Influential NIST security project will guide manufacturers in protecting industrial control system environments
SAN JOSE, Calif., March 18, 2022 – Forescout Technologies, Inc., the leader in Enterprise of Things security, today announced it has been working with the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) to collaborate in its Protecting Information and System Integrity in Industrial Control System Environments project. Forescout was selected to help develop new cybersecurity guidance for manufacturing organizations to protect their operational technology (OT) and information technology (IT) systems from cyber threats.
As part of the NCCoE “Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector” project, practical, interoperable cybersecurity guidelines have been developed that address the real world needs of organizations around the world. This new guidance was developed to mitigate ICS integrity risks, strengthen the cybersecurity of OT systems, and protect the data that these systems process.
“Protecting information and system integrity of industrial control systems (ICS) will be critical to maximizing production, protecting plant personnel, and optimizing operations for manufacturing organizations of all sizes,” said Dr. Michael Powell, NCCoE senior security engineer. “This NCCoE cybersecurity practice guide shows how several cybersecurity capabilities can be applied to enhance data integrity, detect anomalous behavior, and reduce the attack surface for ICS.”
The convergence of IT and OT networks is helping manufacturers boost productivity and gain efficiencies, but it has also provided malicious actors, including nation states and insider threats, a fertile landscape to exploit the weak cybersecurity posture and compromise the integrity of OT systems and ICS data.
“Traditional industrial control systems were not designed with security and modern cyberattacks in mind. As IT and OT converge, hackers take advantage of the underlying vulnerabilities and lack of segmentation to create widespread disruption,” said Daniel Trivellato, VP of Operational Technology, Forescout. “Forescout urges OT organizations to use the guidelines provided by NIST NCCoE as a clear path to protect their critical assets and mitigate against future threats.”
Forescout’s cybersecurity platform provides critical infrastructure and manufacturing organizations the ability to automatically identify and assess all connected devices, from the decade-old process controller, the traditional IT system to the new IoT device – all commonly found in today’s ICS environments. Each device is continuously monitored to determine its security and operational risks and detect any threat to operational continuity. The situational awareness allows organizations to prioritize mitigation, orchestrate responses and automate workflows through the Forescout platform, so even vulnerable OT systems can continue to operate securely. Forescout integrates the existing security ecosystem to multiply the effect of each system operating in isolation.
Forescout excels in ICS asset visibility according to the new Forrester Wave™: Industrial Control Systems (ICS) Security Solutions, Q4 2021 and has “the broadest ICS protocol support of the vendors evaluated. That protocol knowledge also helps Forescout deploy the leading asset discovery and identification capability in this evaluation according to multiple customers”. The insights gained from over 3,000 customers worldwide allows Forescout to perform vulnerability and threat research that predicts threats and actively provides customers with detection and incident response playbooks to keep them secure as new threats arise.
Forescout’s latest NIST engagement builds on the company’s success with NCCoE’s IoT Security Guide and NCCoE’s Zero Trust Guide projects demonstrating security strategies and best practices for U.S. critical infrastructure operators and key economic sectors.
To secure OT networks, organizations need to gain visibility beyond their OT environments and tighten security across the entire enterprise. Without an enterprise-wide cyber defense, industrial enterprises are increasingly becoming targets of cyber-attacks. The Forescout platform’s ability to continuously assess device types – IoT, OT, IIoT, IoMT and IT – and act to contain threats is fundamental for a successful cyber security strategy.
About the National Cybersecurity Center of Excellence
As part of NIST, the NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables collaboration in the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under CRADAs, including technology partners, from Fortune 50 market leaders to smaller companies specializing in information technology and operational technology security, the NCCoE applies standards and best practices to develop modular, and easily adaptable example cybersecurity solutions by using commercially available technologies. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to re-create the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland. Information is available at https://www.nccoe.nist.gov.
Forescout Technologies, Inc. actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every connected thing. Fortune 1000 companies trust Forescout as it provides one of the most widely deployed, enterprise-class platforms at scale across IT, IoT and OT managed and unmanaged devices. Forescout arms customers with extensive device intelligence, data and policies to allow organizations across every industry to accurately classify risk, detect anomalies and quickly remediate cyberthreats without disruption of critical business assets. Don’t just see it. Secure it.