NIST 2.0: Safeguarding Manufacturing's Future - Industry Today - Leader in Manufacturing & Industry News
 

February 5, 2024 NIST 2.0: Safeguarding Manufacturing’s Future

Volume 27 | Issue 1

Understand the evolving cybersecurity threats and how the NIST 2.0 Cybersecurity Framework updates impact manufacturers.

Click here to read the complete illustrated article or continue below to read the text article.

By Ahmik Hindman, Senior Network & Security Solution Consultant at Rockwell Automation

The manufacturing industry is undergoing a digital transformation, driven by the adoption of smart manufacturing technologies such as the Industrial Internet of Things (IIoT), cloud computing and AI. The rise of connected devices and the convergence of IT and OT have expanded the attack surface for cybercriminals, making manufacturers prime targets for cyberattacks from inside and outside of their organizations. For OT environments, more than 80% of threats come from outside the organization, while internal personnel unintentionally open the door for threat actors in 33% of incidents.

Further complicating the industry is the evolving regulatory landscape. The U.S. has enacted stricter cybersecurity regulations like the Biden administration’s National Cybersecurity Strategy Implementation Plan and the SEC’s new rules on cybersecurity reporting to better protect critical infrastructure and organizations. However, maintaining compliance can be challenging for smaller manufacturing companies with limited resources, as well as large manufacturers with operations spread across the globe.

The Need for Comprehensive Cybersecurity Strategy

Cyber threats are continuing to grow in sophistication and frequency. The manufacturing industry has witnessed a staggering 107% surge in cyberattacks since 2021. Breaches can also have costly impacts on critical infrastructure and manufacturing systems from downtimes, ransomware and rippling effects beyond the organization itself. Some high-profile examples from recent years include the 2021 ransomware attacks on the Colonial Pipeline, which caused widespread fuel shortages across the U.S., and on the JBS USA Meat Processing Company, which caused global meat shortages and prices spiking.

The growing number and vast impact of these breaches on the manufacturing sector are a wake-up call for organizations to have a comprehensive cybersecurity strategy in place to safeguard operations and critical infrastructure. That’s why the National Institute of Standards and Technology (NIST) developed its Cybersecurity Framework (CSF). Organizations can leverage this widely recognized and adaptable framework to better understand and improve their management of cybersecurity risk.

Recognizing the changing cybersecurity landscape, NIST released the public draft of the NIST Cybersecurity Framework 2.0 in mid-2023. The goal of the proposed changes in the 2.0 framework is to help increase clarity and alignment with national and international cybersecurity standards.

The NIST 2.0 updates will have many implications for manufacturers, requiring manufacturers to adapt their cybersecurity strategies to address growing complex threats and comply with evolving regulations. While the CSF is a voluntary framework, noncompliance can lead to hefty costs for manufacturers. This can include costs from unplanned downtime, cyberattacks or ransomware during downtime, and the immeasurable loss of trust from employees, customers and stakeholders.

manufacturing cybersecurity rockwell automaion
Maintaining compliance can be a challenge for manufacturers with limited resources, and those with operations spread across the globe.

Preparing for the NIST 2.0 Rollout

The NIST 2.0 CSF updates help manufacturers safeguard their cybersecurity posture. While the updates illustrate a constantly changing cyber environment, it may be tough for manufacturers to adapt or even know where to begin in complying with the updates. Below, we will outline the core functions of the NIST CSF: governance, identify, protect, detect, respond and recover. These core elements of NIST 2.0 also act as steps manufacturers can take to help protect their organizations before, during and after a potential attack.

1. Governance

A key addition to NIST 2.0 is the governance category, which previously existed under the “identify” category. This addition shows an evolution and willingness to adapt as needed. The governance step elevates the importance cybersecurity risk management plays in business and compliance outcomes, as it provides organizational context in developing a risk management strategy. In this stage, roles and responsibilities are outlined and policies and procedures are put in place to ensure that teams know what to do in all steps before, during and after a breach.

2. Identify attack vectors and points of vulnerability

You can’t protect what you can’t identify. That’s why the identify function of the NIST Cybersecurity Framework is a great place to start, as it’s focused on laying the groundwork for an effective cybersecurity program. This function helps organizations develop a full understanding of their entire threat landscape, including all systems, people, assets, data and capabilities associated with an environment.

3. Protect environments

Once you’ve identified potential vulnerabilities across the organization’s cybersecurity environment, you can better protect your organization against those vulnerabilities. This involves deploying technologies that protect IT and OT environments, including firewalls, Industrial Demilitarized Zones (IDMZ), network segmentation, role-based access control, Zero Trust and patch management.

4. Detect an attack as it’s happening

After identifying assets with potential vulnerabilities and deploying tactics and tools in the protect phase, detection is a critical next step. Even if an organization has deployed extensive technologies to protect its environment, OT landscapes are constantly changing. Keeping up with detecting vulnerabilities in real time is a crucial investment for organizations to make. Manufacturers must be prepared to leverage Intrusion Detection Systems (IDS) to detect an attack when it arises. Organizations must be able to identify new assets coming into their environments on a regular basis, and real-time detection helps organizations understand active threats and their priority.

5. Incident response

When an attack happens, proper response is important to mitigate losses. Organizations must act swiftly and decisively to contain the attack, minimize its impact and restore normal operations. This is a challenging step, as organizations must get their IT and OT teams together to understand and decide how to respond when something happens. This collaboration enables organizations to gain a comprehensive understanding of the attack, identify its root cause and implement appropriate containment measures.

6. Recover operations

The recover function of the NIST Cybersecurity Framework refers to developing and implementing a plan to restore normal operations following a cybersecurity event. This step encompasses a range of activities, including system restoration, data recovery, process resumption, stakeholder communication and lessons learned analysis. These activities work together to help ensure that affected systems are brought back online, data and OT systems are restored to their pre-incident state and stakeholders are kept informed throughout the recovery process.

manufacturing cybersecurity

Cybersecurity Best Practices for the Digital Age

As the manufacturing industry continues to shift over time, cybersecurity frameworks must also change to adapt to the rising sophistication of potential threats. Manufacturers must take a proactive approach to protect their critical assets, maintain compliant operations and ensure their organizations’ resilience.

Cybersecurity is an ongoing process that requires continuous vigilance and action. By implementing a comprehensive cybersecurity strategy that aligns with the NIST 2.0 CSF approach, manufacturers can effectively identify and protect their environments, detect and respond to threats. This framework also ensures that organizations can recover from threats and maintain organizational governance to be ready for the next inevitable threat.

ahmik hindman rockwell automation
Ahmik Hindman

Ahmik Hindman is a Senior Network & Solution Consultant with more than 26 years focused on industrial control systems, with the last five years focused on IACS networks and cybersecurity. Ahmik holds a BS EE, MBA-IT, CISSP, CCSP, CCNA, Security+, NSE 3, and several ISA/IEC 62443 cybersecurity certifications.

NIST


 

Subscribe to Industry Today

Read Our Current Issue

Spotlighting Equipment Manufacturing: Advocate for the People Who Build, Power, and Feed the World

Most Recent EpisodeCADDi: Making Design and Supply Chain Data Accessible

Listen Now

Tune in to hear from Chris Brown, Vice President of Sales at CADDi, a leading manufacturing solutions provider. We delve into Chris’ role of expanding the reach of CADDi Drawer which uses advanced AI to centralize and analyze essential production data to help manufacturers improve efficiency and quality.