TDi and its ConsoleWorks product, which manages privileged-user access and permissions, participated in a newly released National Cybersecurity Center of Excellence (NCCoE) practice guide. The guide, available here, presents example solutions for protecting information and system integrity in industrial control system environments (ICS).
As business applications and internet-connected devices have become integrated into industrial control systems, their vulnerability to cyber incidents has increased. This NCCoE cybersecurity practice guide demonstrates how commercially available technology can be leveraged in a manufacturing setting to enhance security.
“Protecting information and system integrity of industrial control systems will be critical to maximizing production, protecting plant personnel, and optimizing operations for manufacturing organizations of all sizes,” NCCoE senior security engineer Dr. Michael Powell said. “This NCCoE cybersecurity practice guide shows how several cybersecurity capabilities can be applied to enhance data integrity, detect anomalous behavior, and reduce the attack surface for ICS.”
TDi collaborated with NIST’s National Cybersecurity Center of Excellence in their Protecting Information and System Integrity in Industrial Control System Environments project to develop practical, interoperable cybersecurity approaches that address real-world needs of manufacturing organizations. By accelerating use of these integrated tools and technologies for protecting manufacturing systems and information, the NCCoE and its collaborators enhance trust in U.S. information technology (IT) and operational technology (OT) communications, data, and storage systems; reduce risk for companies and individuals using IT/OT systems; and encourage development of innovative, job-creating cybersecurity products and services. NIST does not evaluate commercial products under this consortium and does not endorse any product or service used
What is NIST’s goal for this practice guide?
To address the cybersecurity challenges that manufacturers are facing, the NCCoE collaborated with stakeholders in the manufacturing sector, the NIST Engineering Laboratory, and cybersecurity vendors to develop and document example solutions to:
- Detect and prevent unauthorized software installation
- Protect ICS networks from potentially harmful applications
- Determine changes made to a network using change management tools
- Detect unauthorized use of systems
- Continuously monitor network traffic
- Leverage anti-malware tools
What cybersecurity capabilities are demonstrated in the practice guide?
This guide contains four different example solutions that are applicable to a range of manufacturing environments, focusing on discrete and continuous manufacturing processes.
The security capabilities used in this demonstration for protecting information and system integrity in ICS environments are briefly described below. These capabilities are implemented using commercially available third-party and open-source solutions that provide the following capabilities:
Application Allowlisting (AAL): A list of applications and application components (libraries, configuration files, etc.) that are authorized to be present or active on a host according to a well-defined baseline.
Behavioral Anomaly Detection (BAD): A mechanism providing a multifaceted approach to detecting cybersecurity attacks.
Hardware/Software/Firmware Modification Detection: A mechanism providing the ability to detect changes to hardware, software, and firmware on systems or network connected devices.
File Integrity Checking: A mechanism providing the ability to detect changes to files on systems or network-connected devices.
User Authentication and Authorization: A mechanism for verifying the identity and the access privileges granted to a user, process, or device.
Remote Access: A mechanism supporting access to an organizational information system by a user (or an information system acting on behalf of a user) communicating through an external network (e.g., the Internet).
ConsoleWorks’ Continued collaboration with NIST’s NCCoE
TDi has participated in 10 collaborations with the NCCoE. In February we also participated in the practice guide Securing Distributed Energy Resources: An Example of Industrial Internet of Things Cybersecurity. You can read about it, as well as access the guide and project fact sheet in our post here.