Operation Technology systems, often called OT-systems, is used by manufacturing organizations to monitor and control physical processes. Today the manufacturing industry is going through a massive digitalization process. As a result, OT-systems are using technology originally designed for IT environments and remote connections in a rapidly increasing scale. This leaves OT-systems vulnerable to cyber-attacks and other cyberthreats, much like IT systems have been for decades.
Cyber-attacks on OT can occur through hacking attempts, accidental or deliberate introduction of malware or tampering with equipment controlling a manufacturing process. Such attacks may result in down-time, damage to manufacturing infrastructure and even physical harm to employees.
Over the last several months, Secure-NOK has been working closely with the National Cybersecurity Center of Excellence (NCCoE) at the U.S. department of Commerce agency National Institute of Standards and Technology (NIST) on a manufacturing security project. The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. The NCCoE has just released a draft report, NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection, leveraging industry, government, and academic expertise.
This report is for manufacturing organizations who want to more securely protect their operating environments by mitigating malware attacks and other threats through the detection of anomalous conditions. The NCCoE collaborates with technology vendors including: Secure-NOK, CyberX, OSIsoft and SecurityMatters, to successfully develop an example solution that organizations can reference in efforts to increase the security within their manufacturing environments.
This report can help manufacturing organizations reduce their risk by showing how commercially available technologies, like Secure-NOK’s SNOK™ Cybersecurity Monitoring System* can be used to improve the security of their manufacturing environments. SNOK™ is a tool for detecting security events, such as anomalous behavior or breaches of security policies. SNOK monitors the manufacturing OT-system closely, analyzing both network traffic and endpoint behavior focusing on critical endpoints such as HMIs, PLCs and engineering stations. The tool is modular, flexible and provides for easy integration with Manufacturers ecosystem of IT-security tools.
The guide is available in draft format for download at the NCCoE website. The NCCoE seeks feedback from the manufacturing community and accepts comments until December 6th 2018 upon releasing a final version.
*While the example implementation uses certain products, including SNOK™ Cybersecurity Monitoring System, NIST and the NCCoE do not endorse these products. The guide presents the characteristics and capabilities of those products, which an organization’s security experts can use to identify similar standards-based products that will fit within with their organization’s existing tools and infrastructure.