NIST wants help with guide for restoring industrial control systems after cyberattacks
The National Institute of Standards and Technology is developing a Cybersecurity Practice Guide with steps for recovering equipment and restoring operations after cyberattacks on industrial control systems in manufacturing environments.
The agency’s National Cybersecurity Center of Excellence (NCCoE) and Communications Technology Laboratory (CTL) want to show how to use commercial-off-the-shelf (COTS) technologies for cyber event reporting, log review, event analysis, incident handling and response, and eradication and recovery in a work cell mirroring the typical manufacturing process.
NIST says it wants industry feedback “to help refine the project scope.” The comment period opened this week and will close on April 14.
“In the laboratory, the NCCoE will build an example solution using commercially available technology that demonstrates an approach for responding to and recovering from a cyber attack within a manufacturing environment,” the agency said.
Recent cyberattacks have seen hackers use business systems and IT networks to access industrial control systems (ICS), which often require tailored cyber solutions because they rely on different types of hardware and software than office or household IT. The White House has highlighted ICS security as part of its push to protect U.S. manufacturing, utility companies and the supply chain for goods and services.
“These same systems are facing an increasing number of cyberattacks, presenting a real threat to safety and production and economic impact to a manufacturing organization,” reads a draft of the project description. “Though defense-in-depth security architecture helps to mitigate cyber risks to some extent, it cannot guarantee elimination of all cyber risks; therefore manufacturing organizations should also have a plan to recover and restore manufacturing operations should a cyber attack impact the plant operation.”
NCCoE — a collaborative hub for agencies, industry and academia — will demonstrate how to apply the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF) Functions and Categories to manufacturing environments. The NIST Cybersecurity Framework includes respond and recover functions NCCoE will refer to when restoring data corruption in application and software configurations over the course of the project.
Collaboratively NCCoE and CTL will then map the security characteristics they demonstrate to the NIST Cybersecurity Framework among others.