Through its National Cybersecurity Center of Excellence (NCCoE), NIST will focus on one of the most persistent challenges across critical infrastructure sectors: organizations often don’t know what OT assets they actually have, where they are, or how they’re connected. This gap is especially acute in legacy and industrial control system (ICS) environments that were never designed with cybersecurity in mind.
After engaging with multiple critical infrastructure sectors, NIST found a common theme: asset management and visibility are the biggest barriers to securing OT environments. The new project will serve as a foundational effort, demonstrating practical ways to achieve OT asset visibility using existing standards, frameworks, and commercially available tools, rather than introducing yet another compliance checkbox.
The urgency is real. OT environments remain prime targets for cyber‑physical attacks, and many sectors, particularly smaller utilities, still haven’t completed even a basic OT asset inventory. Without visibility, risk management, threat detection, and incident response all break down.
The takeaway: before advanced controls, AI, or Zero Trust discussions, OT security starts with knowing what you own and operate. This NIST initiative is a critical step toward making OT cybersecurity measurable, repeatable, and achievable across critical infrastructure.