Situational awareness, in the context of this guide, is the understanding of one's environment and the ability to predict how it might change due to various factors. As part of their current cybersecurity efforts, some electric utilities monitor physical, operational, and information technology (IT) separately. According to energy sector stakeholders, many utilities are currently assessing a more comprehensive approach to situational awareness, which, through increased real-time or near real-time cybersecurity monitoring, can enhance the resilience of their operations. The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a laboratory environment to explore an example solution that can be used by energy sector companies to alert their staff to potential or actual cyber attacks directed at the grid. The security characteristics in our situational awareness platform are informed by guidance and best practices from standards organizations, including the NIST Cybersecurity Framework and North American Electric Reliability Corporation's (NERC) Critical Infrastructure Protection (CIP) Version 5 standards. This NIST Cybersecurity Practice Guide demonstrates how organizations can use commercially available products that can be integrated with an organization's existing infrastructure. The combination of these products provides a converged view of all sensor data within the utility's network systems, including IT, operational, cyber, and physical access control systems, which often exists in separate "silos." The example solution is packaged as a "how to" guide that demonstrates implementation of standardsbased cybersecurity technologies in the real world and based on risk management. The guide may help inform electric utilities in their efforts to gain situational awareness efficiencies. Doing so may enable faster monitoring, identification, and response to incidents while also saving research and proof-ofconcept costs for the sector and its ratepayers and customers. CHALLENGE As part of the agenda to address the U.S. critical infrastructure, the energy sector, along with healthcare, finance, transportation, water, and communications sectors, has reported significant cyber incidents. As an integral component to the energy sector, industrial control systems (ICS) are increasingly vulnerable to cybersecurity threats, whether intentional or unintentional. In December 2015, the energy sector realized the potential effect of a combined attack on an electric utility's IT and ICS. In this instance, a Ukraine power grid was attacked, resulting in an electricity disruption that left approximately 225,000 people without electric power. The malicious actors then inundated the company's customer service center with calls, which slowed the response time to the electricity outage by causing internal challenges. The monitoring model used by some electric utilities includes separate physical, operational, and IT silos, a practice that lacks efficiency and can negativel...
