Manufacturing organizations that rely on industrial control systems (ICS) to monitor and control physical processes that produce goods for public consumption are facing an increasing number of cyber attacks. The U.S. Department of Homeland Security reports that the manufacturing industry is the second most targeted industry, based on the number of reported cyber attacks. Given how critical ICS are to operations, cyber attacks against ICS devices present a real threat to safety and production, which can result in damaging economic impact to a manufacturing organization.
The NCCoE part of NIST’s Information Technology Laboratory, in conjunction with the NIST Engineering Laboratory (EL) and industry collaborators, will highlight how an organization can take a comprehensive approach to securing ICS within the manufacturing sector by leveraging the following cybersecurity capabilities: behavioral anomaly detection, security incident and event monitoring, ICS application whitelisting, malware detection and mitigation, change control management, user authentication and authorization, access control least privilege, and file-integrity-checking mechanisms.
The goal of this project is to demonstrate an example solution that protects the integrity of data from destructive malware, insider threats, and unauthorized software within manufacturing environments that rely on ICS. The EL and the NCCoE will map the security characteristics to the NIST Cybersecurity Framework; the National Initiative for Cybersecurity Education Framework; and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and will provide standards-based security controls for manufacturers. Additionally, NIST will implement each of the listed capabilities in two distinct but related existing lab settings: a discrete-based manufacturing workcell and a process control system that resembles what is being used by chemical manufacturing industries. This project will result in a freely available NIST Cybersecurity Practice Guide.
Manufacturing organizations that rely on industrial control systems (ICS) to monitor and control physical processes that produce goods for public consumption are facing an increasing number of cyber attacks. The U.S. Department of Homeland Security reports that the manufacturing industry is the...
See full abstract
Manufacturing organizations that rely on industrial control systems (ICS) to monitor and control physical processes that produce goods for public consumption are facing an increasing number of cyber attacks. The U.S. Department of Homeland Security reports that the manufacturing industry is the second most targeted industry, based on the number of reported cyber attacks. Given how critical ICS are to operations, cyber attacks against ICS devices present a real threat to safety and production, which can result in damaging economic impact to a manufacturing organization.
The NCCoE part of NIST’s Information Technology Laboratory, in conjunction with the NIST Engineering Laboratory (EL) and industry collaborators, will highlight how an organization can take a comprehensive approach to securing ICS within the manufacturing sector by leveraging the following cybersecurity capabilities: behavioral anomaly detection, security incident and event monitoring, ICS application whitelisting, malware detection and mitigation, change control management, user authentication and authorization, access control least privilege, and file-integrity-checking mechanisms.
The goal of this project is to demonstrate an example solution that protects the integrity of data from destructive malware, insider threats, and unauthorized software within manufacturing environments that rely on ICS. The EL and the NCCoE will map the security characteristics to the NIST Cybersecurity Framework; the National Initiative for Cybersecurity Education Framework; and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and will provide standards-based security controls for manufacturers. Additionally, NIST will implement each of the listed capabilities in two distinct but related existing lab settings: a discrete-based manufacturing workcell and a process control system that resembles what is being used by chemical manufacturing industries. This project will result in a freely available NIST Cybersecurity Practice Guide.
Hide full abstract
