The National Cybersecurity Center of Excellence (NCCoE), a partnership of the National Institute of Standards and Technology (NIST) and the state of Maryland, is seeking public comment by Dec. 6 on a draft report (NISTIR 8219) detailing cybersecurity guidance aimed at the manufacturing sector that employs industrial control systems to monitor and control physical processes.
The draft report, NCCoE said, recognizes that industrial control systems have become more vulnerable to cybersecurity threats as the manufacturing sector has increasingly married those systems to commercial IT technologies. As a result of that increasing threat, NCCoE and NIST feature in the report “a set of behavioral anomaly detection (BAD) capabilities to support cybersecurity in manufacturing operations.”
“The use of these capabilities enables manufacturers to detect anomalous conditions in their operating environments to mitigate malware attacks and other threats to the integrity of critical operational data,” NCCoE said.
Further, NCCoE and NIST said they have “mapped these demonstrated capabilities” to NIST’s existing cybersecurity framework for critical infrastructure sectors and “have documented how this set of standards-based controls can support many of the security requirements of manufacturers.”
“This report documents the use of BAD capabilities in two distinct, but related, demonstration environments: a robotics-based manufacturing system and a process control system that resembles what is being used by chemical manufacturing industries,” NCCoE said.
The report on which public comment is sought details one cybersecurity capability “that will later be researched in tandem with other cybersecurity capabilities in a full practice guide,” NCCoE said.