National Cybersecurity Center of Excellence (NCCoE) Capabilities Assessment for Securing Manufacturing Industrial Control Systems for the Manufacturing Sector, 14879-14880 [2017-05759]
Download as PDF
<![CDATA[
Federal Register / Vol. 82, No. 55 / Thursday, March 23, 2017 / Notices
Dated: March 20, 2017.
Ronald K. Lorentzen,
Acting Assistant Secretary for Enforcement
and Compliance.
Appendix—Issues and Decision
Memorandum
I. Summary
II. Background
III. Period of Investigation
IV. Scope of the Investigation
V. Scope Comments
VI. Changes Since the Preliminary
Determination
VII. List of Issues
VIII. Discussion of Comments
General Issues:
Comment 1: Selection of Surrogate Country
Comment 2: Selection of Surrogate Final
Ratios and Use of CYDSA’s Financial
Statement
Comment 3: Treatment of Joint Product
Comment 4: Treatment of Water
Comment 5: Net Versus Gross Weight
Comment 6: Surrogate Value for Marine
Insurance
Comment 7: Recalculating Marine
Insurance by Using Gross Unit Price
Comment 8: Consideration of FOPs as
Overhead
Comment 9: Partial Rejection of
Petitioner’s SV Submissions
Comment 10: Selection of Voluntary
Respondent
Comment 11: Surrogate Value for Ocean
Freight
Comment 12: Converting Expense for
INVCARU
Comment 13: Surrogate Value for PCl3
Comment 14: Adjustment of Import
Statistics
Company-Specific Issues: Taihe
Comment 15: Taihe’s Movement Expenses
Company-Specific Issues: WW Group
Comment 16: Conversion Calculation for
Water Surrogate Value
Comment 17: Adjustment of Irrecoverable
VAT
IX. Conclusion
[FR Doc. 2017–05805 Filed 3–22–17; 8:45 am]
BILLING CODE 3510–DS–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 170221188–7188–01]
sradovich on DSK3GMQ082PROD with NOTICES
RIN 0693–XC072
National Cybersecurity Center of
Excellence (NCCoE) Capabilities
Assessment for Securing
Manufacturing Industrial Control
Systems for the Manufacturing Sector
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
SUMMARY:
VerDate Sep<11>2014
17:13 Mar 22, 2017
Jkt 241001
invites organizations to provide
products and technical expertise to
support and demonstrate security
platforms for the Capabilities
Assessment for Securing Manufacturing
Industrial Control Systems. This notice
is the initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the Manufacturing sector
program. Participation in the
Capabilities Assessment for Securing
Manufacturing Industrial Control
Systems use case is open to all
interested organizations.
DATES: Interested parties must contact
NIST to request a letter of interest
template to be completed and submitted
to NIST. Letters of interest will be
accepted on a first come, first served
basis. Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities of the
project, but no earlier than April 24,
2017. When the use case has been
completed, NIST will post a notice on
the NCCoE Manufacturing sector
program Web site at https://
nccoe.nist.gov/projects/use_cases/
manufacturing announcing the
completion of the use case and
informing the public that it will no
longer accept letters of interest for the
Capabilities Assessment for Securing
Manufacturing Industrial Control
Systems use case.
ADDRESSES: The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to manufacturing_nccoe@
nist.gov, or via hardcopy to National
Institute of Standards and Technology,
NCCoE; 9700 Great Seneca Highway,
Rockville, MD 20850. Organizations
whose letters of interest are accepted in
accordance with the process set forth in
the SUPPLEMENTARY INFORMATION section
of this notice will be asked to sign a
Cooperative Research and Development
Agreement (CRADA) with NIST. A
CRADA template can be found at:
https://nccoe.nist.gov/library/nccoeconsortium-crada-example.
FOR FURTHER INFORMATION CONTACT: Jim
McCarthy via email at James.McCarthy@
nist.gov; by telephone at 301–975–0228;
or by mail to National Institute of
Standards and Technology, NCCoE,
9700 Great Seneca Highway, Rockville,
MD 20850. Additional details about the
Manufacturing sector program can be
found here: https://nccoe.nist.gov/
projects/use_cases/manufacturing.
