National Cybersecurity Center of Excellence (NCCoE) Responding to and Recovering From a Cyberattack: Cybersecurity for the Manufacturing Sector, 78942-78944 [2022-27995]
Download as PDF
<![CDATA[
78942
Federal Register / Vol. 87, No. 246 / Friday, December 23, 2022 / Notices
requirement shall remain in effect until
further notice.
Notification to Interested Parties
We are issuing this determination and
publishing these final results and notice
in accordance with sections 751(b)(1),
and 777(i)(1) and (2) of the Act, and 19
CFR 351.216(e), 351.221(b), and
351.221(c)(3).
Dated: December 19, 2022.
James Maeder,
Deputy Assistant Secretary for Antidumping
and Countervailing Duty Operations.
[FR Doc. 2022–28008 Filed 12–22–22; 8:45 am]
BILLING CODE 3510–DS–P
DEPARTMENT OF COMMERCE
National Institute of Standards and
Technology
[Docket No.: 220208–0264]
National Cybersecurity Center of
Excellence (NCCoE) Responding to
and Recovering From a Cyberattack:
Cybersecurity for the Manufacturing
Sector
National Institute of Standards
and Technology, Department of
Commerce.
ACTION: Notice.
AGENCY:
The National Institute of
Standards and Technology (NIST)
invites organizations to provide letters
of interest describing products and
technical expertise to support and
demonstrate security platforms for the
Responding to and Recovering from a
Cyberattack: Cybersecurity for the
Manufacturing Sector project. This
notice is the initial step for the National
Cybersecurity Center of Excellence
(NCCoE) in collaborating with
technology companies to address
cybersecurity challenges identified
under the Responding to and
Recovering from a Cyberattack:
Cybersecurity for the Manufacturing
Sector project. Participation in the
project is open to all interested
organizations.
SUMMARY:
Collaborative activities will
commence as soon as enough completed
and signed letters of interest have been
returned to address all the necessary
components and capabilities, but no
earlier than January 23, 2023.
ADDRESSES: The NCCoE is located at
9700 Great Seneca Highway, Rockville,
MD 20850. Letters of interest must be
submitted to manufacturing_nccoe@
TKELLEY on DSK125TN23PROD with NOTICE
DATES:
Administrative Review; 2016–2017, 83 FR 32835
(July 16, 2018).
VerDate Sep<11>2014
20:36 Dec 22, 2022
Jkt 259001
nist.gov or via hardcopy to National
Institute of Standards and Technology,
NCCoE; 9700 Great Seneca Highway,
Rockville, MD 20850. Interested parties
can access the letter of interest request
by visiting https://www.nccoe.nist.gov/
manufacturing/responding-andrecovering-cyber-attack and completing
the letter of interest webform. NIST will
announce the completion of the
selection of participants and inform the
public that it is no longer accepting
letters of interest for this project at
https://www.nccoe.nist.gov/
manufacturing/responding-andrecovering-cyber-attack. Organizations
whose letters of interest are accepted in
accordance with the process set forth in
the SUPPLEMENTARY INFORMATION section
of this notice will be asked to sign an
NCCoE consortium Cooperative
Research and Development Agreement
(CRADA) with NIST. An NCCoE
consortium CRADA template can be
found at: https://www.nccoe.nist.gov/
publications/other/nccoe-consortiumcrada-example.
FOR FURTHER INFORMATION CONTACT:
Michael Powell via telephone at 301–
975–0310; by email at manufacturing_
nccoe@nist.gov; or by mail to National
Institute of Standards and Technology,
NCCoE; 9700 Great Seneca Highway,
Rockville, MD 20850. Additional details
about the Responding to and Recovering
from a Cyberattack: Cybersecurity for
the Manufacturing Sector project are
available at https://www.nccoe.nist.gov/
manufacturing/responding-andrecovering-cyber-attack.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of
NIST, is a public-private collaboration
for accelerating the widespread
adoption of integrated cybersecurity
tools and technologies. The NCCoE
brings together experts from industry,
government, and academia under one
roof to develop practical, interoperable
cybersecurity approaches that address
the real-world needs of complex
Information Technology (IT) and
Operational Technology (OT) systems.
By accelerating dissemination and use
of these integrated tools and
technologies for protecting IT and OT
assets, the NCCoE will enhance trust in
U.S. IT and OT communications, data,
and storage systems; reduce risk for
companies and individuals using IT and
OT systems; and encourage
development of innovative, job-creating
cybersecurity products and services.
