An industrial cybersecurity platform

Developed by NIST’s National Cybersecurity Center of Excellence (NCCoE), a newly released report shows how technologies like CyberX enable manufacturing organisations to reduce the risk of disruptive cyberattacks like NotPetya and WannaCry, enable faster incident response and shorter downtimes, and deliver real-time visibility and monitoring of ICS assets and networks.

CyberX uses agentless network traffic analysis (NTA) with patented self-learning to continuously monitor ICS network traffic for anomalies without impacting performance. Alerts are forwarded to standard SIEMs for investigation by the corporate SOC. NIST specifically tested detection of zero-day threats that would not normally be detected by traditional security tools like IDS/IPS systems that rely on predefined signatures.

Examples of anomalies detected by CyberX and documented in the NIST report include:

• Unauthorised devices attached to the ICS network.
• Unauthorised remote access to the ICS network.
• Network scans using ICS protocols, indicating potential cyber reconnaissance activities.
• Unauthorised PLC logic downloads and file transfers between ICS devices.
• Communication using undefined function codes in ICS protocols, which may indicate attempts to exploit known vulnerabilities in ICS devices.

The report was the product of a close collaboration between the NCCoE, CyberX, and other technology providers such as OSIsoft. It presents detailed findings and a reference architecture that organisations can use for their own environments.

Mapping to NIST cybersecurity framework (CSF)

The NIST report documents the use of behavioural anomaly detection (BAD) in two distinct environments: a robotics-based manufacturing system, and a process control system similar to those used in chemical and pharmaceutical manufacturing. In addition, the report maps the security characteristics of BAD to the NIST cybersecurity framework (CSF), a practical standard for operationalising controls based on business objectives.

The NCCoE encourages readers to submit feedback on the draft report and will accept public comments through 6 December 2018. The NCCoE is a collaborative hub where industry organisations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. The NCCoE applies standards and best practices to develop modular, easily adaptable example cybersecurity solutions using commercially available technology.

Read the article online at: https://www.worldpipelines.com/business-news/09112018/an-industrial-cybersecurity-platform/