SUPPLEMENTARY INFORMATION:
PO 00000
Frm 00015
Fmt 4703
Sfmt 4703
14879
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT assets, the
NCCoE will enhance trust in U.S. IT
communications, data, and storage
systems; reduce risk for companies and
individuals using IT systems; and
encourage development of innovative,
job-creating cybersecurity products and
services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into a
Cooperative Research and Development
Agreement (CRADA) to provide
products and technical expertise to
support and demonstrate security
platforms for the Capabilities
Assessment for Securing Manufacturing
Industrial Control Systems for the
Manufacturing sector. The full
Capabilities Assessment for Securing
Manufacturing Industrial Control
Systems use case can be viewed here:
https://nccoe.nist.gov/projects/use_
cases/capabilities-assessment-securingmanufacturing-industrial-controlsystems.
Interested parties should contact NIST
using the information provided in the
FOR FURTHER INFORMATION CONTACT
section of this notice. NIST will then
provide each interested party with a
letter of interest template, which the
party must complete, certify that it is
accurate, and submit to NIST. NIST will
contact interested parties if there are
questions regarding the responsiveness
of the letters of interest to the use case
objective or requirements identified
below. NIST will select participants
who have submitted complete letters of
interest on a first come, first served
basis within each category of product
components or capabilities listed below
up to the number of participants in each
category necessary to carry out this use
case. However, there may be continuing
opportunities to participate even after
initial activity commences. Selected
participants will be required to enter
into a consortium CRADA with NIST
(for reference, see ADDRESSES section
above). NIST published a notice in the
Federal Register on October 19, 2012
(77 FR 64314) inviting U.S. companies
to enter into National Cybersecurity
Excellence Partnerships (NCEPs) in
E:\FR\FM\23MRN1.SGM
23MRN1
sradovich on DSK3GMQ082PROD with NOTICES
14880
Federal Register / Vol. 82, No. 55 / Thursday, March 23, 2017 / Notices
furtherance of the NCCoE. For this
demonstration project, NCEP partners
will not be given priority for
participation.
Capabilities Assessment for Securing
Manufacturing Industrial Control
Systems Objective: This is the first of a
four-part series designed to provide
businesses with the information they
need to establish an anomaly detection
and prevention capability in their own
environments. This project will be using
commercially available hardware/
software deployed on an established lab
infrastructure. The goal of this project is
to provide businesses with a
cybersecurity example solution that can
be implemented or that can inform
improved cybersecurity in their
manufacturing processes. Implementing
behavioral anomaly detection tools
provides a key security component in
sustaining business operations,
particularly those based on Industrial
Control Systems (ICS). One of the ways
to disrupt operations is to introduce
anomalous data into a manufacturing
process, whether deliberately or
inadvertently. Although the example
solution will focus on cybersecurity, our
example solution may also produce
residual benefit to manufacturers for
detecting anomalous conditions not
related to security. A detailed
description of the Capabilities
Assessment for Securing Manufacturing
Industrial Control Systems Project is
available at https://nccoe.nist.gov/
projects/use_cases/capabilitiesassessment-securing-manufacturingindustrial-control-systems.
Requirements: Each responding
organization’s letter of interest should
identify which security platform
component(s) or capability(ies) it is
offering. Letters of interest should not
include company proprietary
information, and all components and
capabilities must be commercially
available. Components are listed in the
High-Level Architectures section of the
Capabilities Assessment for Securing
Manufacturing Industrial Control
Systems use case (for reference, please
see the link in the Process section
above) and include, but are not limited
to:
• ICS behavioral anomaly detection
tools.
• Human Machine Interfaces (HMIs).
• Programmable Logic Controllers
(PLCs).
• Security Information and Event
Management (SIEM) platform.
