[Project Description] Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector
The Operational Technology (OT) that runs manufacturing environments play a critical role in the supply chain. Manufacturing organizations rely on OT to monitor and control physical processes that produce goods for public consumption. These same systems are facing an increasing number of cyber attacks, presenting a real threat to safety and production, and economic impact to a manufacturing organization. Though defense-in-depth security architecture helps to mitigate cyber risks, it cannot guarantee elimination of all cyber risks; therefore, manufacturing organizations should also have a plan to recover and restore operations should a cyber incident impact operations. The goal of this project is to demonstrate means to recover equipment from a cyber incident and restore operations. The NCCoE, part of NIST’s Information Technology Laboratory, in conjunction with the NIST Communications Technology Laboratory (CTL) and industry collaborators, will demonstrate an approach for responding to and recovering from an OT attack within the manufacturing sector by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response. The NCCoE will map the security characteristics to the NIST Cybersecurity Framework and NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations and will provide commercial off the shelf (COTS) based modular security controls for manufacturers. NCCoE will implement each of the listed capabilities in a discrete-based manufacturing work-cell that emulates a typical manufacturing process. This project will result in a freely available NIST Cybersecurity Practice Guide.