U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector

Constant threats of destructive malware, malicious insider activity, and even honest mistakes create the need for manufacturers to be able to respond to and quickly recover from a cyber event that impacts industrial control systems and plant operations.

 

Project Description

Methods to help manufacturers quickly restore operations after a cyber event

Industrial control systems (ICS) and devices that run manufacturing environments play a critical role in our nation’s economy. Manufacturers rely on ICS to monitor and control physical processes that produce goods for public consumption. These same systems face an increasing number of cyber attacks, presenting a real threat to manufacturing safety and production. Though defense-in-depth security architecture can help mitigate cyber risk, it may not entirely eliminate it. Organizations should have a plan to recover and restore manufacturing operations should a cyber event impact plant operations. The NCCoE, together with the NIST Communications Technology Laboratory and industry collaborators, will demonstrate an approach for responding to and recovering from an ICS attack within the manufacturing sector by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response.  The NCCoE will implement each of these capabilities in a discrete-based manufacturing work-cell that emulates a typical manufacturing process. The project will result in a freely available NIST Cybersecurity Practice Guide.
Status: Soliciting Comments

The NCCoE has released the initial public draft of NIST Special Publication 1800-41, Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector. 

The public comment period for this publication is open through July 8, 2026. Use the comment form below to submit your feedback.

NIST SP 1800-41: Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector (Initial Public Draft)Document Version NIST SP 1800-41: Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector (Initial Public Draft)

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself