Internet of Things (IoT)

NIST/NCCOE Project Description Draft Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector

  • 1.  NIST/NCCOE Project Description Draft Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector

    Posted Apr 20, 2022 09:07:00 AM
      |   view attached
    Hi All,

    The National Cybersecurity Center of Excellence (NCCoE) recently released a new manufacturing sector draft project description, Responding to and Recovering from a Cyber Attack: Cybersecurity for the Manufacturing Sector. Publication of this project description begins a process to further identify project requirements, scope, hardware, and software components for use in a laboratory demonstration environment.

    We would like your feedback on this draft to help refine the cybersecurity challenge and project scope. The comment period is now open and will close on April 28, 2022.
    Submit your comments online:https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack#publications_comment_form 

    This document defines an NCCoE project focused on responding to and recovering from a cyber 83 attack within an Industrial Control System (ICS) environment. Manufacturing organizations rely 84 on ICS to monitor and control physical processes that produce goods for public consumption. 85 These same systems are facing an increasing number of cyberattacks resulting in a loss of 86 production from destructive malware, malicious insider activity, or honest mistakes. This creates 87 the imperative for organizations to be able to quickly, safely, and accurately recover from an 88 event that corrupts or destroys data (such as database records, system files, configurations, user 89 files, application code). 90

    The purpose of this NCCoE Project is to demonstrate how to operationalize the NIST Framework 91 for Improving Critical Infrastructure Cybersecurity (CSF) Functions and Categories in a scaled-92 down version of targeted manufacturing industrial environments. Multiple systems need to 93 work together to recover when data integrity is compromised. This project explores methods to 94 effectively restore data corruption in commodity components (applications and software 95 configurations) as well as custom applications and data. The NCCoE-in collaboration with 96 members of the business community and vendors of cybersecurity solutions-will identify 97 standards-based, commercially available and open-source hardware and software components 98 to design a manufacturing lab environment to address the challenge of responding to and 99 recovering from a cyber attack of an ICS environment.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------