U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST IR 8219 (Initial Public Draft)

Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

Date Published: November 2018
Comments Due: December 6, 2018 (public comment period is CLOSED)
Email Questions to: manufacturing_nccoe@nist.gov

Author(s)

James McCarthy (NIST), Michael Powell (NIST), Keith Stouffer (NIST), CheeYee Tang (NIST), Timothy Zimmerman (NIST), William Barker (Dakota Consulting), Titilayo Ogunyale (MITRE), Devin Wynne (MITRE), Johnathan Wiltberger (MITRE)

Announcement

Many manufacturing organizations leverage industrial control systems (ICS) to monitor and control physical processes. As ICS continue to adopt standard commercial information technology (IT) solutions to promote corporate business systems connectivity and remote access capabilities, ICS become more vulnerable to cyberthreats. These attacks can occur through either accidental or deliberate introduction of anomalous data into a manufacturing process on an ICS device and can result in serious damage to manufacturing infrastructure and even physical harm to employees.

The NCCoE, in conjunction with the NIST Engineering Laboratory, has developed an example solution that demonstrates how a manufacturing company can improve the security of its ICS through behavioral anomaly detection. This can not only help companies detect and mitigate cyberattacks but also help manufacturers detect anomalous conditions related to a cyber attack.

This report details one cybersecurity capability that will later be researched in tandem with other cybersecurity capabilities in a full practice guide. This guidance has been developed  by using standards-based, commercially available technologies and industry best practices.

We look forward to receiving your comments on this draft guide.  Comments may be submitted online, or via email to manufacturing_nccoe@nist.gov.

Abstract

Keywords

BAD; behavioral anomaly detection; cybersecurity; Cybersecurity Framework; ICS; industrial control systems; manufacturing; process control
Control Families

None selected

Documentation

Publication:
Draft NISTIR 8219 (pdf)

Supplemental Material:
Submit Comments
Project Homepage

Document History:
11/06/18: IR 8219 (Draft)
07/16/20: IR 8219 (Final)