Process: NIST is soliciting responses
from all sources of relevant security
capabilities (see below) to enter into an
NCCoE Cooperative Research and
Development Agreement (CRADA) to
PO 00000
Frm 00030
Fmt 4703
Sfmt 4703
provide products and technical
expertise to support and demonstrate
security platforms for the Responding to
and Recovering from a Cyberattack:
Cybersecurity for the Manufacturing
Sector project. The full project can be
viewed at: https://www.nccoe.nist.gov/
manufacturing/responding-andrecovering-cyber-attack.
Interested parties can access the
request for a letter of interest template
by visiting the project website at https://
www.nccoe.nist.gov/manufacturing/
responding-and-recovering-cyber-attack
and completing the letter of interest
webform. On completion of the
webform, interested parties will receive
access to the letter of interest template,
which the party must complete, certify
as accurate, and submit to NIST by
email or hardcopy. NIST will contact
interested parties if there are questions
regarding the responsiveness of the
letters of interest to the project objective
or requirements identified below. NIST
will select participants who have
submitted complete letters of interest on
a first come, first served basis within
each category of product components or
capabilities listed below up to the
number of participants in each category
necessary to carry out this project.
When the project has been completed,
NIST will post a notice on the
Responding to and Recovering from a
Cyberattack: Cybersecurity for the
Manufacturing Sector project website at
https://www.nccoe.nist.gov/
manufacturing/responding-andrecovering-cyber-attack announcing the
next phase of the project and informing
the public that it will no longer accept
letters of interest for this project. There
may be continuing opportunity to
participate even after initial activity
commences. Selected participants will
be required to enter into an NCCoE
consortium CRADA with NIST (for
reference, see ADDRESSES section above).
Project Objective: This project is
focused on responding to and
recovering from a cyberattack within an
Industrial Control System (ICS)
environment. Manufacturing
organizations rely on ICS to monitor and
control physical processes that produce
goods for public consumption. These
same systems are facing an increasing
number of cyberattacks resulting in a
loss of production from destructive
malware, malicious insider activity, or
honest mistakes. This creates the
imperative for organizations to be able
to quickly, safely, and accurately
recover from an event that corrupts or
destroys data (e.g., database records,
system files, configurations, user files,
application code).
E:\FR\FM\23DEN1.SGM
23DEN1
Federal Register / Vol. 87, No. 246 / Friday, December 23, 2022 / Notices
TKELLEY on DSK125TN23PROD with NOTICE
The purpose of this NCCoE project is
to demonstrate how to operationalize
the NIST Framework for Improving
Critical Infrastructure Cybersecurity
(NIST Cybersecurity Framework)
Functions and Categories. Multiple
systems need to work together to
recover equipment and restore
operations when data integrity is
compromised. This project explores
methods to effectively restore corrupted
data in applications and software
configurations as well as custom
applications and data. The NCCoE—in
collaboration with members of the
business community and vendors of
cybersecurity solutions—will identify
standards-based, commercially
available, and open-source hardware
and software components to design a
manufacturing lab environment that can
address the challenge of responding to
and recovering from a cyberattack in an
ICS environment.
The proposed proof-of-concept
solution(s) will integrate commercial
and open source products that leverage
cybersecurity standards and
recommended practices to demonstrate
the use case scenarios detailed in the
Responding to and Recovering from a
Cyberattack: Cybersecurity for the
Manufacturing Sector project
description available at: https://
www.nccoe.nist.gov/manufacturing/
responding-and-recovering-cyber-attack.
This project will result in a publicly
available NIST Cybersecurity Practice
Guide as a Special Publication 1800
series, a detailed implementation guide
of the practical steps needed to
implement a cybersecurity reference
design that addresses this challenge.
