In a June 2023 presentation, NIST Networked Control Systems Group Leader Keith Stouffer described resources that can help the Cybersecurity Task Force support Manufacturing Expansion Partnership (MEP), serving small and medium-sized manufacturers in all 50 states and Puerto Rico. Presentation is available online.
Manufacturers have had more cybersecurity incidents than any other critical infrastructure industry, Stouffer said. Thus, NIST provides cybersecurity resources for operational technologies such as those in manufacturing. NIST makes these resources available online. Stouffer summarized the key publications as described below.
NIST SP 800-82 Operational Technology (OT) Security Review Guide 3: The public project was published. Final version 3 will be published soon. Its predecessor option has had over three million downloads and 2,200 citations. The new NIST version includes updates to:
- Threats and Vulnerabilities
- OT Risk Management
- OT security
- Security features for OT
- Compliance with OT security standards, guidelines and NIST Cybersecurity Framework
- Safety Control Baselines for Low, Moderate, and High Impact OT Systems
Cyber Security Framework Version 1.1 Production Profile: NISTIR 8183 Revision 1: This profile adapts the NIST Cybersecurity Framework to production. It offers cybersecurity practices that best suit manufacturers’ needs while minimizing adverse effects on system performance. NIST’s Cybersecurity for OT Testbed evaluated the profile, measuring the impact of cybersecurity practices, including 42 technical capabilities. The profile can be implemented using the following guidelines: