Visibility is difficult in OT and industrial control system environments. A new NIST cybersecurity project aims to help address those challenges.
The National Institute of Standards and Technology’s cybersecurity hub is organizing a new project focused on helping critical infrastructure organizations gain better visibility into their operational technology environments.
Cherilyn Pascoe, director of NIST’s National Cybersecurity Center of Excellence, said the NCCoE is launching the OT cybersecurity project after working on several efforts related to specific critical infrastructure sectors.
The center in recent years has worked on a water and wastewater cybersecurity project, and more recently, it released a draft document to help transit agencies implement NIST’s cybersecurity framework, among many other initiatives.
“We started to think about, let’s step back. Let’s think about, what is the one project that we could run,” Pascoe said April 16 at GovCIO’s “CyberScape” conference in Arlington, Va. “We had several conversations with different critical infrastructure sectors and asked them, ‘What are your biggest challenges?’ And across the board, the largest challenge that came up was asset management, asset visibility.”
Join us April 29 & 30 for Federal News Network's AI & Data Exchange where government and industry leaders will discuss how agencies are using AI for impact — and what's standing in the way. Register today!
The OT cybersecurity project will be a “foundational topic,” Pascoe said.
“It certainly does not mean that it is an easy topic,” she added. “Especially in OT and industrial control system environments, visibility is very difficult. You’re dealing with legacy systems, distributed environments.”
The new project will demonstrate “how to do asset visibility in an OT environment,” Pascoe said.
The NIST project comes amid longstanding concerns about hackers targeting OT environments to physically disrupt critical infrastructure systems. The Cybersecurity and Infrastructure Security Agency last year joined with several other U.S. and international cyber agencies in urging critical infrastructure organizations to inventory their OT assets.
Cyber experts have routinely warned that critical infrastructure organizations, especially smaller water utilities and others with fewer resources, need help increasing their cyber defenses against nation-state attacks.
“I would say we need to start even at the very beginning,” Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, said during a House Homeland Security Committee hearing last year. “Most sectors have not done an OT asset inventory. So they don’t even know what they have.”
More recently, advances in artificial intelligence have sparked concerns that hackers will be able to use offensive AI tools to quickly uncover cyber vulnerabilities in critical systems.
Sign up for our daily newsletter so you never miss a beat on all things federal
Pascoe said NIST would be launching a consortium with industry and government agencies to move the OT visibility project forward.
“Our hope is to be able to demonstrate, how do you leverage existing standards, existing frameworks to be able to enhance visibility?” Pascoe said. “How do you build an architecture using commercially available technologies that you can buy off the shelf to be able to enhance visibility within your environments? Maybe we’ll be looking at how to use AI to be able to enhance that as well, depending on what the community’s interests are.”
The NCCoE has also been expanding its work on AI security. The center is currently reviewing comments on plans to develop a “Cybersecurity Framework Profile for AI.”
“This is taking the NIST cybersecurity framework and enterprise based risk management framework and tailoring it to identify the unique challenges associated with AI,” Pascoe said. “Securing AI is one pillar, another is the use of AI for cybersecurity. And our third pillar looking at what an organization can do to be able to defend yourself against AI enabled threats.”
Pascoe said NIST’s secure software development consortium is also reviewing how AI is increasingly being used to develop and review software products.
Meanwhile, the NCCoE is also reviewing feedback on an “Accelerating the Adoption of Software and AI Agent Identity and Authorization” concept paper. The goal is to help organizations securely manage AI agents that are increasingly being rolled out by corporations and other enterprises.
NIST’s Center for AI Standards and Innovation in February also launched an “AI Agent Standards Initiative.” CAISI’s press release says feedback on the AI agent identity and authorization concept paper is informing its work on the overall standards initiative.
“I’m very optimistic when it comes to AI for cybersecurity and want to continue working with the community to be able to develop guidance, to securely use AI going forward,” Pascoe said.
Read more: Cybersecurity
Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Follow @jdoubledayWFED
