The U.S. National Institute of Standards and Technology's National Cybersecurity Center of Excellence (NCCoE) has announced a new operational technology (OT) visibility project aimed at standardizing asset discovery and real-time monitoring across critical infrastructure sectors. The initiative was disclosed by NCCoE Director Cherilyn Pascoe on April 16 at GovCIO's "CyberScape" conference in Arlington, Virginia, and marks a shift from sector-specific guidance toward a cross-industry baseline for OT network visibility.
Background
Pascoe said the NCCoE is launching the OT cybersecurity project after working on several sector-specific critical infrastructure efforts. The center has in recent years completed a water and wastewater cybersecurity project and released a draft document to help transit agencies implement NIST's cybersecurity framework. The new project represents a deliberate departure from that sectoral approach: after consulting with representatives from multiple critical infrastructure sectors, Pascoe said the most consistent challenge was asset management and asset visibility.
The initiative arrives amid sustained regulatory momentum. In August 2025, CISA, in partnership with the NSA, FBI, EPA, and cybersecurity authorities from Australia, Canada, Germany, the Netherlands, and New Zealand, released joint guidance to help OT owners and operators across all critical infrastructure sectors create and maintain comprehensive OT asset inventories and taxonomies. That guidance was published in advance of upcoming cyber incident reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) in the United States and the NIS2 Directive in the European Union.
Despite the growing body of guidance, asset inventorying remains a persistent gap. Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, told a House Homeland Security Committee hearing that most critical infrastructure sectors have not completed an OT asset inventory - and therefore do not know what they have.
Project Scope and Technical Approach
The new NCCoE project will demonstrate "how to do asset visibility in an OT environment," according to Pascoe. The project is designed to go beyond theoretical guidance: NCCoE's stated goal is to show how existing standards and frameworks can enhance visibility and how an architecture built with commercially available, off-the-shelf technologies can achieve that within industrial environments.
The NCCoE's existing sector-specific work, documented in NIST SP 1800-23, provides a template for the technical approach. Prior NCCoE asset management demonstrations addressed the ability to discover network-connected assets, identify and capture asset attributes such as manufacturer, model, operating system, IP and MAC addresses, protocols, patch-level data, and firmware versions, as well as continuous monitoring and alerting for newly connected or disconnected devices.1DigiCert Collaborates with NIST NCCoE to Strengthen Software Supply Chain and DevSecOps The new cross-sector project is expected to extend this methodology to the full range of industrial environments, including manufacturing, utilities, and transportation.
OT environments can host thousands of sensors, programmable logic controllers (PLCs), drives, and field devices - some decades old and communicating via protocols that modern IT scanning tools do not parse well, such as Modbus RTU or Profibus. These legacy devices are vulnerable to missing patches or running on default credentials. Passive network monitoring techniques, which tap into OT communications without disrupting operations, are expected to remain central to the architecture given the sensitivity of live production environments.
The NCCoE's January 2026 project portfolio confirmed plans to publish a project description for public feedback in 2026 and invite industry collaborators to support the effort. Based on stakeholder input, the NCCoE intends to provide practical guidelines for achieving and maintaining OT cybersecurity, starting with asset management, to help organizations establish a foundation for risk assessments and implement modern security controls.
Consortium Model and Outlook
Pascoe said NIST would form a consortium with industry and government agencies to advance the OT visibility project. The NCCoE's standard engagement model requires collaborating vendors to sign Cooperative Research and Development Agreements (CRADAs), enabling them to contribute hardware, software, and expertise while working alongside federal staff in the center's lab environment. The NCCoE selects issues that affect an entire sector or span multiple sectors, then assembles a team from cybersecurity technology companies, other federal agencies, and academia to build reference solutions using commercially available, off-the-shelf products.
Pascoe also indicated that AI-assisted methods for enhancing OT visibility may be explored as part of the project, depending on community interest.
Under CIRCIA and the NIS2 Directive, covered entities will need not only visibility over their OT assets but also the ability to determine whether a cyber incident affecting those assets meets the threshold for mandatory reporting. The NCCoE's initiative is positioned to provide the standardized technical architecture that operators across sectors will need to meet those obligations as regulatory deadlines approach.