Requirements for Letters of Interest:
Each responding organization’s letter of
interest should identify which security
platform component(s) or capability(ies)
it is offering. Letters of interest should
not include company proprietary
information, and all components and
capabilities must be commercially
available. Components are listed in
section 5 of the Responding to and
Recovering from a Cyberattack:
Cybersecurity for the Manufacturing
Sector project description available at:
https://www.nccoe.nist.gov/
manufacturing/responding-andrecovering-cyber-attack and include, but
are not limited to:
Core Components
D Event reporting (Detection)
Æ Network event detection
Æ Behavior Anomaly Detection
Æ Endpoint detection and response
(EDR) (Host based detection)
D Event management
Æ Event/Alert notification
VerDate Sep<11>2014
20:36 Dec 22, 2022
Jkt 259001
Æ Case creation
D Log review
Æ Collection
Æ Aggregation
Æ Correlation
D Forensic analysis
Æ Categorize incidents based on
MITRE ATT&CK for ICS tactics and
techniques
Æ Understand impact
Æ Determine root cause
Æ Determine extent of compromise
D Incident handling and response
Æ Containment of the incident
D Eradication of artifacts of incident
D Recovery
Æ Restoration of systems
Æ Verification of restoration
To demonstrate the scope specified in
this Project Description, NIST is seeking
to include the following components:
D Identity and Access Management
System
D Endpoint Detection and Response
System
D Network Monitoring Tool
D Behavior Anomaly Detection Tool
D Network and Host-based Intrusion
Detection Systems
D Security Information and Event
Monitoring System (SIEM)
D Network Policy Engine (PE)
D Firewall (FW)
D Integration Tool for Security Server/
PE/FW
D Configuration Management, Back Up,
Patch Management System
D Secure Remote Access
D Data Historian
D Cloud Based OT Capabilities: Data
Historian, Supervisory Control and
Data Acquisition (SCADA), Asset
Management System
In their letters of interest, responding
organizations need to acknowledge the
importance of and commit to provide:
1. Access for all participants’ project
teams to component interfaces and the
organization’s experts necessary to make
functional connections among security
platform components.
2. Support for development and
demonstration of the Responding to and
Recovering from a Cyberattack:
Cybersecurity for the Manufacturing
Sector project, which will be conducted
in a manner consistent with the
following standards and guidance: FIPS
200, FIPS 201, SP 800–82 and SP 800–
53, the NIST Cybersecurity Framework,
and the NIST Privacy Framework.
Additional details about the
Responding to and Recovering from a
Cyberattack: Cybersecurity for the
Manufacturing Sector project are
available at https://www.nccoe.nist.gov/
manufacturing/responding-andrecovering-cyber-attack.
PO 00000
Frm 00031
Fmt 4703
Sfmt 4703
78943
NIST cannot guarantee that all the
products proposed by respondents will
be used in the demonstration. Each
prospective participant will be expected
to work collaboratively with NIST staff
and other project participants under the
terms of the NCCoE consortium CRADA
in the development of the Responding
to and Recovering from a Cyberattack:
Cybersecurity for the Manufacturing
Sector project. Prospective participants’
contribution to the collaborative effort
will include assistance in establishing
the necessary interface functionality,
connection and set-up capabilities and
procedures, demonstration harnesses,
environmental and safety conditions for
use, integrated platform user
instructions, and demonstration plans
and scripts necessary to demonstrate the
desired capabilities. Each participant
will train NIST personnel, as necessary,
to operate its product in capability
demonstrations. Following successful
demonstrations, NIST will publish a
description of the security platform and
its performance characteristics sufficient
to permit other organizations to develop
and deploy security platforms that meet
the security objectives of the
Responding to and Recovering from a
Cyberattack: Cybersecurity for the
Manufacturing Sector project. These
descriptions will be public information.
Under the terms of the NCCoE
consortium CRADA, NIST will support
development of interfaces among
participants’ products by providing IT
infrastructure, laboratory facilities,
office facilities, collaboration facilities,
and staff support to component
composition, security platform
documentation, and demonstration
activities.
The dates of the demonstration of
Responding to and Recovering from a
Cyberattack: Cybersecurity for the
Manufacturing Sector project capability
will be announced on the NCCoE
website at least two weeks in advance
at https://nccoe.nist.gov/. The expected
outcome will demonstrate how the
components of the Responding to and
Recovering from a Cyberattack:
Cybersecurity for the Manufacturing
Sector project architecture can provide
security capabilities to mitigate
identified risks related to data
throughout its lifecycle. Participating
organizations will gain from the
knowledge that their products are
interoperable with other participants’
offerings.
For additional information on the
NCCoE governance, business processes,
and NCCoE operational structure, visit
E:\FR\FM\23DEN1.SGM
23DEN1
78944
Federal Register / Vol. 87, No. 246 / Friday, December 23, 2022 / Notices
the NCCoE website https://
nccoe.nist.gov/.
