Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” directed the development of the voluntary Cybersecurity Framework that provides a prioritized, flexible, repeatable, performance-based and cost-effective approach to manage cybersecurity risk for those processes, information and systems directly involved in the delivery of critical infrastructure services.

To address the sector specific cybersecurity challenges of the manufacturing industry, NIST has developed the NISTIR 8183 “Cybersecurity Framework Manufacturing Profile,” which defines specific cybersecurity activities and outcomes for the protection of the manufacturing system, its components, facility and environment.

Building the Case for the Manufacturing Profile

Manufacturing is a large and diverse industrial sector. Manufacturing industries can be categorized as either process-based, discrete-based or a combination of both.

Process-based manufacturing industries typically utilize two main process types:

  • Continuous Manufacturing Processes. These processes run continuously, often with phases to make different grades of a product. Typical continuous manufacturing processes include fuel or steam flow in a power plant, petroleum in a refinery and distillation in a chemical plant.
  • Batch Manufacturing Processes. These processes have distinct processing steps conducted on a quantity of material. There is a distinct start and end to a batch process. Typical batch manufacturing processes include food, beverage and biotech manufacturing.

Discrete-based manufacturing industries typically conduct a series of operations on a product to create the distinct end-product. Electronic and mechanical parts assembly are typical examples of this type of industry. Both process-based and discrete-based industries utilize similar types of control systems, sensors and networks. Some facilities are a hybrid of discrete and process-based manufacturing.

The manufacturing sector of the critical infrastructure community includes public and private owners and operators that are supported by industrial control systems (ICS) and by IT. This reliance on technology as well as the interconnectivity of ICS and IT has changed and expanded (Read more...)