nist recommendations for ics amp iiot security securing
play

NIST Recommendations for ICS & IIoT Security Securing - PowerPoint PPT Presentation

NIST Recommendations for ICS & IIoT Security Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection Mike Powell, Project Cybersecurity Engineer, NIST /NCCoE Jim McCarthy, Energy Sector Federal Lead NIST / NCCoE


  1. NIST Recommendations for ICS & IIoT Security Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection Mike Powell, Project Cybersecurity Engineer, NIST /NCCoE Jim McCarthy, Energy Sector Federal Lead NIST / NCCoE Timothy Zimmerman, Computer Engineer, NIST EL

  2. Agenda • NIST / NCCoE Overview • Cyber Risks to Manufacturing Organizations • Why Stronger ICS Cybersecurity is Needed • Benefits of Behavioral Anomaly Detection (BAD) • NIST Testbeds: Process Control & Robotics • NIST Cybersecurity Framework (CSF) Mapping National Cybersecurity Center of Excellence nccoe.nist.gov 2

  3. Foundations & Mission Collaborative Hub The NCCoE assembles experts from businesses, academia, and other government agencies to work on critical national problems in cybersecurity. This collaboration is essential to exploring the widest range of concepts. As a part of the NIST cybersecurity portfolio, the NCCoE has access to a wealth of prodigious expertise, resources, relationships, and experience. Mission Accelerate adoption of secure technologies: collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs National Cybersecurity Center of Excellence nccoe.nist.gov 3

  4. Engagement & Business Model DEFINE ASSEMBLE BUILD ADVOCATE OUTCOME: OUTCOME: OUTCOME: OUTCOME: Define a scope of Assemble teams of Build a practical, Advocate adoption work with industry to industry orgs, govt usable, repeatable of the example solve a pressing agencies, and academic implementation implementation cybersecurity institutions to address all to address the using the practice challenge aspects of the cybersecurity guide cybersecurity challenge challenge National Cybersecurity Center of Excellence nccoe.nist.gov 4

  5. Manufacturing Sector Projects • NISTIR 8219 Behavioral Anomaly Detection • Protecting Information System Integrity in Manufacturing Environments Project Description Join our Community of Interest Email us at manufacturing_nccoe@nist.gov National Cybersecurity Center of Excellence nccoe.nist.gov 5

  6. NISTIR 8219 Behavioral Anomaly Detection Securing Manufacturing Industrial Control Systems – Behavioral Anomaly Detection Overview • A cyber attack directed at manufacturing DEFINE ASSEMBLE BUILD ADVOCATE DEFINE ASSEMBLE BUILD ADVOCATE infrastructure could result in detrimental consequences to both human life and property Project Status • The goal is to provide a cybersecurity example solution that businesses can implement or use Final NISTIR 8219 expected release date March 2019 to strengthen cybersecurity in their manufacturing processes Collaborate with Us • The NISTIR demonstrated how manufacturing companies can implement behavioral anomaly • Download draft NISTIR 8219: detection tools without negatively impacting the https://www.nccoe.nist.gov/sites/default/files/library/mf- performance of their operational environments ics-nistir-8219.pdf • Email manufacturing_nccoe@nist.gov to join the Community of Interest for this project National Cybersecurity Center of Excellence nccoe.nist.gov 6

  7. Manufacturing Behavioral Anomaly Detection Use Case NISTIR 8219: Securing Manufacturing Industrial Control Systems – Behavioral Anomaly Detection • The NCCoE deployed commercially-available behavioral anomaly detection systems in two distinct but related manufacturing demo environments : • Collaborative robotics system • Simulated chemical process system • Security characteristics were mapped to the NIST Cybersecurity Framework (CSF) National Cybersecurity Center of Excellence nccoe.nist.gov 7

  8. NISTIR 8219 Securing Manufacturing Industrial Control Systems: Behavioral Anomaly Detection • Project goal: • demonstrate behavioral anomaly detection techniques that businesses can implement and use to strengthen the cybersecurity of their manufacturing processes. • Three detection methods: • network-based • agent-based • operational historian/sensor-based National Cybersecurity Center of Excellence nccoe.nist.gov 8

  9. Cyber risks to manufacturing organizations • Cybersecurity attacks directed at manufacturing infrastructure can be detrimental to both human life and property. • BAD mechanisms support a multifaceted approach to detecting cybersecurity attacks against ICS devices on which manufacturing processes depend, in order to permit the mitigation of those attacks. • Introducing anomalous data into a manufacturing process can disrupt operations, whether deliberately or inadvertently. • More sophisticated hacking tools and techniques are readily available for downloading from the internet. • Growing cyber-dependency makes critical infrastructure attacks harder to stop. National Cybersecurity Center of Excellence nccoe.nist.gov 9

  10. Benefits of Behavioral Anomaly Detection (BAD) This NISTIR is intended to help organizations accomplish their goals by using anomaly detection tools for the following purposes: • detect cyber incidents in time to permit effective response and recovery • expand visibility and monitoring capabilities within manufacturing control systems, networks, and devices • reduce opportunities for disruptive cyber incidents by providing real-time monitoring and anomaly-detection alerts • support the oversight of resources (e.g., IT, personnel, data) • enable faster incident-response times, fewer incidents, and shorter downtimes National Cybersecurity Center of Excellence nccoe.nist.gov 10

  11. Process Control System National Cybersecurity Center of Excellence nccoe.nist.gov 11

  12. Collaborative Robotics System • Discrete process • Four machining stations • Two machine-tending robots • Supervisory PLC • Modbus TCP National Cybersecurity Center of Excellence nccoe.nist.gov 12

  13. Mapping the security characteristics of BAD to the NIST CSF National Cybersecurity Center of Excellence nccoe.nist.gov 13

  14. Protecting Information System Integrity in Manufacturing Environments Cybersecurity for the Manufacturing Sector Overview • Threats to organizational environments such as DEFINE ASSEMBLE BUILD ADVOCATE destructive malware, malicious insider activity, advanced persistent threats, and even honest mistakes create the imperative for organizations Project Status to be able to protect their assets from data integrity attacks Project Description expected release date for public comments March 2019 • This project explores methods one could deploy to help prevent/mitigate the threats identified Collaborate with Us above as it pertains to deploying cybersecurity capabilities in an ICS manufacturing • Email manufacturing_nccoe@nist.gov to join the environment Community of Interest for this project National Cybersecurity Center of Excellence nccoe.nist.gov 14

  15. Questions? Michael Powell, Security Engineer Michael.Powell@nist.gov 301-975-0310 Jim McCarthy, Senior Security Engineer James.McCarthy@nist.gov 301-975-0228 Timothy Zimmerman, Computer Engineer Timothy.zimmerman@nist.gov 301-975-2435 http://nccoe.nist.gov 301-975-0200 nccoe@nist.gov National Cybersecurity Center of Excellence nccoe.nist.gov 15

Recommend


More recommend