SUPPLEMENTARY INFORMATION:
ESA-Listed Species Covered in This
Notice
Alicia Chambers,
NIST Executive Secretariat.
Puget Sound Steelhead
(Oncorhynchus mykiss): threatened,
naturally produced.
[FR Doc. 2022–27995 Filed 12–22–22; 8:45 am]
BILLING CODE 3510–13–P
Background
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Admiistration
[RTID 0648–XC622]
Endangered and Threatened Species;
Take of Anadromous Fish
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice; availability of a
Proposed Evaluation and Pending
Determination and a draft Supplemental
Environmental Assessment; request for
comments.
AGENCY:
Notice is hereby given that
the Sauk-Suiattle Indian Tribe, the
Swinomish Indian Tribal Community,
the Upper Skagit Indian Tribe, and the
Washington Department of Fish and
Wildlife have jointly provided a
resource management plan (RMP) to
NMFS pursuant to the limitation on take
prohibitions for actions conducted for
salmon and steelhead promulgated
under the Endangered Species Act
(ESA). The Skagit River Steelhead
Fishery RMP proposes to manage the
harvest of natural-origin Skagit River
steelhead as an independent steelhead
management unit within the ESA-listed
Puget Sound steelhead distinct
population segment (DPS), for harvest
purposes. The RMP proposes to
implement these fisheries pursuant to
U.S. v. Washington.
DATES: Comments must be received at
the appropriate address (see ADDRESSES)
no later than 5 p.m. Pacific time on
January 23, 2023. Comments received
after this date may not be accepted.
ADDRESSES: Comments may be
submitted by email. The mailbox
address for providing email comments
is: salmon.harvest.comments@noaa.gov.
In the subject line of the email, include
the following identifier: ‘‘Comments on
Skagit River Steelhead Fishery RMP.’’
The documents available for public
review and comment can be found at:
https://www.fisheries.noaa.gov/action/
skagit-river-steelhead-fishery-jointresource-management-plan.
FOR FURTHER INFORMATION CONTACT:
James Dixon at 360–522–3673, or via
email at james.dixon@noaa.gov.
TKELLEY on DSK125TN23PROD with NOTICE
SUMMARY:
VerDate Sep<11>2014
21:35 Dec 22, 2022
Jkt 259001
The Sauk-Suiattle Indian Tribe, the
Swinomish Indian Tribal Community,
the Upper Skagit Indian Tribe, and the
Washington Department of Fish and
Wildlife have jointly submitted a Skagit
River steelhead fishery RMP to NMFS
pursuant to the limitation on take
prohibitions for actions conducted
under Limit 6 of the 4(d) Rule for
salmon and steelhead promulgated
under the ESA (73 FR 55451, September
25, 2008). The RMP was submitted in
December of 2021. The RMP provides
the management framework for the
harvest of Skagit River natural-origin
steelhead in the Skagit River terminal
area. NMFS has prepared a Proposed
Evaluation and Pending Determination
(PEPD) as to whether the RMP meets the
criteria under Limit 6 of the 4(d) Rule,
and as to whether implementation of the
RMP will appreciably reduce the
likelihood of survival and recovery of
ESA-listed Puget Sound steelhead, and
a supplemental Environmental
Assessment (EA) on the NMFS
determination. By this notice, NMFS is
inviting interested persons to comment
on either or both documents.
As required by the ESA 4(d) Rule (65
FR 42422, July 10, 2000, as updated in
70 FR 37160, June 28, 2005), the
Secretary is seeking public comment on
this PEPD as to whether the RMP meets
the criteria under Limit 6 of the 4(d)
Rule and as to whether implementation
of the RMP will appreciably reduce the
likelihood of survival and recovery of
ESA-listed Puget Sound steelhead. Prior
to making a final determination, NMFS
will take comments on its pending
determination (50 CFR 223.204(b)(3)).
Authority: 16 U.S.C. 1531 et seq.; 16
U.S.C. 742a et seq.
Angela Somma,
Chief, Endangered Species Division, Office
of Protected Resources, National Marine
Fisheries Service.
[FR Doc. 2022–28021 Filed 12–22–22; 8:45 am]
BILLING CODE 3510–22–P
PO 00000
Frm 00032
Fmt 4703
Sfmt 4703
COMMITTEE FOR PURCHASE FROM
PEOPLE WHO ARE BLIND OR
SEVERELY DISABLED
Procurement List; Deletions
Committee for Purchase From
People Who Are Blind or Severely
Disabled.
