Despite the threats of cyberattack on computer-controlled industrial systems, utilities and other users of these systems can be hesitant to adopt common security technologies out of concern for their impact on system performance. NIST developed a guide to help industry understand and implement cybersecurity approaches to protect them from these threats.
NIST’s Guide to Industrial Control Systems (ICS) Security helps industry strengthen the cybersecurity of its computer-controlled systems. These systems are used in industries such as utilities and manufacturing to automate or remotely control product production, handling or distribution. By providing guidance on how to tailor traditional IT security controls to accommodate unique ICS performance, reliability and safety requirements, NIST helps industry reduce the vulnerability of computer-controlled systems to malicious attacks, equipment failures and other threats.
Today, widely available software applications and internet-enabled devices have been integrated into most ICS, delivering many benefits, but also increasing system vulnerability. Sophisticated malware that specifically targets weaknesses in ICS is on the rise, posing a significant threat to U.S. economic and national security.
NIST research focuses on the connectivity of devices and networks and how to strengthen system and device defenses. Most recently, NIST developed guidance for how ICS users can apply the approaches to cybersecurity described in another widely used NIST product, the Security and Privacy Controls for Federal Information Systems and Organizations. With this information, utilities, chemical companies, food manufacturers, automakers and other ICS users can adapt and refine these security controls to address their specialized security needs.