Each responding organization’s letter
of interest should identify how their
products address one or more of the
following desired solution
characteristics in the High-Level
VerDate Sep<11>2014
17:13 Mar 22, 2017
Jkt 241001
Architectures section of the Capabilities
Assessment for Securing Manufacturing
Industrial Control Systems use case (for
reference, please see the link in the
Process section above):
• Detection of anomalous conditions.
• Process and/or device damage
prevention.
• SIEM-based alerting/alarming
capability.
In their letters of interest, responding
organizations need to understand and
commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
organization’s experts necessary to make
functional connections among security
platform components; and
2. Support for development and
demonstration of the Capabilities
Assessment for Securing Manufacturing
Industrial Control Systems for the
Manufacturing sector use case in NCCoE
facilities, which will be conducted in a
manner consistent with Federal
requirements (e.g., FIPS 200, FIPS 201,
SP 800–53, and SP 800–63).
Additional details about the
Capabilities Assessment for Securing
Manufacturing Industrial Control
Systems for the Manufacturing sector
use case are available at: https://
nccoe.nist.gov/projects/use_cases/
capabilities-assessment-securingmanufacturing-industrial-controlsystems. NIST cannot guarantee that all
of the products proposed by
respondents will be used in the
demonstration. Each prospective
participant will be expected to work
collaboratively with NIST staff and
other project participants under the
terms of the consortium CRADA in the
development of the Capabilities
Assessment for Securing Manufacturing
Industrial Control Systems for the
Manufacturing sector capability.
Prospective participants’ contribution to
the collaborative effort will include
assistance in establishing the necessary
interface functionality, connection and
set-up capabilities and procedures,
demonstration harnesses, environmental
and safety conditions for use, integrated
platform user instructions, and
demonstration plans and scripts
necessary to demonstrate the desired
capabilities. Each participant will train
NIST personnel, as necessary, to operate
its product in capability demonstrations
to the manufacturing community.
Following successful demonstrations,
NIST will publish a description of the
security platform and its performance
characteristics sufficient to permit other
organizations to develop and deploy
security platforms that meet the security
objectives of the Capabilities
Assessment for Securing Manufacturing
PO 00000
Frm 00016
Fmt 4703
Sfmt 4703
Industrial Control Systems for the
Manufacturing sector use case. These
descriptions will be public information.
Under the terms of the consortium
CRADA, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of the
Capabilities Assessment for Securing
Manufacturing Industrial Control
Systems for the Manufacturing sector
capability will be announced on the
NCCoE Web site at least two weeks in
advance at https://nccoe.nist.gov/. The
expected outcome of the demonstration
is to improve security to manufacturing
environments that employ the use of
ICS, and subsequent adoption of
behavioral anomaly detection tools by
industry. Participating organizations
will benefit from the knowledge that
their products are interoperable with
other participants’ offerings.
For additional information on NCCoE
governance, business processes, and
operational structure, visit the NCCoE
Web site https://nccoe.nist.gov/.
Kevin Kimball,
NIST Chief of Staff.
[FR Doc. 2017–05759 Filed 3–22–17; 8:45 am]
BILLING CODE 3510–13–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
RIN 0648–XF308
Mid-Atlantic Fishery Management
Council (MAFMC); Public Meeting
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice of a public meeting.
AGENCY:
The Mid-Atlantic Fishery
Management Council (Council) will
hold public meetings of the Council and
its Committees.
DATES: The meetings will be held on
Tuesday, April 11 through Thursday,
April 13, 2017. For agenda details, see
SUPPLEMENTARY INFORMATION.
ADDRESSES: The meetings will be held at
the Icona Golden Inn, 7849 Dune Drive,
Avalon, NJ 08202; telephone: (609) 368–
5155.
