Critical infrastructure
IT/OT Collaboration
Manufacturing
News
NIST
Risk & Compliance
Threat Landscape
Vendors
Vulnerabilities

NCCoE rolls out cybersecurity plan for manufacturing sector to protect information, system integrity in ICS environments

March 17, 2022
NCCoE rolls out cybersecurity plan for manufacturing sector to protect information, system integrity in ICS environments

The National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) introduced on Wednesday a document in collaboration with NIST’s Engineering Laboratory (EL) and cybersecurity technology providers that addresses cybersecurity challenges facing the manufacturing sector. The document offers data-driven insights and is based on lab-tested analysis of several essential manufacturing system testbeds. 

Nine vendors have aligned with the NCCoE to pull together the guide titled ‘NIST Special Publication (SP) 1800-10, Protecting Information and System Integrity in Industrial Control System Environments.’ The document offers vetted information and guidance on ways manufacturers can strengthen operational technology (OT) systems to mitigate ICS integrity risks and protect the data these systems process.

The proposal has built example solutions that manufacturing organizations can use to mitigate ICS (industrial control system) integrity risks, strengthen the cybersecurity of OT systems, and protect the data that these systems process, the NCCoE said in the document. It will also help organizations develop and implement example solutions that demonstrate how manufacturing organizations can protect the integrity of their data from destructive malware, insider threats, and unauthorized software within manufacturing environments that rely on ICS. 

Divided into three parts, the first section, volume A, consists of the executive summary, which provides an overview of the major pain points and business justifications for why an organization needs to take the following steps in maturing manufacturing cybersecurity. Volume B is the approach, architecture, and security characteristics section that identifies categories, the trade-offs of different approaches, and various risk considerations. Finally, volume C presents the How-To Guides delivering a comprehensive understanding of how they can obtain maximum value from the investments by providing specific technical implementation details.

The NCCoE guide is meant for individuals or entities responsible for the cybersecurity of ICS and for those interested in understanding information and system integrity capabilities for OT. It also analyzes how one approaches the implementation of an architecture, and deep-dives into the security capabilities involved in protecting information and system integrity in ICS environments. The capabilities are implemented using commercially available third-party and open source solutions that provide application allowlisting, behavioral anomaly detection (BAD), file integrity checking, user authentication and authorization, and remote access.

The manufacturing industry is critical to the nation’s economic well-being and is constantly seeking ways to modernize its systems, boost productivity, and raise efficiency. As a result, manufacturers are modernizing their OT systems to meet these goals by making them more interconnected and integrated with other IT systems and introducing automated methods to strengthen their overall OT asset management capabilities.

As OT and IT systems become increasingly interconnected, manufacturers have become a significant target of more widespread and sophisticated cybersecurity attacks, which can disrupt these processes and cause damage to equipment and/or injuries to workers. Furthermore, these incidents could significantly impact productivity and raise operating costs, depending on the extent of a cyber attack. 

The integration of IT and OT networks help manufacturers boost productivity and gain efficiencies, as it has also provides hackers, including nation states, common criminals, and insider threats a fertile landscape where they can exploit cybersecurity vulnerabilities and compromise the integrity of ICS and ICS data to reach their end goal. The motivations behind these attacks can range from degrading manufacturing capabilities to financial gain and causing reputational harm. Once hackers gain access, they can harm an organization by compromising data or system integrity, holding ICS and/or OT systems ransom, damaging ICS machinery, or causing physical injury to workers. 

Collaborators participating in the project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry vendors and integrators, the NCCoE guide said. Those respondents with relevant capabilities or product components signed a Cooperative Research and Development Agreement (CRADA) to collaborate with NIST in a consortium to build an example solution. 

The architecture and solutions presented in the NCCoE document have been built upon standards-based, commercially available products and represent some of the possible solutions. The solutions implement standard cybersecurity capabilities, such as BAD, application allowlisting, file integrity-checking, change control management, and user authentication and authorization. The testing was carried out in two distinct lab settings: a discrete manufacturing workcell, which represents an assembly line production, and a continuous process control system (PCS), which represents chemical manufacturing industries. 

Organizations interested in securing the integrity of the manufacturing system and information from destructive malware, insider threats, and unauthorized software should initially conduct a risk assessment and determine the appropriate security capabilities required to mitigate those risks, the NCCoE guide said. Once the security capabilities are identified, the sample architecture and solution presented in this document may be used. The security capabilities of the example solution are mapped to NIST’s Cybersecurity Framework, the National Initiative for Cybersecurity Education Framework, and NIST Special Publication 800-53, it added. 

Project collaborators include Dispel offering secure remote access with authentication and authorization support, Dragos delivering network and asset monitoring to detect behavior anomalies and modifications to hardware, firmware, and software capabilities, Forescout providing network and asset monitoring to detect behavior anomalies and modifications to hardware, firmware, and software capabilities, and GreenTec offering secure data storage on-premise.

Other collaborators include Microsoft providing network and asset monitoring to detect behavior anomalies and modifications to hardware, firmware, and software capabilities. OSIsoft delivers real-time data management software that enables detection of behavior anomalies and modifications to hardware, firmware, and software capabilities. TDi Technologies offers an access control platform that secures connections and provides control mechanisms to enterprise systems for authorized users and devices, and monitors activity down to the keystroke.

The project also includes Tenable providing network and asset monitoring to detect behavior anomalies and modifications to hardware, firmware, and software capabilities, and VMware delivers host-based application allowlisting and file integrity monitoring.

The NCCoE said that while it used a suite of commercial products to address this challenge, the guide does not endorse these particular products or guarantee compliance with any regulatory initiatives.

“We believe it offers easily digestible guidance to the manufacturing community to improve cybersecurity posture, no matter where they are in the journey,” Josh Carlson, senior business development manager at Dragos, wrote in a company blog post. “Just like there will never be a magic pill or a singular approach to achieving the appropriate BMI for your body type, manufacturing companies have many ways to accomplish the cyber risk posture they think is suitable for their business. This guide seeks to cover many of those approaches and present some food for thought to develop a tailor-made cybersecurity program that works for each organization,” he added.

The document comes at the back of the NCCoE releasing a ‘project description’ earlier this month to assist manufacturers in responding to and recovering from a cyber attack within the sector. The NCCoE project calls upon organizations to review the draft publications during public comment periods and provide feedback by Apr. 14. 

The NCCoE is also working with interested stakeholders to define a scope of work, use cases, and hardware and software components needed for the Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector project. The public comment period for this draft Project Description is now open through Apr. 28.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats