Attacks and Vulnerabilities
Building Management Systems
Critical infrastructure
ICS Security Framework
Industries
Manufacturing
Mining, Oil & Gas
News
NIST
Pharma
Regulation, Standards and Compliance
Technology & Solutions
Transportation
Utilities: Energy & Power, Water, Waste

NIST’s NCCoE hub releases cybersecurity guide for the manufacturing sector

October 01, 2021
cybersecurity guide

The National Cybersecurity Center of Excellence (NCCoE) has released a draft cybersecurity guide that aims to protect information and system integrity in industrial control system (ICS) environments, and offer cybersecurity for the manufacturing sector. The guide contains four different example solutions applicable to a range of manufacturing environments, focusing on discrete and continuous manufacturing processes. It also covers example solutions for manufacturing environments that include application allow listing, behavior anomaly detection (BAD), file integrity, user authentication and authorization, and remote access.

To address the cybersecurity challenges facing the manufacturing sector, the NCCoE, a wing of the National Institute of Standards and Technology (NIST) launched a project in alliance with NIST’s Engineering Laboratory (EL) and cybersecurity technology providers. The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. It is proposing a project to provide practical case studies to help manufacturers protect their ICS from data integrity attacks, and the project team will consider each comment to further strengthen the usefulness of the cybersecurity guide.

The NCCoE cybersecurity guide can help organizations mitigate cybersecurity risk, reduce downtime to operations, provide a reliable environment that can detect cyber anomalies, respond to security alerts through automated cybersecurity-event products, develop and execute an OT cybersecurity strategy for which continuous OT cybersecurity monitoring is a foundational building block and implements current cybersecurity standards and best practices.

The NIST Cybersecurity Practice Guides (Special Publication 1800 series) specifically target the cybersecurity challenges in the public and private sectors. They are practical, user-friendly guides that facilitate the adoption of standards-based approaches to cybersecurity. They show members how to implement example solutions that help them align more easily with relevant standards and best practices, and provide users with the materials lists, configuration files, and other information they need to implement a similar approach.

The NCCoE project team will leverage the NIST’s EL to provide a comprehensive approach that manufacturing organizations can use to address the challenge of protecting ICS against data integrity attacks by leveraging behavioral anomaly detection, security incident and event monitoring, ICS application white-listing, malware detection and mitigation, change control management, user authentication and authorization, access control least privilege, and file-integrity checking mechanisms.

The cybersecurity guide makes three assumptions. Firstly, each solution is made up of several readily available products. The modularity of the solutions might allow organizations to consider swapping one or more products, depending on their specific requirements. Secondly, a cybersecurity stakeholder might implement all or part of a solution in a manner that is compatible with their existing environment. Thirdly, organizations will test and evaluate the compatibility of the solutions with their ICS devices before production implementation and deployment.

“As OT and IT systems become increasingly interconnected, manufacturers have become a major target of more widespread and sophisticated cybersecurity attacks, which can disrupt these processes and cause damage to equipment and/or injuries to workers,” according to the draft of the NIST cybersecurity guide. “Furthermore, these incidents could significantly impact productivity and raise operating costs, depending on the extent of a cyber attack,” it added.

The goal of this NIST Cybersecurity Practice Guide is to help organizations protect the integrity of systems and information by securing historical system data, preventing execution or installation of unapproved software, detecting anomalous behavior on the network, identifying hardware, software, or firmware modifications, enabling secure remote access, and authenticating and authorizing users. As manufacturing organizations rely on ICS to conduct their operations, they are increasingly facing more frequent, sophisticated cyber-attacks, making manufacturing the second-most-targeted industry.

The cybersecurity guide provides a detailed description of how each solution was implemented and what technologies were used to achieve the goals across four example builds. Various scenarios have been used to demonstrate the efficacy of the solutions. Manufacturing organizations that rely on ICS can adopt the cybersecurity guide to safeguard their information and system integrity from destructive malware, insider threats, unauthorized software, unauthorized remote access, loss of historical data, anomalies network traffic, and unauthorized modification of systems.

The draft of the cybersecurity guide outlines architecture and solutions that are built upon standards-based, commercially available products, and represents some of the possible solutions. The NIST Cybersecurity Practice Guide SP 1800-10, ‘Protecting Information and System Integrity in Industrial Control System Environments’ is open for public comment until Nov. 7.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
House Energy and Commerce Committee members seek answers from UnitedHealth on Change healthcare cyberattack
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
CISA announces Cyber Storm IX cybersecurity exercise to strengthen national cyber readiness
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
New NSA guidance identifies need to update AI systems to address changing risks, bolster security
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow's emergency detection systems
Claroty’s Team82 details cyber attack by Blackjack hackers on Moscow’s emergency detection systems