NIST Recommendations for ICS & IIoT Security Securing - - PowerPoint PPT Presentation

nist recommendations for ics amp iiot security securing
SMART_READER_LITE
LIVE PREVIEW

NIST Recommendations for ICS & IIoT Security Securing - - PowerPoint PPT Presentation

Nov 14, 2022 450 likes •625 views

NIST Recommendations for ICS & IIoT Security Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection Mike Powell, Project Cybersecurity Engineer, NIST /NCCoE Jim McCarthy, Energy Sector Federal Lead NIST / NCCoE

slide-1
SLIDE 1

NIST Recommendations for ICS & IIoT Security Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

Mike Powell, Project Cybersecurity Engineer, NIST /NCCoE Jim McCarthy, Energy Sector Federal Lead NIST / NCCoE Timothy Zimmerman, Computer Engineer, NIST EL

slide-2
SLIDE 2

2 nccoe.nist.gov National Cybersecurity Center of Excellence

Agenda

  • NIST / NCCoE Overview
  • Cyber Risks to Manufacturing Organizations
  • Why Stronger ICS Cybersecurity is Needed
  • Benefits of Behavioral Anomaly Detection (BAD)
  • NIST Testbeds: Process Control & Robotics
  • NIST Cybersecurity Framework (CSF) Mapping
slide-3
SLIDE 3

3 nccoe.nist.gov National Cybersecurity Center of Excellence

Foundations & Mission

Collaborative Hub

The NCCoE assembles experts from businesses, academia, and other government agencies to work

  • n critical national problems in cybersecurity. This

collaboration is essential to exploring the widest range of concepts. As a part of the NIST cybersecurity portfolio, the NCCoE has access to a wealth of prodigious expertise, resources, relationships, and experience.

Mission

Accelerate adoption of secure technologies: collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs

slide-4
SLIDE 4

4 nccoe.nist.gov National Cybersecurity Center of Excellence

Engagement & Business Model

OUTCOME: Define a scope of work with industry to solve a pressing cybersecurity challenge OUTCOME: Assemble teams of industry orgs, govt agencies, and academic institutions to address all aspects of the cybersecurity challenge OUTCOME: Build a practical, usable, repeatable implementation to address the cybersecurity challenge OUTCOME: Advocate adoption

  • f the example

implementation using the practice guide

ASSEMBLE ADVOCATE BUILD DEFINE

slide-5
SLIDE 5

5 nccoe.nist.gov National Cybersecurity Center of Excellence

Manufacturing Sector Projects

  • NISTIR 8219 Behavioral Anomaly

Detection

  • Protecting Information System Integrity in

Manufacturing Environments Project Description

Join our Community of Interest

Email us at manufacturing_nccoe@nist.gov

slide-6
SLIDE 6

6 nccoe.nist.gov National Cybersecurity Center of Excellence

NISTIR 8219 Behavioral Anomaly Detection

Project Status

Final NISTIR 8219 expected release date March 2019

Collaborate with Us

  • Download draft NISTIR 8219:

https://www.nccoe.nist.gov/sites/default/files/library/mf- ics-nistir-8219.pdf

  • Email manufacturing_nccoe@nist.gov to join the

Community of Interest for this project

Securing Manufacturing Industrial Control Systems – Behavioral Anomaly Detection

DEFINE ASSEMBLE BUILD ADVOCATE DEFINE ASSEMBLE BUILD ADVOCATE

Overview

  • A cyber attack directed at manufacturing

infrastructure could result in detrimental consequences to both human life and property

  • The goal is to provide a cybersecurity example

solution that businesses can implement or use to strengthen cybersecurity in their manufacturing processes

  • The NISTIR demonstrated how manufacturing

companies can implement behavioral anomaly detection tools without negatively impacting the performance of their operational environments

slide-7
SLIDE 7

7 nccoe.nist.gov National Cybersecurity Center of Excellence

Manufacturing Behavioral Anomaly Detection Use Case

NISTIR 8219: Securing Manufacturing Industrial Control Systems – Behavioral Anomaly Detection

