The National Cybersecurity Center of Excellence (NCCoE) has released a draft cybersecurity guide that aims to protect information and system integrity in industrial control system (ICS) environments, and offer cybersecurity for the manufacturing sector. The guide contains four different example solutions applicable to a range of manufacturing environments, focusing on discrete and continuous manufacturing processes. It also covers example solutions for manufacturing environments that include application allow listing, behavior anomaly detection (BAD), file integrity, user authentication and authorization, and remote access.
To address the cybersecurity challenges facing the manufacturing sector, the NCCoE, a wing of the National Institute of Standards and Technology (NIST) launched a project in alliance with NIST’s Engineering Laboratory (EL) and cybersecurity technology providers. The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. It is proposing a project to provide practical case studies to help manufacturers protect their ICS from data integrity attacks, and the project team will consider each comment to further strengthen the usefulness of the cybersecurity guide.
The NCCoE cybersecurity guide can help organizations mitigate cybersecurity risk, reduce downtime to operations, provide a reliable environment that can detect cyber anomalies, respond to security alerts through automated cybersecurity-event products, develop and execute an OT cybersecurity strategy for which continuous OT cybersecurity monitoring is a foundational building block and implements current cybersecurity standards and best practices.
The NIST Cybersecurity Practice Guides (Special Publication 1800 series) specifically target the cybersecurity challenges in the public and private sectors. They are practical, user-friendly guides that facilitate the adoption of standards-based approaches to cybersecurity. They show members how to implement example solutions that help them align more easily with relevant standards and best practices, and provide users with the materials lists, configuration files, and other information they need to implement a similar approach.
The NCCoE project team will leverage the NIST’s EL to provide a comprehensive approach that manufacturing organizations can use to address the challenge of protecting ICS against data integrity attacks by leveraging behavioral anomaly detection, security incident and event monitoring, ICS application white-listing, malware detection and mitigation, change control management, user authentication and authorization, access control least privilege, and file-integrity checking mechanisms.
The cybersecurity guide makes three assumptions. Firstly, each solution is made up of several readily available products. The modularity of the solutions might allow organizations to consider swapping one or more products, depending on their specific requirements. Secondly, a cybersecurity stakeholder might implement all or part of a solution in a manner that is compatible with their existing environment. Thirdly, organizations will test and evaluate the compatibility of the solutions with their ICS devices before production implementation and deployment.
“As OT and IT systems become increasingly interconnected, manufacturers have become a major target of more widespread and sophisticated cybersecurity attacks, which can disrupt these processes and cause damage to equipment and/or injuries to workers,” according to the draft of the NIST cybersecurity guide. “Furthermore, these incidents could significantly impact productivity and raise operating costs, depending on the extent of a cyber attack,” it added.
The goal of this NIST Cybersecurity Practice Guide is to help organizations protect the integrity of systems and information by securing historical system data, preventing execution or installation of unapproved software, detecting anomalous behavior on the network, identifying hardware, software, or firmware modifications, enabling secure remote access, and authenticating and authorizing users. As manufacturing organizations rely on ICS to conduct their operations, they are increasingly facing more frequent, sophisticated cyber-attacks, making manufacturing the second-most-targeted industry.
The cybersecurity guide provides a detailed description of how each solution was implemented and what technologies were used to achieve the goals across four example builds. Various scenarios have been used to demonstrate the efficacy of the solutions. Manufacturing organizations that rely on ICS can adopt the cybersecurity guide to safeguard their information and system integrity from destructive malware, insider threats, unauthorized software, unauthorized remote access, loss of historical data, anomalies network traffic, and unauthorized modification of systems.
The draft of the cybersecurity guide outlines architecture and solutions that are built upon standards-based, commercially available products, and represents some of the possible solutions. The NIST Cybersecurity Practice Guide SP 1800-10, ‘Protecting Information and System Integrity in Industrial Control System Environments’ is open for public comment until Nov. 7.