ACTION: Deletions from the Procurement
List.
AGENCY:
This action deletes product(s)
from the Procurement List that were
furnished by nonprofit agencies
employing persons who are blind or
have other severe disabilities.
DATES: Date added to and deleted from
the Procurement List: January 22, 2023.
ADDRESSES: Committee for Purchase
From People Who Are Blind or Severely
Disabled, 355 E Street SW, Suite 325,
Washington, DC 20024.
FOR FURTHER INFORMATION CONTACT: For
further information or to submit
comments contact: Michael R.
Jurkowski, Telephone: (703) 785–6404,
or email CMTEFedReg@AbilityOne.gov.
SUPPLEMENTARY INFORMATION:
SUMMARY:
Deletions
On 9/9/2022; 9/16/2022; and 10/7/
2022, the Committee for Purchase From
People Who Are Blind or Severely
Disabled published notice of proposed
deletions from the Procurement List.
This notice is published pursuant to 41
U.S.C. 8503(a)(2) and 41 CFR 51–2.3.
After consideration of the relevant
matter presented, the Committee has
determined that the product(s) and
service(s) listed below are no longer
suitable for procurement by the Federal
Government under 41 U.S.C. 8501–8506
and 41 CFR 51–2.4.
Regulatory Flexibility Act Certification
I certify that the following action will
not have a significant impact on a
substantial number of small entities.
The major factors considered for this
certification were:
1. The action will not result in
additional reporting, recordkeeping or
other compliance requirements for small
entities.
2. The action may result in
authorizing small entities to furnish the
product(s) and service(s) to the
Government.
3. There are no known regulatory
alternatives which would accomplish
the objectives of the Javits-WagnerO’Day Act (41 U.S.C. 8501–8506) in
connection with the product(s) and
service(s) deleted from the Procurement
List.
E:\FR\FM\23DEN1.SGM
23DEN1
]]>Agencies
[Federal Register Volume 87, Number 246 (Friday, December 23, 2022)]
[Notices]
[Pages 78942-78944]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-27995]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Institute of Standards and Technology
[Docket No.: 220208-0264]
National Cybersecurity Center of Excellence (NCCoE) Responding to
and Recovering From a Cyberattack: Cybersecurity for the Manufacturing
Sector
AGENCY: National Institute of Standards and Technology, Department of
Commerce.
ACTION: Notice.
-----------------------------------------------------------------------
SUMMARY: The National Institute of Standards and Technology (NIST)
invites organizations to provide letters of interest describing
products and technical expertise to support and demonstrate security
platforms for the Responding to and Recovering from a Cyberattack:
Cybersecurity for the Manufacturing Sector project. This notice is the
initial step for the National Cybersecurity Center of Excellence
(NCCoE) in collaborating with technology companies to address
cybersecurity challenges identified under the Responding to and
Recovering from a Cyberattack: Cybersecurity for the Manufacturing
Sector project. Participation in the project is open to all interested
organizations.
DATES: Collaborative activities will commence as soon as enough
completed and signed letters of interest have been returned to address
all the necessary components and capabilities, but no earlier than
January 23, 2023.
ADDRESSES: The NCCoE is located at 9700 Great Seneca Highway,
Rockville, MD 20850. Letters of interest must be submitted to
[email protected] or via hardcopy to National Institute of
Standards and Technology, NCCoE; 9700 Great Seneca Highway, Rockville,
MD 20850. Interested parties can access the letter of interest request
by visiting https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack and completing the letter of interest webform.
NIST will announce the completion of the selection of participants and
inform the public that it is no longer accepting letters of interest
for this project at https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack. Organizations whose letters of
interest are accepted in accordance with the process set forth in the
SUPPLEMENTARY INFORMATION section of this notice will be asked to sign
an NCCoE consortium Cooperative Research and Development Agreement
(CRADA) with NIST. An NCCoE consortium CRADA template can be found at:
https://www.nccoe.nist.gov/publications/other/nccoe-consortium-crada-example.
FOR FURTHER INFORMATION CONTACT: Michael Powell via telephone at 301-
975-0310; by email at [email protected]; or by mail to
National Institute of Standards and Technology, NCCoE; 9700 Great
Seneca Highway, Rockville, MD 20850. Additional details about the
Responding to and Recovering from a Cyberattack: Cybersecurity for the
Manufacturing Sector project are available at https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack.
