NIST Releases Cybersecurity Guide for Manufacturing Control Systems

The IBM X-Force Threat Intelligence Index 2022 stated “For the first time in five years, manufacturing outpaced finance and insurance in the number of cyberattacks levied against these industries…” To help meet these growing cyber threats, NIST published Special Publication 1800-10 Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector, developed in collaboration with cybersecurity providers. Its goal is to help manufacturers protect Industrial Control Systems which enable management of machinery, production lines, and other physical processes that produce goods. Specifically, the guide seeks to help manufacturers:  

• Secure historical system data  
• Prevent execution or installation of unapproved software
• Detect anomalous behavior on a network
• Identify hardware, software, or firmware modifications
• Enable secure remote access
• Authenticate and authorize users

The guide offers four examples of practical solutions which manufacturers may adapt to their unique environments and needs. Each scenario is mapped to relevant NIST Cybersecurity Framework functions and subcategories and details security capabilities provided by proposed products. The solutions are consistent with other relevant practices and guidance, which the Guide lists.  

The Guide also points out the intended audiences – manufacturing's chief information officers, program managers, and information technology professionals in other sectors – and proposes how they may use the Guide. Additionally, NIST solicits feedback on the Guide, which can be provided at manufacturing_nccoe [at] nist.gov (manufacturing_nccoe[at]nist[dot]gov).

Security Week reported on the publication in NIST Releases ICS Cybersecurity Guidance for Manufacturers, March 17, 2022.