broadcasts time signals via longwave radio station WWVB near Fort Collins in Colorado, and shortwave radio stations WWV and WWVH, located near Fort Collins and Kekaha in Hawai’i, respectively.

NIST also operates a neutron science user facility: the NIST Center for Neutron Research (NCNR). The NCNR provides scientists access to a variety of neutron scattering instruments which they use in many research fields (materials science; fuel cells; biotechnology etc.).

The SURF III Synchrotron Ultraviolet Radiation Facility is a source of synchrotron radiation in continuous operation since 1961. SURF III now serves as the US national standard for source-based radiometry throughout the generalized optical spectrum. All NASA-borne extreme-ultraviolet observation instruments have been calibrated at SURF since the 1970s, and SURF is used for measurement and characterization of systems for extreme ultraviolet lithography.

The Center for Nanoscale Science and Technology (CNST) performs research in nanotechnology, both through internal research efforts and by running a user-accessible cleanroom nanomanufacturing facility. This “NanoFab” is equipped with tools for lithographic patterning and imaging (e.g., electron microscopes and atomic force microscopes).

Committees

NIST has seven standing committees:

Technical Guidelines Development Committee (TGDC)
Advisory Committee on Earthquake Hazards Reduction (ACEHR)
National Construction Safety Team Advisory Committee (NCST Advisory Committee)
Information Security and Privacy Advisory Board (ISPAB)
Visiting Committee on Advanced Technology (VCAT)
Board of Overseers for the Malcolm Baldrige National Quality Award (MBNQA Board of Overseers)
Manufacturing Extension Partnership National Advisory Board (MEPNAB)

Measurements and standards

As part of its mission, NIST supplies industry, academia, government, and other users with over 1,300 Standard Reference Materials (SRMs). These artifacts are certified as having specific characteristics or component content, used as calibration standards for measuring equipment and procedures, quality control benchmarks for industrial processes, and experimental control samples.

Handbook 44

NIST publishes the Handbook 44 each year after the annual meeting of the National Conference on Weights and Measures (NCWM). Each edition is developed through cooperation of the Committee on Specifications and Tolerances of the NCWM and the Weights and Measures Division (WMD) of the NIST. The purpose of the book is a partial fulfillment of the statutory responsibility for “cooperation with the states in securing uniformity of weights and measures laws and methods of inspection”.

NIST has been publishing various forms of what is now the Handbook 44 since 1918 and began publication under the current name in 1949. The 2010 edition conforms to the concept of the primary use of the SI (metric) measurements recommended by the Omnibus Foreign Trade and Competitiveness Act of 1988.