  • The NCCoE deployed commercially-available behavioral anomaly detection

systems in two distinct but related manufacturing demo environments:

  • Collaborative robotics system
  • Simulated chemical process system
  • Security characteristics were mapped to the NIST Cybersecurity

Framework (CSF)

slide-8
SLIDE 8

8 nccoe.nist.gov National Cybersecurity Center of Excellence

NISTIR 8219

  • Project goal:
  • demonstrate behavioral anomaly detection techniques that businesses can implement and

use to strengthen the cybersecurity of their manufacturing processes.

  • Three detection methods:
  • network-based
  • agent-based
  • perational historian/sensor-based

Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection

slide-9
SLIDE 9

9 nccoe.nist.gov National Cybersecurity Center of Excellence

Cyber risks to manufacturing organizations

  • Cybersecurity attacks directed at manufacturing infrastructure can be

detrimental to both human life and property.

  • BAD mechanisms support a multifaceted approach to detecting cybersecurity

attacks against ICS devices on which manufacturing processes depend, in

  • rder to permit the mitigation of those attacks.
  • Introducing anomalous data into a manufacturing process can disrupt
  • perations, whether deliberately or inadvertently.
  • More sophisticated hacking tools and techniques are readily available for

downloading from the internet.

  • Growing cyber-dependency makes critical infrastructure attacks harder to stop.
slide-10
SLIDE 10

10 nccoe.nist.gov National Cybersecurity Center of Excellence

Benefits of Behavioral Anomaly Detection (BAD)

This NISTIR is intended to help organizations accomplish their goals by using anomaly detection tools for the following purposes:

  • detect cyber incidents in time to permit effective response and recovery
  • expand visibility and monitoring capabilities within manufacturing control

systems, networks, and devices

  • reduce opportunities for disruptive cyber incidents by providing real-time

monitoring and anomaly-detection alerts

  • support the oversight of resources (e.g., IT, personnel, data)
  • enable faster incident-response times, fewer incidents, and shorter downtimes
slide-11
SLIDE 11

11 nccoe.nist.gov National Cybersecurity Center of Excellence

Process Control System

slide-12
SLIDE 12

12 nccoe.nist.gov National Cybersecurity Center of Excellence

Collaborative Robotics System

  • Discrete process
  • Four machining stations
  • Two machine-tending robots
  • Supervisory PLC
  • Modbus TCP
slide-13
SLIDE 13

13 nccoe.nist.gov National Cybersecurity Center of Excellence

Mapping the security characteristics of BAD to the NIST CSF

slide-14
SLIDE 14

14 nccoe.nist.gov National Cybersecurity Center of Excellence

Protecting Information System Integrity in Manufacturing Environments Project Status

Project Description expected release date for public comments March 2019

Collaborate with Us

  • Email manufacturing_nccoe@nist.gov to join the

Community of Interest for this project

Cybersecurity for the Manufacturing Sector

DEFINE ASSEMBLE BUILD ADVOCATE

Overview

  • Threats to organizational environments such as

destructive malware, malicious insider activity, advanced persistent threats, and even honest mistakes create the imperative for organizations to be able to protect their assets from data integrity attacks

  • This project explores methods one could deploy

to help prevent/mitigate the threats identified above as it pertains to deploying cybersecurity capabilities in an ICS manufacturing environment

slide-15
SLIDE 15

301-975-0200 http://nccoe.nist.gov

15 nccoe.nist.gov National Cybersecurity Center of Excellence

nccoe@nist.gov

Questions?

Michael Powell, Security Engineer Michael.Powell@nist.gov 301-975-0310 Jim McCarthy, Senior Security Engineer James.McCarthy@nist.gov 301-975-0228 Timothy Zimmerman, Computer Engineer Timothy.zimmerman@nist.gov 301-975-2435