The National Cybersecurity Center of Excellence (NCCoE) has posted two draft Project Descriptions for public comment:
Detecting and Protecting Against Data Integrity Attacks in Industrial Control System (ICS) Environments
The NCCoE—in conjunction with NIST's Engineering Laboratory (EL) and industry collaborators—will highlight how manufacturing organizations can take a comprehensive approach to enhancing security of their industrial control systems by leveraging the following cybersecurity capabilities:
- behavioral anomaly detection
- security incident and event monitoring
- industrial control system application white listing
- malware detection and mitigation
- change control management
- user authentication and authorization
- access control least privilege
- file integrity checking mechanisms
The solution will use security controls that map to the NIST Cybersecurity Framework and industry standards and best practices. The project will result in a freely available NIST cybersecurity practice guide and will document an approach that organizations can use to strengthen the integrity of their data against destructive malware, insider threats, and unlicensed software within manufacturing environments that rely on ICS.
The public comment period for this document ends July 25, 2019. See the publication details for a copy of the document, instructions for submitting comments, and information about the project.
The NCCoE is proposing a project to explore continuous monitoring capabilities that can effectively, efficiently, and automatically detect when a malicious actor, be it an authorized user or external actor, attempts to perform an action in an organization’s IT infrastructure that could result in financial, reputational, or operational impacts to the organization.
This project will describe how to address this issue by collecting appropriate log data from the IT infrastructure. Furthermore, the continuous monitoring capabilities can also be used to automate analysis and reporting of the log data to alert the proper personnel in the organization with actionable information and guidance so they may take measures toward resolving the detected issue. This project will result in a freely available NIST Cybersecurity Practice Guide, which includes a reference architecture, a fully implemented example solution, and a detailed guide of practical steps needed to implement the solution.
The public comment period for this document ends July 26, 2019. See the publication details for a copy of the document, instructions for submitting comments, and information about the project.