Date Published: November 2018
Comments Due:
Email Questions to:
Author(s)
James McCarthy (NIST), Michael Powell (NIST), Keith Stouffer (NIST), CheeYee Tang (NIST), Timothy Zimmerman (NIST), William Barker (Dakota Consulting), Titilayo Ogunyale (MITRE), Devin Wynne (MITRE), Johnathan Wiltberger (MITRE)
Announcement
Many manufacturing organizations leverage industrial control systems (ICS) to monitor and control physical processes. As ICS continue to adopt standard commercial information technology (IT) solutions to promote corporate business systems connectivity and remote access capabilities, ICS become more vulnerable to cyberthreats. These attacks can occur through either accidental or deliberate introduction of anomalous data into a manufacturing process on an ICS device and can result in serious damage to manufacturing infrastructure and even physical harm to employees.
The NCCoE, in conjunction with the NIST Engineering Laboratory, has developed an example solution that demonstrates how a manufacturing company can improve the security of its ICS through behavioral anomaly detection. This can not only help companies detect and mitigate cyberattacks but also help manufacturers detect anomalous conditions related to a cyber attack.
This report details one cybersecurity capability that will later be researched in tandem with other cybersecurity capabilities in a full practice guide. This guidance has been developed by using standards-based, commercially available technologies and industry best practices.
We look forward to receiving your comments on this draft guide. Comments may be submitted online, or via email to manufacturing_nccoe@nist.gov.
Industrial control systems (ICS) are used in many industries to monitor and control physical processes. As ICS continue to adopt commercially available information technology (IT) to promote corporate business systems’ connectivity and remote access capabilities, ICS become more vulnerable to cybersecurity threats. The National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE), in conjunction with NIST’s Engineering Laboratory (EL), has demonstrated a set of behavioral anomaly detection (BAD) capabilities to support cybersecurity in manufacturing organizations. The use of these capabilities enables manufacturers to detect anomalous conditions in their operating environments to mitigate malware attacks and other threats to the integrity of critical operational data. NIST’s NCCoE and EL have mapped these demonstrated capabilities to the Cybersecurity Framework and have documented how this set of standards-based controls can support many of the security requirements of manufacturers. This report documents the use of BAD capabilities in two distinct, but related, demonstration environments: a robotics-based manufacturing system and a process control system that resembles what is being used by chemical manufacturing industries.
Industrial control systems (ICS) are used in many industries to monitor and control physical processes. As ICS continue to adopt commercially available information technology (IT) to promote corporate business systems’ connectivity and remote access capabilities, ICS become more vulnerable to...
See full abstract
Industrial control systems (ICS) are used in many industries to monitor and control physical processes. As ICS continue to adopt commercially available information technology (IT) to promote corporate business systems’ connectivity and remote access capabilities, ICS become more vulnerable to cybersecurity threats. The National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE), in conjunction with NIST’s Engineering Laboratory (EL), has demonstrated a set of behavioral anomaly detection (BAD) capabilities to support cybersecurity in manufacturing organizations. The use of these capabilities enables manufacturers to detect anomalous conditions in their operating environments to mitigate malware attacks and other threats to the integrity of critical operational data. NIST’s NCCoE and EL have mapped these demonstrated capabilities to the Cybersecurity Framework and have documented how this set of standards-based controls can support many of the security requirements of manufacturers. This report documents the use of BAD capabilities in two distinct, but related, demonstration environments: a robotics-based manufacturing system and a process control system that resembles what is being used by chemical manufacturing industries.
Hide full abstract
Keywords
BAD; behavioral anomaly detection; cybersecurity; Cybersecurity Framework; ICS; industrial control systems; manufacturing; process control
Control Families
None selected