Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

Current Status

Download the draft version of NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection report here (PDF).

The NCCoE has released a draft NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection. The public comment period for this report closed on December 6, 2018.

If you have questions or suggestions, please email us at manufacturing_nccoe@nist.gov

Summary

Industrial Control Systems (ICS) monitor and control physical processes in many different industries and sectors, especially in manufacturing. A cyber attack directed at a manufacturing organization’s infrastructure could result in detrimental consequences to both human life and property.

For this project, the NCCoE and EL has demonstrated behavioral anomaly detection and prevention mechanisms, to support a multifaceted approach of counteracting cyber attacks against ICS devices that provide the functionality necessary to run manufacturing processes.

The goal is to provide industry with detailed information to establish an anomaly detection and prevention capability in their own environments. By implementing behavioral anomaly detection tools, manufacturers are provided with a key security component that will aid in sustaining business operations, particularly those based on ICS.

This project has resulted in a NIST Interagency Report (NISTIR). While the reference design will focus on cybersecurity, the example solution may also produce residual benefits to manufacturers for detecting anomalous conditions that are not security related.

Questions? Comments? Reach us at manufacturing_nccoe@nist.gov.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

CyberX logo
OSISoft logo
SecureNok logo
Security Matters logo