Council address: Mid-Atlantic Fishery
Management Council, 800 N. State
SUMMARY:
E:\FR\FM\23MRN1.SGM
23MRN1
]]>Agencies
[Federal Register Volume 82, Number 55 (Thursday, March 23, 2017)]
[Notices]
[Pages 14879-14880]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-05759]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 170221188-7188-01]
RIN 0693-XC072
National Cybersecurity Center of Excellence (NCCoE) Capabilities
Assessment for Securing Manufacturing Industrial Control Systems for
the Manufacturing Sector
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide products and technical expertise to
support and demonstrate security platforms for the Capabilities
Assessment for Securing Manufacturing Industrial Control Systems. This
notice is the initial step for the National Cybersecurity Center of
Excellence (NCCoE) in collaborating with technology companies to
address cybersecurity challenges identified under the Manufacturing
sector program. Participation in the Capabilities Assessment for
Securing Manufacturing Industrial Control Systems use case is open to
all interested organizations.
DATES: Interested parties must contact NIST to request a letter of
interest template to be completed and submitted to NIST. Letters of
interest will be accepted on a first come, first served basis.
Collaborative activities will commence as soon as enough completed and
signed letters of interest have been returned to address all the
necessary components and capabilities of the project, but no earlier
than April 24, 2017. When the use case has been completed, NIST will
post a notice on the NCCoE Manufacturing sector program Web site at
https://nccoe.nist.gov/projects/use_cases/manufacturing announcing the
completion of the use case and informing the public that it will no
longer accept letters of interest for the Capabilities Assessment for
Securing Manufacturing Industrial Control Systems use case.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to
manufacturing_nccoe@nist.gov, or via hardcopy to National Institute of
Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville,
MD 20850. Organizations whose letters of interest are accepted in
accordance with the process set forth in the SUPPLEMENTARY INFORMATION
section of this notice will be asked to sign a Cooperative Research and
Development Agreement (CRADA) with NIST. A CRADA template can be found
at: https://nccoe.nist.gov/library/nccoe-consortium-crada-example.
FOR FURTHER INFORMATION CONTACT: Jim McCarthy via email at
James.McCarthy@nist.gov; by telephone at 301-975-0228; or by mail to
National Institute of Standards and Technology, NCCoE, 9700 Great
Seneca Highway, Rockville, MD 20850. Additional details about the
Manufacturing sector program can be found here: https://nccoe.nist.gov/projects/use_cases/manufacturing.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) systems. By
accelerating dissemination and use of these integrated tools and
technologies for protecting IT assets, the NCCoE will enhance trust in
U.S. IT communications, data, and storage systems; reduce risk for
companies and individuals using IT systems; and encourage development
of innovative, job-creating cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into a Cooperative Research
and Development Agreement (CRADA) to provide products and technical
expertise to support and demonstrate security platforms for the
Capabilities Assessment for Securing Manufacturing Industrial Control
Systems for the Manufacturing sector. The full Capabilities Assessment
for Securing Manufacturing Industrial Control Systems use case can be
viewed here: https://nccoe.nist.gov/projects/use_cases/capabilities-assessment-securing-manufacturing-industrial-control-systems.
Interested parties should contact NIST using the information
provided in the FOR FURTHER INFORMATION CONTACT section of this notice.
NIST will then provide each interested party with a letter of interest
template, which the party must complete, certify that it is accurate,
and submit to NIST. NIST will contact interested parties if there are
questions regarding the responsiveness of the letters of interest to
the use case objective or requirements identified below. NIST will
select participants who have submitted complete letters of interest on
a first come, first served basis within each category of product
components or capabilities listed below up to the number of
participants in each category necessary to carry out this use case.
However, there may be continuing opportunities to participate even
after initial activity commences. Selected participants will be
required to enter into a consortium CRADA with NIST (for reference, see
ADDRESSES section above). NIST published a notice in the Federal
Register on October 19, 2012 (77 FR 64314) inviting U.S. companies to
enter into National Cybersecurity Excellence Partnerships (NCEPs) in
[[Page 14880]]
furtherance of the NCCoE. For this demonstration project, NCEP partners
will not be given priority for participation.
