Security Experts:

Connect with us

Hi, what are you looking for?



NIST Releases ICS Cybersecurity Guidance for Manufacturers

NIST releases ICS cybersecurity guidance for manufacturers

NIST guide provides examples of commercial products that manufacturers can use to address specific security risks

NIST releases ICS cybersecurity guidance for manufacturers

NIST guide provides examples of commercial products that manufacturers can use to address specific security risks

The National Institute of Standards and Technology (NIST) on Wednesday announced the final version of a special publication focusing on helping manufacturers improve the cybersecurity of their industrial control system (ICS) environments.

The new cybersecurity practice guide is titled “NIST SP 1800-10, Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector.” It is the result of collaboration between NIST’s National Cybersecurity Center of Excellence (NCCoE), MITRE, and several private sector companies, including Microsoft, Dispel, Forescout, Dragos, OSIsoft, TDi Technologies, GreenTec, Tenable and VMware.

The authors of the guidance point out that while connecting operational technology (OT) and information technology (IT) systems can be beneficial for a manufacturer’s productivity and efficiency, this also makes them more vulnerable to cyber threats.

The new publication, which is available to organizations free of charge, aims to address some of the associated challenges, including mitigating ICS integrity risks, strengthening OT systems, and protecting the data they process.

The 369-page document describes common attack scenarios and provides examples of practical solutions that manufacturers can implement to protect ICS from destructive malware, insider threats, unauthorized software, unauthorized remote access, anomalous network traffic, loss of historical data, and unauthorized system modifications.

The examples described in the guide focus on application allowlisting, behavior anomaly detection, file integrity checks, remote access, user authentication and authorization, and detection of modifications to hardware, software or firmware.

Learn more about protecting industrial systems at SecurityWeek’s ICS Cyber Security Conference

One of the attack scenarios described in the document involves protecting a workstation in the manufacturing environment from malware infections delivered via USB flash drives. These types of infections can be prevented using application allowlist capabilities in Carbon Black (VMware) and Windows Software Restriction Policies (SRP).

If the attack vector is the corporate network instead of a USB drive, the guide recommends allowlist capabilities provided by Carbon Black and Windows SRP, as well as solutions from Dragos, Tenable, Forescout and Microsoft for behavior anomaly detection.

Other theoretical attack scenarios covered by the guide include protecting hosts from malware delivered through remote access connections, protecting hosts from unauthorized application installations, preventing unauthorized devices from being added to the network, detecting unauthorized communications between devices, detecting unauthorized modifications to PLC logic, preventing historian data modifications, detecting sensor data manipulation, and detecting unauthorized firmware changes.

Manufacturers are provided step-by-step instructions on how each vendor’s products can be installed and configured to address the described attack scenarios.

There is also a chapter for program managers and middle management decision-makers to help them decide what technologies they want to use to address OT security issues in their facilities.

“Organizations that don’t have the time or wherewithal to verify and validate industrial cybersecurity technology categories for their use cases will find the output paramount,” Dragos explained in a blog post describing the guide. “At the same time, the fact that a government agency led the effort impartially means that the documents will not have any extreme vendor slant. The goal was not to pick product winners and losers but instead to help organizations simply understand the types of technology available and how to deploy/integrate them for an improved return on investment.”

NIST is currently also working on another cybersecurity guide for manufacturers, one focusing on responding to and recovering from a cyberattack. That publication is currently a draft in the public comment period.

Related: Increasing Number of Threat Groups Targeting OT Systems in North America

Related: ICS, OT Cybersecurity Incidents Cost Some U.S. Firms Over $100 Million: Survey

Related: Ransomware Often Hits Industrial Systems, With Significant Impact

Related: Volume of Attacks on IoT/OT Devices Increasing

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.