Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector [open pdf - 20MB]
From the Executive Summary: "Many manufacturing organizations rely on industrial control systems (ICS) to monitor and control their machinery, production lines, and other physical processes that produce goods. To stay competitive, manufacturing organizations are increasingly connecting their operational technology (OT) systems to their information technology (IT) systems to enable and expand enterprise-wide connectivity and remote access for enhanced business processes and capabilities. Although the integration of IT and OT networks is helping manufacturers boost productivity and gain efficiencies, it has also provided malicious actors, including nation states, common criminals, and insider threats a fertile landscape where they can exploit cybersecurity vulnerabilities to compromise the integrity of ICS and ICS data to reach their end goal. The motivations behind these attacks can range from degrading manufacturing capabilities to financial gain, and causing reputational harm. [...] To address the cybersecurity challenges facing the manufacturing sector, the National Institute of Standards and Technology's (NIST's) National Cybersecurity Center of Excellence (NCCoE) launched this project in collaboration with NIST's Engineering Laboratory (EL) and cybersecurity technology providers. Together, we have built example solutions that manufacturing organizations can use to mitigate ICS integrity risks, strengthen the cybersecurity of OT systems, and protect the data that these systems process."
NIST Special Publication No. 1800-10; National Institute of Standards and Technology Special Publication No. 1800-10
NIST Technical Series Publications: https://nvlpubs.nist.gov/