Smart manufacturing systems need to be protected from vulnerabilities that may arise as a result of their increased connectivity, use of wireless networks and sensors, and use of widespread information technology. Manufacturers are hesitant to adopt common security technologies, such as encryption and device authentication, due to concern for potential negative performance impacts in their systems. This is exacerbated by a threat environment that has changed dramatically with the appearance of advanced persistent attacks specifically targeting industrial systems, such as Stuxnet. This project will develop a cybersecurity risk management framework with supporting guidelines, methods, metrics and tools to enable manufacturers, technology providers, and solution providers to assess and assure cybersecurity for smart manufacturing systems. The cybersecurity risk management framework and methodology will stimulate manufacturer adoption and enable effective use of security technologies, leading to smart manufacturing systems that offer security, reliability, resiliency and continuity in the face of disruption and major incidents.
Deliver a cybersecurity risk management framework and methodology to enable, assess, and assure cybersecurity for smart manufacturing systems, by FY 2018.
What is the new technical idea?
Early deployment of traditional IT security into manufacturing systems interfered with safety and time-critical operations and led to the recognition that the solution required adaptation of these techniques. The new technical idea is to develop a cybersecurity risk management framework with supporting guidelines, methods, metrics and tools to enable manufacturers, technology providers, and solution providers to assess and assure cybersecurity for smart manufacturing systems.
What is the research plan?
The project work will take place in three phases: assessment, test development, and standardization. In the assessment phase, NIST will host a security performance impacts workshop to determine the real-time measurements required to quantitatively determine the impact of cybersecurity on real-time performance, resource use, reliability and safety of smart manufacturing systems. The workshop report will drive the research in the second phase, test development. Two research challenges will be addressed in this phase. The first challenge is the development of comprehensive requirements and use cases that represent practical, interoperable cybersecurity approaches for real world needs of complex smart manufacturing systems. The second challenge is the development of a suite of specific tests that measure the impact of cybersecurity technology when fulfilling these requirements. The project will develop a smart manufacturing system cybersecurity testbed to implement the test suite, and analyze the performance impact (e.g. latency, jitter) and operational impacts (e.g. efficiency, productivity) of the cybersecurity safeguards and countermeasures. NIST will develop a technical report based on the analysis of the results from testing the use cases in the testbed. During the standardization phase, NIST will work with standards development organizations (e.g., the International Society of Automation (ISA), and the International Electrotechnical Commission (IEC)), to develop new guidelines and standards to facilitate the implementation of cybersecurity requirements in smart manufacturing systems that do not negatively impact the performance of the system. NIST contributions will ensure that the standards are written so that compliance can be measured, and that performance (e.g., safety, reliability, real-time communication) can be measured and assured at target levels of acceptability. NIST will work with ISA’s Security Compliance Institute (ISCI), which develops certification specifications for industrial automation suppliers and operational sites, to develop certification specifications and test methods for factory control systems. Working through ISCI ensures that ultimately the project’s outcomes will be immediately useable by the championing industries.
Start Date:October 1, 2013
Lead Organizational Unit:el
Related Programs and Projects:
Keith Stouffer, Project Leader
301 975 3877 Telephone
100 Bureau Drive, M/S 8230