Capabilities Assessment for Securing Manufacturing Industrial
Control Systems Objective: This is the first of a four-part series
designed to provide businesses with the information they need to
establish an anomaly detection and prevention capability in their own
environments. This project will be using commercially available
hardware/software deployed on an established lab infrastructure. The
goal of this project is to provide businesses with a cybersecurity
example solution that can be implemented or that can inform improved
cybersecurity in their manufacturing processes. Implementing behavioral
anomaly detection tools provides a key security component in sustaining
business operations, particularly those based on Industrial Control
Systems (ICS). One of the ways to disrupt operations is to introduce
anomalous data into a manufacturing process, whether deliberately or
inadvertently. Although the example solution will focus on
cybersecurity, our example solution may also produce residual benefit
to manufacturers for detecting anomalous conditions not related to
security. A detailed description of the Capabilities Assessment for
Securing Manufacturing Industrial Control Systems Project is available
at https://nccoe.nist.gov/projects/use_cases/capabilities-assessment-securing-manufacturing-industrial-control-systems.
Requirements: Each responding organization's letter of interest
should identify which security platform component(s) or capability(ies)
it is offering. Letters of interest should not include company
proprietary information, and all components and capabilities must be
commercially available. Components are listed in the High-Level
Architectures section of the Capabilities Assessment for Securing
Manufacturing Industrial Control Systems use case (for reference,
please see the link in the Process section above) and include, but are
not limited to:
ICS behavioral anomaly detection tools.
Human Machine Interfaces (HMIs).
Programmable Logic Controllers (PLCs).
Security Information and Event Management (SIEM) platform.
Each responding organization's letter of interest should identify
how their products address one or more of the following desired
solution characteristics in the High-Level Architectures section of the
Capabilities Assessment for Securing Manufacturing Industrial Control
Systems use case (for reference, please see the link in the Process
section above):
Detection of anomalous conditions.
Process and/or device damage prevention.
SIEM-based alerting/alarming capability.
In their letters of interest, responding organizations need to
understand and commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components; and
2. Support for development and demonstration of the Capabilities
Assessment for Securing Manufacturing Industrial Control Systems for
the Manufacturing sector use case in NCCoE facilities, which will be
conducted in a manner consistent with Federal requirements (e.g., FIPS
200, FIPS 201, SP 800-53, and SP 800-63).
Additional details about the Capabilities Assessment for Securing
Manufacturing Industrial Control Systems for the Manufacturing sector
use case are available at: https://nccoe.nist.gov/projects/use_cases/capabilities-assessment-securing-manufacturing-industrial-control-systems. NIST cannot guarantee that all of the products proposed by
respondents will be used in the demonstration. Each prospective
participant will be expected to work collaboratively with NIST staff
and other project participants under the terms of the consortium CRADA
in the development of the Capabilities Assessment for Securing
Manufacturing Industrial Control Systems for the Manufacturing sector
capability. Prospective participants' contribution to the collaborative
effort will include assistance in establishing the necessary interface
functionality, connection and set-up capabilities and procedures,
demonstration harnesses, environmental and safety conditions for use,
integrated platform user instructions, and demonstration plans and
scripts necessary to demonstrate the desired capabilities. Each
participant will train NIST personnel, as necessary, to operate its
product in capability demonstrations to the manufacturing community.
Following successful demonstrations, NIST will publish a description of
the security platform and its performance characteristics sufficient to
permit other organizations to develop and deploy security platforms
that meet the security objectives of the Capabilities Assessment for
Securing Manufacturing Industrial Control Systems for the Manufacturing
sector use case. These descriptions will be public information.
Under the terms of the consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of the Capabilities Assessment for
Securing Manufacturing Industrial Control Systems for the Manufacturing
sector capability will be announced on the NCCoE Web site at least two
weeks in advance at https://nccoe.nist.gov/. The expected outcome of the
demonstration is to improve security to manufacturing environments that
employ the use of ICS, and subsequent adoption of behavioral anomaly
detection tools by industry. Participating organizations will benefit
from the knowledge that their products are interoperable with other
participants' offerings.
For additional information on NCCoE governance, business processes,
and operational structure, visit the NCCoE Web site https://nccoe.nist.gov/.
Kevin Kimball,
NIST Chief of Staff.
[FR Doc. 2017-05759 Filed 3-22-17; 8:45 am]
BILLING CODE 3510-13-P
