U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

ICS monitor and control physical processes in many industries and sectors, including manufacturing. A cyberattack directed at a manufacturer’s infrastructure and ICS could cause harm to human life and property. The NCCoE along with NIST’s Engineering Lab (EL) developed guidance that organizations can use to protect their ICS and infrastructure by establishing an anomaly detection and prevention capability. 

Implementing behavioral anomaly detection to help secure manufacturing ICS

The NCCoE and NIST EL have demonstrated behavioral anomaly detection methods to support a multifaceted approach of counteracting cyberattacks against ICS devices that are integral to manufacturing processes.
Status: Finalized Guidance

The NCCoE has released the final NISTIR 8219, Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection.

Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.

NIST IR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly DetectionWeb Version NIST IR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

Project Abstract

Industrial Control Systems (ICS) are used in many industries to monitor and control physical processes. Increasingly, ICS are becoming more interconnected, mutually dependent systems. As ICS adopt commercially available information technology to enable connectivity and remote access capabilities of corporate business systems, it becomes more exposed to the outside world and vulnerable to cybersecurity threats that can disrupt operations. 

The NCCoE and members of the NIST EL have demonstrated a set of behavioral anomaly detection capabilities to help manufacturers detect anomalous conditions in their ICS and operating environments. These capabilities are presented in a NIST Interagency Report (NISTIR) that provides practical approaches that organizations can use to strengthen the cybersecurity of their manufacturing processes. Implementing behavioral anomaly detection tools gives manufacturers a key security component that can sustain and protect their operations, particularly those based on ICS.

As manufacturers embrace technology to boost productivity and gain efficiencies, they must also use it to bolster their cyber defenses to protect their people, data, and operations.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself