Industrial control systems (ICS) help manufacturers boost productivity, optimize efficiency and advance production lines. Historically, ICS networks were isolated from the information technology (IT) networks and internet, or “air gapped.” Today, air gapping is no longer an effective security strategy, and for various business reasons, many ICS manufacturing networks are now integrated with IT networks and connected to the internet. This makes ICS more vulnerable to cyber threats such as malware, malicious insider activity and human error.
NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector provides practical solutions to these challenges.
CMTC, the California Manufacturing Extension Partnership (MEP) Center, noted that small and medium-sized manufacturers (SMMs) are prime targets for a cyberattack because they have more digital assets to target than an individual consumer but less security than a large company with vast resources.
Manufacturers’ growing dependence on technology and data as drivers of productivity and efficiency results in an increased need for cybersecurity, but SMMs’ management of cybersecurity concerns is impacted by many factors such as:
Regardless of their size, cybersecurity should be a concern for all manufacturers.
NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector demonstrates how manufacturers can protect their systems and data from destructive malware, insider threats and unauthorized software.
This guide shows how some commercially available security products can be used to address common threat scenarios. NIST SP 1800-10 was developed using two representative lab settings: a discrete manufacturing work cell, which represents assembly line production, and a continuous process control system, which represents chemical manufacturing industries.
The security products were tested to demonstrate their effectiveness against 11 common scenarios of malicious and accidental compromises to data integrity. Examples of scenarios of interest include:
NIST SP 1800-10 demonstrates how the different commercially available security products can be used to address these and other scenarios. The practice guide provides example solutions for manufacturing organizations to:
The solutions demonstrated are best implemented as part of a comprehensive cybersecurity program. Manufacturers should start by:
With the information gleaned from these three steps, manufacturers can use NIST SP 1800-10’s guidance, sample architecture and other solutions to determine which security tools can be deployed to help mitigate their organizations’ risks.
The security capabilities of the example solution are also mapped to the NIST Cybersecurity Framework (CSF), the National Initiative for Cybersecurity Education (NICE) Framework and NIST SP 800-53 Rev. 5 (which provides the foundation for NIST SP 800-171). This allows companies to better see how the commercial toolsets can be used as part of a comprehensive cybersecurity program.
Manufacturers can help stop risky behavior, stay ahead of threats, and reduce their organizations’ attack surface by adding SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector to their cyber defense tool kit today.
The NIST Cybersecurity Center of Excellence (NCCoE) brings together members of private industry, government agencies and academia to create practical, standards-based solutions that organizations of all types and sizes can use to protect their assets, people and data. To learn more, sign up for updates or join a community of interest. Manufacturers can also look forward to NCCoE’s upcoming demonstration on response and recovery.
Knowing where to start with cybersecurity requirements can be overwhelming, especially for small and medium-sized manufacturers with limited resources. Experts in the MEP National NetworkTM are available to help you with these and other cybersecurity issues. The Network includes 51 MEP Centers, located in all 50 states and Puerto Rico — their assistance is just a phone call or click away.