NIST Releases ICS Guidance to Manufacturers

The National Institute of Standards and Technology (NIST) announced the final version of a special publication focusing on helping manufacturers improve the cybersecurity of their industrial control system (ICS) environments.

The guide, titled Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector, is a collaboration between NIST and many private organizations including Mitre, Microsoft, Tenable, VMWare and others.

The guide is designed to help organizations address some of the challenges including mitigating ICS integrity risks, strengthening OT systems and protecting the data they process.

The 369-page document describes common attack scenarios and provides examples of practical solutions that manufacturers can implement to protect ICS from destructive malware, insider threats, unauthorized software, unauthorized remote access, anomalous network traffic, loss of historical data, and unauthorized system modifications.

Unlike most NIST publications, this document recommends some of the participants’ products. Manufacturers are provided step-by-step instructions on how each vendor’s products can be installed and configured to address the described attack scenarios.

While this document is in a final form, NIST is also working on a companion guide focused on responding to and recovering from a cyberattack.

Credit: Securityweek

by