Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

File uploaded by Shlomi Feldman Employee on Nov 11, 2018
Version 1Show Document
  • View in full screen mode

I want to share with you the recently released NIST report concerning Behavioral anomalies detection.

 

Executive summary:

NIST’s NCCoE, with NIST’s EL and NCCoE collaborators, offers information regarding the use of BAD capabilities to support cybersecurity in ICS for manufacturing. This National Institute of Standards and Technology Interagency Report (NISTIR) was developed in response to feedback from members of the manufacturing sector concerning the need for cybersecurity guidance. Cybersecurity attacks directed at manufacturing infrastructure can be detrimental to both human life and property. BAD mechanisms support a multifaceted approach to detecting cybersecurity attacks against ICS devices on which manufacturing processes depend, in order to permit the mitigation of those attacks. The NCCoE and EL deployed commercially available hardware and software provided by industry, in response to a NIST notice in the Federal Register, in order to demonstrate BAD capabilities in an established laboratory infrastructure. We mapped security characteristics of the demonstrated capabilities to the Framework for Improving Critical Infrastructure Cybersecurity [1] based on NISTIR 8183, the Cybersecurity Framework Manufacturing Profile [2]. The mapping can be used as a reference in applying specific security controls found in prominent industry standards and guidance. Introducing anomalous data into a manufacturing process can disrupt operations, whether deliberately or inadvertently. The goal of this NISTIR is to provide practical approaches for manufacturers to use in their efforts to strengthen the cybersecurity of their manufacturing processes. This NISTIR demonstrates how BAD tools can be used as a key security component in sustaining business operations, particularly those based on ICS.

 

 

The report is important, as it is the first time that organizations like NIST and the National Cybersecurity Center of Excellence, recommend the market to use anomaly detection solution to improve ICS cybersecurity. The report present capabilities and solutions of several companies, unfortunately we are not among them. Still I think it is an excellent tool that can help us engage our customers and new prospects. as the report presents the positive approach of the regulatory organizations and the benefit they see by implementing such solutions.

Outcomes