SUPPLEMENTARY INFORMATION:
Background: The NCCoE, part of NIST, is a public-private
collaboration for accelerating the widespread adoption of integrated
cybersecurity tools and technologies. The NCCoE brings together experts
from industry, government, and academia under one roof to develop
practical, interoperable cybersecurity approaches that address the
real-world needs of complex Information Technology (IT) and Operational
Technology (OT) systems. By accelerating dissemination and use of these
integrated tools and technologies for protecting IT and OT assets, the
NCCoE will enhance trust in U.S. IT and OT communications, data, and
storage systems; reduce risk for companies and individuals using IT and
OT systems; and encourage development of innovative, job-creating
cybersecurity products and services.
Process: NIST is soliciting responses from all sources of relevant
security capabilities (see below) to enter into an NCCoE Cooperative
Research and Development Agreement (CRADA) to provide products and
technical expertise to support and demonstrate security platforms for
the Responding to and Recovering from a Cyberattack: Cybersecurity for
the Manufacturing Sector project. The full project can be viewed at:
https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack.
Interested parties can access the request for a letter of interest
template by visiting the project website at https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack and completing the
letter of interest webform. On completion of the webform, interested
parties will receive access to the letter of interest template, which
the party must complete, certify as accurate, and submit to NIST by
email or hardcopy. NIST will contact interested parties if there are
questions regarding the responsiveness of the letters of interest to
the project objective or requirements identified below. NIST will
select participants who have submitted complete letters of interest on
a first come, first served basis within each category of product
components or capabilities listed below up to the number of
participants in each category necessary to carry out this project. When
the project has been completed, NIST will post a notice on the
Responding to and Recovering from a Cyberattack: Cybersecurity for the
Manufacturing Sector project website at https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack announcing the
next phase of the project and informing the public that it will no
longer accept letters of interest for this project. There may be
continuing opportunity to participate even after initial activity
commences. Selected participants will be required to enter into an
NCCoE consortium CRADA with NIST (for reference, see ADDRESSES section
above).
Project Objective: This project is focused on responding to and
recovering from a cyberattack within an Industrial Control System (ICS)
environment. Manufacturing organizations rely on ICS to monitor and
control physical processes that produce goods for public consumption.
These same systems are facing an increasing number of cyberattacks
resulting in a loss of production from destructive malware, malicious
insider activity, or honest mistakes. This creates the imperative for
organizations to be able to quickly, safely, and accurately recover
from an event that corrupts or destroys data (e.g., database records,
system files, configurations, user files, application code).
[[Page 78943]]
The purpose of this NCCoE project is to demonstrate how to
operationalize the NIST Framework for Improving Critical Infrastructure
Cybersecurity (NIST Cybersecurity Framework) Functions and Categories.
Multiple systems need to work together to recover equipment and restore
operations when data integrity is compromised. This project explores
methods to effectively restore corrupted data in applications and
software configurations as well as custom applications and data. The
NCCoE--in collaboration with members of the business community and
vendors of cybersecurity solutions--will identify standards-based,
commercially available, and open-source hardware and software
components to design a manufacturing lab environment that can address
the challenge of responding to and recovering from a cyberattack in an
ICS environment.
The proposed proof-of-concept solution(s) will integrate commercial
and open source products that leverage cybersecurity standards and
recommended practices to demonstrate the use case scenarios detailed in
the Responding to and Recovering from a Cyberattack: Cybersecurity for
the Manufacturing Sector project description available at: https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack. This project will result in a publicly available NIST
Cybersecurity Practice Guide as a Special Publication 1800 series, a
detailed implementation guide of the practical steps needed to
implement a cybersecurity reference design that addresses this
challenge.
