The Nationwide Institute of Requirements and Know-how’s cybersecurity hub is organizing a brand new undertaking centered on serving to important infrastructure organizations achieve higher visibility into their operational expertise environments.
Cherilyn Pascoe, director of NIST’s Nationwide Cybersecurity Heart of Excellence, stated the NCCoE is launching the OT cybersecurity undertaking after engaged on a number of efforts associated to particular important infrastructure sectors.
The middle lately has labored on a water and wastewater cybersecurity undertaking, and extra not too long ago, it launched a draft doc to assist transit businesses implement NIST’s cybersecurity framework, amongst many different initiatives.
“We started to think about, let’s step back. Let’s think about, what is the one project that we could run,” Pascoe stated April 16 at GovCIO’s “CyberScape” convention in Arlington, Va. “We had several conversations with different critical infrastructure sectors and asked them, ‘What are your biggest challenges?’ And across the board, the largest challenge that came up was asset management, asset visibility.”
The OT cybersecurity undertaking can be a “foundational topic,” Pascoe stated.
“It certainly does not mean that it is an easy topic,” she added. “Especially in OT and industrial control system environments, visibility is very difficult. You’re dealing with legacy systems, distributed environments.”
The brand new undertaking will show “how to do asset visibility in an OT environment,” Pascoe stated.
The NIST undertaking comes amid longstanding issues about hackers concentrating on OT environments to bodily disrupt important infrastructure programs. The Cybersecurity and Infrastructure Safety Company final yr joined with a number of different U.S. and worldwide cyber businesses in urging important infrastructure organizations to stock their OT property.
Cyber specialists have routinely warned that important infrastructure organizations, particularly smaller water utilities and others with fewer assets, need assistance rising their cyber defenses towards nation-state assaults.
“I would say we need to start even at the very beginning,” Tatyana Bolton, government director of the Operational Know-how Cyber Coalition, stated throughout a Home Homeland Safety Committee listening to final yr. “Most sectors have not done an OT asset inventory. So they don’t even know what they have.”
Extra not too long ago, advances in synthetic intelligence have sparked issues that hackers will be capable of use offensive AI instruments to shortly uncover cyber vulnerabilities in important programs.
Pascoe stated NIST could be launching a consortium with business and authorities businesses to maneuver the OT visibility undertaking ahead.
“Our hope is to be able to demonstrate, how do you leverage existing standards, existing frameworks to be able to enhance visibility?” Pascoe stated. “How do you build an architecture using commercially available technologies that you can buy off the shelf to be able to enhance visibility within your environments? Maybe we’ll be looking at how to use AI to be able to enhance that as well, depending on what the community’s interests are.”
NIST advances AI safety efforts
The NCCoE has additionally been increasing its work on AI safety. The middle is at present reviewing feedback on plans to develop a “Cybersecurity Framework Profile for AI.”
“This is taking the NIST cybersecurity framework and enterprise based risk management framework and tailoring it to identify the unique challenges associated with AI,” Pascoe stated. “Securing AI is one pillar, another is the use of AI for cybersecurity. And our third pillar looking at what an organization can do to be able to defend yourself against AI enabled threats.”
Pascoe stated NIST’s safe software program growth consortium can be reviewing how AI is more and more getting used to develop and assessment software program merchandise.
In the meantime, the NCCoE can be reviewing suggestions on an “Accelerating the Adoption of Software and AI Agent Identity and Authorization” idea paper. The objective is to assist organizations securely handle AI brokers which are more and more being rolled out by firms and different enterprises.
NIST’s Heart for AI Requirements and Innovation in February additionally launched an “AI Agent Standards Initiative.” CAISI’s press launch says suggestions on the AI agent id and authorization idea paper is informing its work on the general requirements initiative.
“I’m very optimistic when it comes to AI for cybersecurity and want to continue working with the community to be able to develop guidance, to securely use AI going forward,” Pascoe stated.
Copyright
© 2026 Federal Information Community. All rights reserved. This web site will not be supposed for customers situated throughout the European Financial Space.
