Many manufacturing companies that rely on industrial control systems (ICS) to monitor and control physical processes to produce goods for public consumption are facing an increasing number of cyber-attacks. The U.S. Department of Homeland Security reports that the manufacturing industry is the second most targeted industry, based on the number of reported cyber-attacks. Given how critical ICS are to operations, cyber-attacks against ICS devices present a real threat to safety and production of goods, which can result in damaging economic impact to the manufacturing industry, and ultimately, U.S. prosperity.
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technoloy, in conjunction with NIST's Engineering Laboratory (EL) and industry collaborators, will explore how an organization can take a comprehensive approach to securing ICS within the manufacturing sector by leveraging the following cybersecurity capabilities: behavioral anomaly detection; security incident and event monitoring; ICS application white-listing; malware detection and mitigation; change control management; user authentication and authorization; access control least privilege; and file integrity-checking mechanisms, NIST said in a release.
The goal of this project is to demonstrate an example solution that protects the integrity of data from destructive malware, insider threats, and unlicensed software within manufacturing environments that rely on ICS. The EL and the NCCoE will map the security characteristics to the NIST Cybersecurity Framework, the National Initiative for Cybersecurity Education Framework, and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations, and will provide standards-based security controls for manufacturers.
Additionally, NIST will implement each of the listed capabilities in two distinct but related existing lab settings: a robotics-based manufacturing work cell and a process control system that resembles what is being used by chemical manufacturing industries. This project will result in a freely available NIST Cybersecurity Practice Guide, NIST stated.
The public comment period for this document ends July 25, 2019. See the publication details for a copy of the document, instructions for submitting comments, and information about the project.
Publication details: https://csrc.nist.gov/publications/detail/white-paper/2019/06/12/detecting-and-protecting-against-data-integrity-attacks-in-ics/draft