Search CSRC

Abstract: This guide provides general implementation guidance (Volume 1) and example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CS...

Abstract: This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in process-based manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Impa...

Abstract: This guide provides example proof-of-concept solutions demonstrating how available open-source and commercial off-the-shelf (COTS) products could be implemented in discrete-based manufacturing environments to satisfy the requirements in the Cybersecurity Framework (CSF) Manufacturing Profile Low Sec...

Abstract: This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing s...

Abstract: This document provides the Cybersecurity Framework (CSF) implementation details developed for the manufacturing environment. The "Manufacturing Profile" of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing s...

Abstract: This report provides background information and analysis in support of NISTIR 8074 Volume 1, "Interagency Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity." It provides a current summary of ongoing activities in critical int...

Abstract: This interagency report sets out proposed United States Government (USG) strategic objectives for pursuing the development and use of international standards for cybersecurity and makes recommendations to achieve those objectives. The recommendations cover interagency coordination, collaboration wit...

Abstract: Direct Digital Manufacturing (DDM) involves fabricating physical objects from a data file using computer-controlled processes with little to no human intervention. It includes Additive Manufacturing (AM), 3D printing, rapid prototyping, etcetera. The technology is advancing rapidly and has the poten...

Conference: 7th International Workshop on Critical Information Infrastructures Security (CRITIS 2012) Abstract: Prevention, detection and response are nowadays considered to be three priority topics for protecting critical infrastructures, such as energy control systems. Despite attempts to address these current issues, there is still a particular lack of investigation in these areas, and in particular in dyn...

Abstract: In today’s cloud data centers and edge computing, attack surfaces have shifted and, in some cases, significantly increased. At the same time, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computi...

Abstract: In today’s cloud data centers and edge computing, attack surfaces have significantly increased, cyber attacks are industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the pla...

Abstract: In today’s cloud data centers and edge computing, attack surfaces have significantly increased, hacking has become industrialized, and most security control implementations are not coherent or consistent. The foundation of any data center or edge computing security strategy should be securing the pl...

Abstract: Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zer...

Conference: Evaluation and Assessment in Software Engineering (EASE) Abstract: Combinatorial interaction testing (CIT) is a well-known technique, but industrial experience is needed to determine its effectiveness in different application domains. We present a case study introducing a unified framework for generating, executing and verifying CIT test suites, based on the open-s...

Abstract: Through direct dialogue between NCCoE staff and members of the energy sector (composed mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high level of visibility into their operating environ...

Journal: ACM Computing Surveys Abstract: Monitoring the “physics” of cyber-physical systems to detect attacks is a growing area of research. In its basic form, a security monitor creates time-series models of sensor readings for an industrial control system and identifies anomalies in these measurements to identify potentially false contro...

Conference: 2nd Annual Industrial Control System Security Workshop (ICSS '16), 2016 Annual Computer Security Applications Conference Abstract: Defense-in-depth is an important security architecture principle that has significant application to industrial control systems (ICS), cloud services, storehouses of sensitive data, and many other areas. We claim that an ideal defense-in-depth posture is 'deep', containing many layers of security, a...

Journal: Computer (IEEE Computer) Abstract: Industrial Internet of Things (IoT) is a distributed network of smart sensors that enables precise control and monitoring of complex processes over arbitrary distances. The concept of Internet of Things ... is that every object in the Internet infrastructure is interconnected into a global dynamic e...

Journal: Computer (IEEE Computer) Abstract: The strength of cryptographic keys is an active challenge in academic research and industrial practice. In this paper we discuss the entropy as fundamentally important concept for generating hard-to-guess, i.e., strong, cryptographic keys and outline the difficulties in generating and estimating the...

Abstract: In order to protect power generation, transmission and distribution, energy companies need to be able to control physical and logical access to their resources, including buildings, equipment, information technology and industrial control systems (ICS). They must be able to authenticate the individu...

Abstract: This publication revises NIST SP 800-53 Revision 1 by adding specific guidance on the application of security controls to Industrial Control Systems (ICS). That ICS-specific guidance is contained in Appendix I, and addresses the following: Tailoring guidance; Security control enhancements; Supplemen...