NIST’S National Cybersecurity Center of Excellence Selects Forescout to Collaborate on Cybersecurity Guidelines for the Manufacturing Sector

Influential NIST security project will guide manufacturers in protecting industrial control system environments

Forescout Technologies, Inc., the leader in Enterprise of Things security, announced it has been working with the National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) to collaborate in its Protecting Information and System Integrity in Industrial Control System Environments project. Forescout was selected to help develop new cybersecurity guidance for manufacturing organizations to protect their operational technology (OT) and information technology (IT) systems from cyber threats.

As part of the NCCoE “Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector” project, practical, interoperable cybersecurity guidelines have been developed that address the real world needs of organizations around the world. This new guidance was developed to mitigate ICS integrity risks, strengthen the cybersecurity of OT systems, and protect the data that these systems process.

“Protecting information and system integrity of industrial control systems (ICS) will be critical to maximizing production, protecting plant personnel, and optimizing operations for manufacturing organizations of all sizes,” said Dr. Michael Powell, NCCoE senior security engineer. “This NCCoE cybersecurity practice guide shows how several cybersecurity capabilities can be applied to enhance data integrity, detect anomalous behavior, and reduce the attack surface for ICS.”

The convergence of IT and OT networks is helping manufacturers boost productivity and gain efficiencies, but it has also provided malicious actors, including nation states and insider threats, a fertile landscape to exploit the weak cybersecurity posture and compromise the integrity of OT systems and ICS data.

“Traditional industrial control systems were not designed with security and modern cyberattacks in mind. As IT and OT converge, hackers take advantage of the underlying vulnerabilities and lack of segmentation to create widespread disruption,” said Daniel Trivellato, VP of Operational Technology, Forescout. “Forescout urges OT organizations to use the guidelines provided by NIST NCCoE as a clear path to protect their critical assets and mitigate against future threats.”

Forescout’s cybersecurity platform provides critical infrastructure and manufacturing organizations the ability to automatically identify and assess all connected devices, from the decade-old process controller, the traditional IT system to the new IoT device – all commonly found in today’s ICS environments. Each device is continuously monitored to determine its security and operational risks and detect any threat to operational continuity. The situational awareness allows organizations to prioritize mitigation, orchestrate responses and automate workflows through the Forescout platform, so even vulnerable OT systems can continue to operate securely. Forescout integrates the existing security ecosystem to multiply the effect of each system operating in isolation.

Forescout excels in ICS asset visibility according to the new Forrester Wave™: Industrial Control Systems (ICS) Security Solutions, Q4 2021 and has “the broadest ICS protocol support of the vendors evaluated. That protocol knowledge also helps Forescout deploy the leading asset discovery and identification capability in this evaluation according to multiple customers”. The insights gained from over 3,000 customers worldwide allows Forescout to perform vulnerability and threat research that predicts threats and actively provides customers with detection and incident response playbooks to keep them secure as new threats arise.

Forescout’s latest NIST engagement builds on the company’s success with NCCoE’s IoT Security Guide and NCCoE’s Zero Trust Guide projects demonstrating security strategies and best practices for U.S. critical infrastructure operators and key economic sectors. 

To secure OT networks, organizations need to gain visibility beyond their OT environments and tighten security across the entire enterprise. Without an enterprise-wide cyber defense, industrial enterprises are increasingly becoming targets of cyber-attacks. The Forescout platform’s ability to continuously assess device types – IoT, OT, IIoT, IoMT and IT – and act to contain threats is fundamental for a successful cyber security strategy.

Source: Forescout Technologies media announcement