US Department of Commerce
The National Institute of Standards and Technology (NIST)
The National Institute of Standards and Technology (NIST) is a world-class measurement and testing laboratory encompassing a wide range of areas of computer science, mathematics, statistics, and systems engineering. NIST’s cybersecurity programs seek to enable greater development and application of practical, innovative security technologies and methodologies that enhance the country’s ability to address current and future computer and information security challenges.
The Framework, published in 2014, is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. The framework helps organizations manage cybersecurity risk in the nation’s critical infrastructure, such as manufacturing, and has been widely adopted by many types of organizations across the country and around the world.
NIST has issued a draft update to the Cybersecurity Framework, providing new details on managing cyber supply chain risks, clarifying key terms, and introducing measurement methods for cybersecurity. A link to the framework and update can be found here:
In addition, NIST provides resources to help organizations and specifically manufacturers get better prepared to meet the guidelines of the Framework.
The Baldridge Cybersecurity Excellence Builder is a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts and identity improvement opportunities in the context of their overall organizational performance. This self-assessment tool blends organizational assessment approaches from the Baldrige Performance Excellence Program (BPEP) with the concepts and principles of the Cybersecurity Framework developed by NIST.
The Cybersecurity Framework Manufacturing Profile document provides the Cybersecurity Framework implementation details developed specifically for the manufacturing environment. The “Manufacturing Profile” of the Cybersecurity Framework can be used as a roadmap for reducing cybersecurity risk for manufacturers that is aligned with manufacturing sector goals and industry best practices.
The Profile gives manufacturers:
- A method to identify opportunities for improving the current cybersecurity posture of the manufacturing system
- An evaluation of their ability to operate the control environment at their acceptable risk level
- A standardized approach to preparing the cybersecurity plan for ongoing assurance of the manufacturing system’s security
Department of Homeland Security
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies and the intelligence community and coordinating efforts among Federal, state, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures.
Advisories provide timely information about current security issues, vulnerabilities, and exploits.
ICS-CERT publishes the Monitor Newsletter when an adequate amount of pertinent information has been collected. The newsletter is provided as a service to personnel actively engaged in the protection of critical infrastructure assets.
The Department of Homeland Security also created the Critical Manufacturing Sector Cybersecurity Framework Implementation Guidance to simplify the process for all companies in the Critical Manufacturing Sector, regardless of their size, cybersecurity risk, or current level of cybersecurity sophistication, to apply the principles and best practices of risk management. Ultimately, the Framework and the Implementation Guidance are focused on helping individual companies reduce and better manage their cybersecurity risks, contributing to a more secure and resilient manufacturing sector.
Department of Homeland Security’s C3 Voluntary Program (link is external)