April 21, 2022By: Dr. Michael Powell
Industrial control systems (ICS) help manufacturers boost productivity, optimize efficiency and advance production lines. Historically, ICS networks were isolated from the information technology (IT) networks and internet, or “air gapped.” Today, air gapping is no longer an effective security strategy, and for various business reasons, many ICS manufacturing networks are now integrated with IT networks and connected to the internet. This makes ICS more vulnerable to cyber threats such as malware, malicious insider activity and human error.
NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector provides practical solutions to these challenges.
Small and Medium-Sized Manufacturers – A Favored Target
CMTC, the California Manufacturing Extension Partnership (MEP) Center, noted that small and medium-sized manufacturers (SMMs) are prime targets for a cyberattack because they have more digital assets to target than an individual consumer but less security than a large company with vast resources.
Manufacturers’ growing dependence on technology and data as drivers of productivity and efficiency results in an increased need for cybersecurity, but SMMs’ management of cybersecurity concerns is impacted by many factors such as:
- The technology that requires protecting includes both IT (networks and business-side software such as email, finance and Enterprise Resource Planning software) and OT (operational technology such as machines and control systems).
- Cybersecurity is time-consuming and competes with many other areas in terms of funding, awareness and education.
- It’s difficult to dedicate resources for trained, in-house cybersecurity staff.
- Cybersecurity has not been a priority in the development of OT devices, which means that as IT and OT are connected the vulnerabilities of OT systems become potential liabilities to the whole network.
- SMM owners often don’t realize cybersecurity breaches can happen at any time and have significant impact on their businesses’ profitability.
Regardless of their size, cybersecurity should be a concern for all manufacturers.
Protecting ICS Environments
NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector demonstrates how manufacturers can protect their systems and data from destructive malware, insider threats and unauthorized software.
This guide shows how some commercially available security products can be used to address common threat scenarios. NIST SP 1800-10 was developed using two representative lab settings: a discrete manufacturing work cell, which represents assembly line production, and a continuous process control system, which represents chemical manufacturing industries.
The security products were tested to demonstrate their effectiveness against 11 common scenarios of malicious and accidental compromises to data integrity. Examples of scenarios of interest include:
Scenario 1: Malware Infection via a USB Flash Drive
- Objective: Block the introduction of malware through physical access to a workstation within the manufacturing environment.
- Description: An authorized user unintentionally transfers executable files that contain malware into the manufacturing system via a USB flash drive.
Scenario 2: Malware via Remote Access Connections
- Objective: Block malware that is attempting to infect the manufacturing system through authorized remote access connections.
- Description: A remote workstation that is authorized to use a remote access connection has been infected with malware. When the workstation is connected to the manufacturing environment through the remote access connection, the malware attempts to pivot and spread to vulnerable hosts.
Scenario 3: Unauthorized Application Installation
- Objective: Block installation and execution of unauthorized applications on a workstation in the manufacturing system.
- Description: An authorized user installs unauthorized software on a manufacturing workstation. The file was obtained from a shared network drive accessible from the manufacturing workstation.
NIST SP 1800-10 demonstrates how the different commercially available security products can be used to address these and other scenarios. The practice guide provides example solutions for manufacturing organizations to:
- Identify, monitor, record and analyze security events and incidents within a real-time OT environment.
- Protect computers and ICS networks from potentially harmful applications.
- Determine changes made to a network and ICS configuration using change management tools.
- Detect authenticated but not authorized use of systems.
- Detect and contain malware.
Using the 1800-10 Practice Guide
The solutions demonstrated are best implemented as part of a comprehensive cybersecurity program. Manufacturers should start by:
- Identifying their assets.
- Training their employees.
- Conducting a risk assessment.
With the information gleaned from these three steps, manufacturers can use NIST SP 1800-10’s guidance, sample architecture and other solutions to determine which security tools can be deployed to help mitigate their organizations’ risks.
The security capabilities of the example solution are also mapped to the NIST Cybersecurity Framework (CSF), the National Initiative for Cybersecurity Education (NICE) Framework and NIST SP 800-53 Rev. 5 (which provides the foundation for NIST SP 800-171). This allows companies to better see how the commercial toolsets can be used as part of a comprehensive cybersecurity program.
Manufacturers can help stop risky behavior, stay ahead of threats, and reduce their organizations’ attack surface by adding SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector to their cyber defense tool kit today.
The NIST Cybersecurity Center of Excellence (NCCoE) brings together members of private industry, government agencies and academia to create practical, standards-based solutions that organizations of all types and sizes can use to protect their assets, people and data. To learn more, sign up for updates or join a community of interest. Manufacturers can also look forward to NCCoE’s upcoming demonstration on response and recovery.
The MEP National Network Can Help
Knowing where to start with cybersecurity requirements can be overwhelming, especially for small and medium-sized manufacturers with limited resources. Experts in the MEP National NetworkTM, like Cory Larson, are available to help you with these and other cybersecurity issues. The Network includes 51 MEP Centers, located in all 50 states and Puerto Rico — their assistance is just a phone call or click away.
ABOUT THE AUTHOR
Michael Powell is a Cybersecurity Engineer at the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) in Rockville, Maryland. His research…