Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

Current Status

Download the draft version of NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection report here (PDF).

The NCCoE has released a draft NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection. The public comment period for this report closed on December 6, 2018.

If you have questions or suggestions, please email us at manufacturing_nccoe@nist.gov

Summary

Industrial Control Systems (ICS) monitor and control physical processes in many different industries and sectors, especially in manufacturing. A cyber attack directed at a manufacturing organization’s infrastructure could result in detrimental consequences to both human life and property.

For this project, the NCCoE and EL has demonstrated behavioral anomaly detection and prevention mechanisms, to support a multifaceted approach of counteracting cyber attacks against ICS devices that provide the functionality necessary to run manufacturing processes.

The goal is to provide industry with detailed information to establish an anomaly detection and prevention capability in their own environments. By implementing behavioral anomaly detection tools, manufacturers are provided with a key security component that will aid in sustaining business operations, particularly those based on ICS.

This project has resulted in a NIST Interagency Report (NISTIR). While the reference design will focus on cybersecurity, the example solution may also produce residual benefits to manufacturers for detecting anomalous conditions that are not security related.

Questions? Comments? Reach us at manufacturing_nccoe@nist.gov.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

ForeScout logo
OSISoft logo
SecureNok logo
Certain commercial entities, equipment, products, or materials may be identified by name or company logo or other insignia in order to acknowledge their participation in this collaboration or to describe an experimental procedure or concept adequately. Such identification is not intended to imply special status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.

Join Our Community of Interest

Interested in joining the Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

News and Events

BAD to the Bone - NIST, LOTL, and IoT/ICS Behavioral Anomaly Detection (BAD)
May 08, 2020
NIST and CyberX Present Educational SANS Webinar on “NIST Recommendations for ICS & IIoT Security
February 28, 2019
Helping NIST’s NCCoE Advance Cybersecurity for Manufacturing ICS Networks
December 14, 2018
NIST Experiments with Critical Infrastructure Protections
November 16, 2018
An Industrial Cybersecurity Platform
November 09, 2018
View More