Driven by the need to increase productivity and reduce costs, today’s manufacturing companies are continuously advancing automation on the plant floor. This fourth industrial revolution, or Industry 4.0, has exposed once siloed OT networks to the same types of risks faced by IT networks and campus environments. To help manufacturers overcome these increased risks, the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) has spearheaded the creation of a new report specifically meant to support the manufacturing sector in their efforts to improve their overall cybersecurity posture.
Over the last several months, we have worked closely with the NCCoE on this manufacturing security project that offers practical approaches to implement example solutions for cybersecurity challenges. The report provides suggested guidelines for manufacturing organizations who want to achieve a higher level of security in their operating environments by mitigating both cyber threats and operational risks through the detection of anomalous behavior and maps the security capabilities of the example solutions to the NIST Cybersecurity Framework. Collaborating with the NCCoE on this project aligned well with our mission of advancing cyber resilience for critical infrastructure, and we believe it’s an important step towards achieving that goal for the manufacturing industry.
The project examined the use of commercially available behavioral anomaly detection (BAD) technologies in two types of environments; a collaborative robotic system (CRS) for manufacturing, and a process control system (PCS) commonly used by chemical manufacturers.
Port Connections to SilentDefense* in the CRS
SPAN Port Connections to SilentDefense* in the PCS
In both scenarios, SilentDefense* was among the technologies used to demonstrate how manufacturers can use industrial control system (ICS) cybersecurity solutions to detect various cyber and operational threats, including but not limited to:
- Unauthorized remote access attempts
- Data exfiltration attempts
- Unauthorized devices connected to the network
- Brute-force password attacks
- Unauthorized firmware updates or HMI changes
- ICS devices scanning
In conjunction with NIST’s Engineering Lab (EL) and industry collaborators, the NCCoE has just released a draft of this report, NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection. Anyone interested in reading the report can download it here.
*While the example implementation uses certain products, including Forescout’s SilentDefense, NIST and the NCCoE do not endorse these products. The report presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.