NIST Leader Describes Cybersecurity Resources for Small Manufacturers in Manufacturing Extension Partnership Workshop
In a June 2023 presentation, NIST Networked Control Systems Group Leader, Keith Stouffer, described resources that could aid the Cybersecurity Workgroup supporting the Manufacturing Extension Partnership (MEP), which serves small and medium-sized manufacturers in 50 states and Puerto Rico. The presentation is available online.
Manufacturers have had more cybersecurity incidents than other critical infrastructure sectors, said Stouffer. Thus, NIST provides cybersecurity resources for operational technologies, such as those in manufacturing. NIST makes these resources available online. Stouffer summarized key publications, as described below.
NIST SP 800-82 Guide to Operational Technology (OT) Security Revision 3: Public Draft was published. Final Revision 3 is to be published soon. Its previous version has had over three million downloads and 2,200 citations. NIST’s new version includes updates on:
- Threats and vulnerabilities
- OT risk management
- OT security
- Security capabilities for OT
- Alignment with OT security standards, guidelines, and NIST’s Cybersecurity Framework
- Security control baselines for low-, moderate-, and high-impact OT systems
Cybersecurity Framework Version 1.1 Manufacturing Profile: NISTIR 8183 Revision 1: This profile adapts the NIST Cybersecurity Framework to manufacturing. It offers cybersecurity practices which best fit manufacturers’ needs, while minimizing negative impacts to system performance. NIST’s cybersecurity for OT testbed evaluated the profile, measuring the impacts of cybersecurity practices, including those for 42 technical capabilities. The profile can be implemented using the following guides: