NIST's National Cybersecurity Center of Excellence (NCCoE) has announced a cross-sector operational technology (OT) visibility project targeting asset discovery and threat detection gaps across critical infrastructure. NCCoE Director Cherilyn Pascoe cited asset management as the most pressing challenge identified through consultations with multiple infrastructure sectors. The announcement came on April 16, 2026, at GovCIO's "CyberScape" conference in Arlington, Virginia, and marks the center's first coordinated, sector-agnostic approach to OT visibility after years of single-sector engagements.
Background
The NCCoE is launching the OT project after completing several sector-specific cybersecurity engagements, including a water and wastewater cybersecurity project and guidance for transit agencies implementing NIST's Cybersecurity Framework. Those efforts, while practical within their sectors, produced guidance that did not readily transfer across industries facing shared OT infrastructure challenges.
Many organizations, particularly smaller utilities, lack a comprehensive inventory of their OT assets, hindering their ability to defend against nation-state attacks. Pascoe noted that visibility is especially difficult in industrial control systems due to legacy equipment and distributed environments.
The initiative arrives alongside a parallel regulatory development. In January 2026, NIST initiated a pre-draft revision of Special Publication 800-82, Guide to Operational Technology (OT) Security, opening a public comment period through February 23, 2026. The revision is intended to incorporate lessons learned, align with the Cybersecurity Framework 2.0 and NIST SP 800-53 Rev. 5.2.0, and address changes in the OT threat landscape. NIST is also considering expanding guidance to cover additional OT system types such as building automation, transit, and maritime systems, and broadening its treatment of technologies including behavioral anomaly detection, digital twins, AI, machine learning, zero trust, and edge computing.
Project Objectives and Structure
NIST plans to form a consortium with industry and government agencies to advance the OT visibility project. The goal is to demonstrate how existing standards and frameworks can enhance visibility and how commercially available, off-the-shelf technologies can support underlying architectures. The center is also evaluating AI's potential role in improving visibility, contingent on community input.
The project aims to provide foundational guidance on identifying OT components in complex industrial control system environments. Deliverables are expected to follow the NCCoE's standard practice guide format. Working with technology partners ranging from large vendors to smaller cybersecurity specialists, the NCCoE develops modular, adaptable example solutions documented in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details replication steps.
The project is intended to address threats to OT environments across critical infrastructure, including risks posed by advances in artificial intelligence. Consortium participants will be recruited through an open call process typical of NCCoE engagements, with organizations submitting capabilities in response to a Federal Register notice and signing Cooperative Research and Development Agreements (CRADAs) to collaborate with NIST on building example solutions.
Outlook
The resulting practice guide is expected to address the full identification-to-detection lifecycle-from initial asset discovery through continuous monitoring and anomaly alerting-in a form applicable across manufacturing, energy, and utility environments. While NIST's OT security publications are not regulatory, SP 800-82 and related NCCoE guidance are frequently referenced in sector audits, compliance programs, and internal security frameworks across energy, water, manufacturing, and transportation industries. The cross-sector design of the visibility project positions its outputs to inform compliance alignment and procurement decisions well beyond any single vertical.
