Date Published: February 28, 2022
Comments Due:
Email Questions to:
Planning Note (3/9/2022):
The comment period has been extended to April 28, 2022.
Author(s)
Michael Powell (NIST), Michael Pease (NIST), Keith Stouffer (NIST), CheeYee Tang (NIST), Timothy Zimmerman (NIST), John Hoyt (MITRE), Stephanie Saravia (MITRE), Aslam Sherule (MITRE), Barbara Ware (MITRE), Lynette Wilcox (MITRE), Kangmin Zheng (MITRE)
Announcement
The release of this draft project description (from NIST's National Cybersecurity Center of Excellence [NCCoE]) begins a process to further identify project requirements, scope, hardware, and software components for use in a laboratory demonstration environment.
We would like your feedback on this draft to help refine the project scope. The comment period is now open and will close on April 28, 2022 April 14, 2022.
In the laboratory, the NCCoE will build an example solution using commercially available technology that demonstrates an approach for responding to and recovering from a cyber attack within a manufacturing environment by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response. The project will result in a freely available NIST Cybersecurity Practice Guide.
Industrial control systems (ICS) and devices that run manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on ICS to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attacks, presenting a real threat to safety and production, and economic impact to a manufacturing organization. Though defense-in-depth security architecture helps to mitigate cyber risks to some extent, it cannot guarantee elimination of all cyber risks; therefore, manufacturing organizations should also have a plan to recover and restore manufacturing operations should a cyber attack impact the plant operation. The goal of this project is to demonstrate a means to recover equipment from cyber attacks and restore operations. The NCCoE, part of NIST’s Information Technology Laboratory, in conjunction with the NIST Communications Technology Laboratory (CTL) and industry collaborators, will demonstrate an approach for responding to and recovering from an ICS attack within the manufacturing sector by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response. The NCCoE and the CTL will map the security characteristics to the NIST Cybersecurity Framework; the National Initiative for Cybersecurity Education Framework; and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and will provide commercial off the shelf (COTS) based modular security controls for manufacturers. NCCoE will implement each of the listed capabilities in a discrete-based manufacturing work-cell that emulates a typical manufacturing process. This project will result in a freely available NIST Cybersecurity Practice Guide.
Industrial control systems (ICS) and devices that run manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on ICS to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number...
See full abstract
Industrial control systems (ICS) and devices that run manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on ICS to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attacks, presenting a real threat to safety and production, and economic impact to a manufacturing organization. Though defense-in-depth security architecture helps to mitigate cyber risks to some extent, it cannot guarantee elimination of all cyber risks; therefore, manufacturing organizations should also have a plan to recover and restore manufacturing operations should a cyber attack impact the plant operation. The goal of this project is to demonstrate a means to recover equipment from cyber attacks and restore operations. The NCCoE, part of NIST’s Information Technology Laboratory, in conjunction with the NIST Communications Technology Laboratory (CTL) and industry collaborators, will demonstrate an approach for responding to and recovering from an ICS attack within the manufacturing sector by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response. The NCCoE and the CTL will map the security characteristics to the NIST
Cybersecurity Framework; the National Initiative for Cybersecurity Education Framework; and NIST Special Publication 800-53,
Security and Privacy Controls for Federal Information Systems and Organizations, and will provide commercial off the shelf (COTS) based modular security controls for manufacturers. NCCoE will implement each of the listed capabilities in a discrete-based manufacturing work-cell that emulates a typical manufacturing process. This project will result in a freely available NIST Cybersecurity Practice Guide.
Hide full abstract
Keywords
response; recovery; restoration; industrial control systems; operational technology
Control Families
None selected