NIST's National Cybersecurity Center of Excellence (NCCoE) announced plans to launch a cross-sector operational technology (OT) visibility initiative, identifying asset management as the most pressing cybersecurity challenge reported across critical infrastructure sectors. NCCoE Director Cherilyn Pascoe made the announcement on April 16, 2026, at GovCIO's "CyberScape" conference in Arlington, Va.
Background
Pascoe said the NCCoE is launching the OT cybersecurity project after working on several sector-specific critical infrastructure efforts. The center has recently worked on a water and wastewater cybersecurity project and released a draft document to help transit agencies implement NIST's cybersecurity framework, among other initiatives. The new effort marks a shift from vertical-specific guidance to a unified, cross-sector approach.
The project comes amid longstanding concerns about hackers targeting OT environments to physically disrupt critical infrastructure systems. The Cybersecurity and Infrastructure Security Agency last year joined several other U.S. and international cyber agencies in urging critical infrastructure organizations to inventory their OT assets. Despite those calls, the baseline problem persists at scale. "I would say we need to start even at the very beginning," said Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, during a House Homeland Security Committee hearing last year. "Most sectors have not done an OT asset inventory. So they don't even know what they have."
The NCCoE's January 2026 Project Portfolio had already identified OT asset management as a priority area. "Asset management within OT networks can be particularly challenging due to multiple factors: legacy system limitations, geographically distributed assets, diverse communication protocols and architectures, and operational constraints," the center stated in that document.
Details
Speaking at the CyberScape conference, Pascoe said the NCCoE held multiple conversations with different critical infrastructure sectors about their biggest challenges. "And across the board, the largest challenge that came up was asset management, asset visibility."
The project will demonstrate "how to do asset visibility in an OT environment," Pascoe said. She confirmed NIST would launch a consortium with industry and government agencies to advance the effort. The consortium model mirrors how the NCCoE has structured prior initiatives, including its energy-sector asset management guide (NIST SP 1800-23), which demonstrated automated OT asset discovery for electricity operators.
Based on stakeholder input, the NCCoE plans to launch a technology demonstration providing practical guidelines for achieving and maintaining OT cybersecurity, starting with asset management. This work will help organizations establish the foundation to support risk assessments and implement modern security controls, guided by OT-specific challenges.
The project's scope extends to commercially available tooling. "Our hope is to be able to demonstrate, how do you leverage existing standards, existing frameworks to be able to enhance visibility?" Pascoe said. "How do you build an architecture using commercially available technologies that you can buy off the shelf to be able to enhance visibility within your environments?" The initiative may also explore the use of AI to enhance visibility, depending on community interest.
The OT visibility initiative is part of the NCCoE's 2026 priorities, structured around four pillars: data protection, trusted enterprise, artificial intelligence, and resilient embedded systems. The effort also aligns with the NCCoE's ongoing overhaul of NIST SP 800-82, its foundational OT security guide. NIST has proposed broadening that revision to cover behavioral anomaly detection, digital twins, the Internet of Things, artificial intelligence, machine learning, zero trust, cloud, 5G and advanced wireless, and edge computing.
Outlook
In 2026, the NCCoE plans to release a project description for public comment and invite collaborators to participate. The effort aims to help organizations build a stronger foundation for OT-specific risk assessments and modern security control implementation. For manufacturers and critical infrastructure operators-particularly those with limited cybersecurity resources-the forthcoming consortium call represents an opportunity to contribute sector-specific requirements to guidance expected to inform industry benchmarks and future regulatory standards. Organizations that have previously engaged with the NCCoE's 5G cybersecurity practice guides or energy-sector asset management project may find early alignment with the new initiative's scope.
