[Project Description] Detecting and Protecting Against Data Integrity Attacks in Industrial Control Systems Environments: Cybersecurity for the Manufacturing Sector (Draft)

Stouffer, Keith; Tang, CheeYee; Zimmerman, Timothy; Powell, Michael; McCarthy, James; Ogunyale, Titilayo; Acierto, Lauren; Danley, Lura

White Paper (Draft)

Obsoleted on February 07, 2020 by [Project Description] Protecting Information and System Integrity in Industrial Control Systems Environments: Cybersecurity for the Manufacturing Sector.

[Project Description] Detecting and Protecting Against Data Integrity Attacks in Industrial Control Systems Environments: Cybersecurity for the Manufacturing Sector

Documentation Topics

Date Published: June 2019
Comments Due: July 25, 2019 (public comment period is CLOSED)
Email Questions to: manufacturing_nccoe@nist.gov

Author(s)

Keith Stouffer (NIST), CheeYee Tang (NIST), Timothy Zimmerman (NIST), Michael Powell (NIST), James McCarthy (NIST), Titilayo Ogunyale (MITRE), Lauren Acierto (MITRE), Lura Danley (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST, in conjunction with NIST's Engineering Laboratory (EL) and industry collaborators, is seeking comments on a draft project description for securing manufacturing control systems. It will highlight how manufacturing organizations can take a comprehensive approach to enhancing the security of their industrial control systems (ICS) by leveraging the following cybersecurity capabilities:

behavioral anomaly detection,
security incident and event monitoring,
industrial control system application whitelisting,
malware detection and mitigation,
change control management,
user authentication and authorization,
access control least privilege, and
file integrity-checking mechanisms.

The solution will use security controls that map to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a publicly-available NIST Cybersecurity Practice Guide (SP 1800 series) and will document an approach that organizations can use to strengthen the integrity of their data against destructive malware, insider threats, and unlicensed software within manufacturing environments that rely on ICS.

Abstract

Manufacturing organizations that rely on industrial control systems (ICS) to monitor and control physical processes that produce goods for public consumption are facing an increasing number of cyber attacks. The U.S. Department of Homeland Security reports that the manufacturing industry is the second most targeted industry, based on the number of reported cyber attacks. Given how critical ICS are to operations, cyber attacks against ICS devices present a real threat to safety and production, which can result in damaging economic impact to a manufacturing organization.

The NCCoE in the Information Technology Laboratory, in conjunction with the NIST Engineering Laboratory (EL), and industry collaborators will highlight how an organization can take a comprehensive approach to securing ICS within the manufacturing sector by leveraging the following cybersecurity capabilities: behavioral anomaly detection, security incident and event monitoring, ICS application white-listing, malware detection and mitigation, change control management, user authentication and authorization, access control least privilege, and file integrity-checking mechanisms.

The goal of this project is to demonstrate an example solution that protects the integrity of data from destructive malware, insider threats, and unlicensed software within manufacturing environments that rely on ICS. The EL and the NCCoE will map the security characteristics to the NIST Cybersecurity Framework, the National Initiative for Cybersecurity Education Framework, and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and will provide standards-based security controls for manufacturers. Additionally, NIST will implement each of the listed capabilities in two distinct but related existing lab settings: a robotics-based manufacturing workcell and a process control system that resembles what is being used by chemical manufacturing industries. This project will result in a freely available NIST Cybersecurity Practice Guide.

Hide full abstract

Keywords

access control least privilege; application whitelisting; behavioral anomaly detection; change control management; Cybersecurity Framework; file integrity checking mechanisms; industrial control systems; malware detection and mitigation; manufacturing; security incident and event monitoring; unauthorized software

Control Families

None selected

Documentation

Publication:
Project Description

Supplemental Material:
Submit Comments (other)
Project homepage (other)

Document History:
06/12/19: White Paper (Draft)
02/07/20: White Paper (Final)

Topics

Security and Privacy
continuous monitoring; intrusion detection & prevention; malware; security automation

Technologies
software & firmware

Applications
industrial control systems

Laws and Regulations
E-Government Act; Federal Information Security Modernization Act

Sectors
manufacturing