Requirements for Letters of Interest: Each responding
organization's letter of interest should identify which security
platform component(s) or capability(ies) it is offering. Letters of
interest should not include company proprietary information, and all
components and capabilities must be commercially available. Components
are listed in section 5 of the Responding to and Recovering from a
Cyberattack: Cybersecurity for the Manufacturing Sector project
description available at: https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack and include, but are not limited
to:
Core Components
[ssquf] Event reporting (Detection)
[cir] Network event detection
[cir] Behavior Anomaly Detection
[cir] Endpoint detection and response (EDR) (Host based detection)
[ssquf] Event management
[cir] Event/Alert notification
[cir] Case creation
[ssquf] Log review
[cir] Collection
[cir] Aggregation
[cir] Correlation
[ssquf] Forensic analysis
[cir] Categorize incidents based on MITRE ATT&CK for ICS tactics
and techniques
[cir] Understand impact
[cir] Determine root cause
[cir] Determine extent of compromise
[ssquf] Incident handling and response
[cir] Containment of the incident
[ssquf] Eradication of artifacts of incident
[ssquf] Recovery
[cir] Restoration of systems
[cir] Verification of restoration
To demonstrate the scope specified in this Project Description,
NIST is seeking to include the following components:
[ssquf] Identity and Access Management System
[ssquf] Endpoint Detection and Response System
[ssquf] Network Monitoring Tool
[ssquf] Behavior Anomaly Detection Tool
[ssquf] Network and Host-based Intrusion Detection Systems
[ssquf] Security Information and Event Monitoring System (SIEM)
[ssquf] Network Policy Engine (PE)
[ssquf] Firewall (FW)
[ssquf] Integration Tool for Security Server/PE/FW
[ssquf] Configuration Management, Back Up, Patch Management System
[ssquf] Secure Remote Access
[ssquf] Data Historian
[ssquf] Cloud Based OT Capabilities: Data Historian, Supervisory
Control and Data Acquisition (SCADA), Asset Management System
In their letters of interest, responding organizations need to
acknowledge the importance of and commit to provide:
1. Access for all participants' project teams to component
interfaces and the organization's experts necessary to make functional
connections among security platform components.
2. Support for development and demonstration of the Responding to
and Recovering from a Cyberattack: Cybersecurity for the Manufacturing
Sector project, which will be conducted in a manner consistent with the
following standards and guidance: FIPS 200, FIPS 201, SP 800-82 and SP
800-53, the NIST Cybersecurity Framework, and the NIST Privacy
Framework.
Additional details about the Responding to and Recovering from a
Cyberattack: Cybersecurity for the Manufacturing Sector project are
available at https://www.nccoe.nist.gov/manufacturing/responding-and-recovering-cyber-attack.
NIST cannot guarantee that all the products proposed by respondents
will be used in the demonstration. Each prospective participant will be
expected to work collaboratively with NIST staff and other project
participants under the terms of the NCCoE consortium CRADA in the
development of the Responding to and Recovering from a Cyberattack:
Cybersecurity for the Manufacturing Sector project. Prospective
participants' contribution to the collaborative effort will include
assistance in establishing the necessary interface functionality,
connection and set-up capabilities and procedures, demonstration
harnesses, environmental and safety conditions for use, integrated
platform user instructions, and demonstration plans and scripts
necessary to demonstrate the desired capabilities. Each participant
will train NIST personnel, as necessary, to operate its product in
capability demonstrations. Following successful demonstrations, NIST
will publish a description of the security platform and its performance
characteristics sufficient to permit other organizations to develop and
deploy security platforms that meet the security objectives of the
Responding to and Recovering from a Cyberattack: Cybersecurity for the
Manufacturing Sector project. These descriptions will be public
information.
Under the terms of the NCCoE consortium CRADA, NIST will support
development of interfaces among participants' products by providing IT
infrastructure, laboratory facilities, office facilities, collaboration
facilities, and staff support to component composition, security
platform documentation, and demonstration activities.
The dates of the demonstration of Responding to and Recovering from
a Cyberattack: Cybersecurity for the Manufacturing Sector project
capability will be announced on the NCCoE website at least two weeks in
advance at https://nccoe.nist.gov/. The expected outcome will
demonstrate how the components of the Responding to and Recovering from
a Cyberattack: Cybersecurity for the Manufacturing Sector project
architecture can provide security capabilities to mitigate identified
risks related to data throughout its lifecycle. Participating
organizations will gain from the knowledge that their products are
interoperable with other participants' offerings.
For additional information on the NCCoE governance, business
processes, and NCCoE operational structure, visit
[[Page 78944]]
the NCCoE website https://nccoe.nist.gov/.
Alicia Chambers,
NIST Executive Secretariat.
[FR Doc. 2022-27995 Filed 12-22-22; 8:45 am]
BILLING CODE 3510-13-P
