Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

ICS monitor and control physical processes in many industries and sectors, including manufacturing. A cyberattack directed at a manufacturer’s infrastructure and ICS could cause harm to human life and property. The NCCoE along with NIST’s Engineering Lab (EL) developed guidance that organizations can use to protect their ICS and infrastructure by establishing an anomaly detection and prevention capability. 

Implementing behavioral anomaly detection to help secure manufacturing ICS.

The NCCoE and NIST EL have demonstrated behavioral anomaly detection methods to support a multifaceted approach of counteracting cyberattacks against ICS devices that are integral to manufacturing processes.
Status: Finalized Practice Guide

The NCCoE has released the final NISTIR 8219, Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection.

Project Abstract

Industrial Control Systems (ICS) are used in many industries to monitor and control physical processes. Increasingly, ICS are becoming more interconnected, mutually dependent systems. As ICS adopt commercially available information technology to enable connectivity and remote access capabilities of corporate business systems, it becomes more exposed to the outside world and vulnerable to cybersecurity threats that can disrupt operations. 

The NCCoE and members of the NIST EL have demonstrated a set of behavioral anomaly detection capabilities to help manufacturers detect anomalous conditions in their ICS and operating environments. These capabilities are presented in a NIST Interagency Report (NISTIR) that provides practical approaches that organizations can use to strengthen the cybersecurity of their manufacturing processes. Implementing behavioral anomaly detection tools gives manufacturers a key security component that can sustain and protect their operations, particularly those based on ICS.

As manufacturers embrace technology to boost productivity and gain efficiencies, they must also use it to bolster their cyber defenses to protect their people, data, and operations.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Join the Community of Interest

A Community of Interest (COI) is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Members typically meet monthly by teleconference. Share your expertise and consider becoming a member of this project's COI.

Request to join
Employee speaking on video call with colleagues on online briefing with laptop at home