NIST Researchers Receive Award for Manufacturing Cybersecurity Guidelines, Achieving Wider Use


On January 12, 2022, NIST presented the Department of Commerce Bronze Medal to Keith Stouffer, Timothy Zimmerman, CheeYee Tang, Michael Pease, and Jeffrey Cichonski for developing and disseminating the first, detailed cybersecurity guidelines for small and medium-sized manufacturers.

In 2018, an assessment by the DOC Bureau of Industry and Security documented that fewer than half of small and medium-sized manufacturers had any cybersecurity measures in place. Yet, growing automation and Internet connectivity made systems more vulnerable to attack and hackers were increasingly targeting them.

These NIST researchers recognized the need to secure these systems. They developed NISTIR 8183 Cybersecurity Framework (CSF) Manufacturing Profile (subsequently updated to Version 1.1) and corresponding NISTIR 8183A Implementations Guide, Volumes 1, 2, and 3 to help small and medium-sized manufacturers manage cybersecurity risk, while also optimizing their operations. These publications are tailored to manufacturing business goals and industry best practices. They provide small and medium-sized manufacturers with an easy-to-understand process to efficiently select and deploy cybersecurity tools and techniques that best fit their needs, making cybersecurity no longer a “black art.”

Researchers based the NIST guidelines on quantitative network and operational performance impact measurements of cybersecurity technologies (e.g., industrial firewalls, intrusion detection systems, anti-virus software, etc.). Researchers made these measurements in a testbed representative of manufacturing environments. Researchers also helped to develop industry consensus for the guidelines and promoted their adoption.

The Manufacturing Extension Partnership (MEP) selected the guidelines as the basis for cybersecurity implementation guidance for small and medium-sized Department of Defense (DoD) suppliers, as well as for piloting cybersecurity program implementations at two MEP member companies that supply to DoD. Results from the pilot are being used to provide cybersecurity implementation guidance to small and medium-sized manufacturers across the U.S. via the national network of MEP centers. In addition, the Department of Homeland Security’s Critical Manufacturing Sector Cybersecurity Working Group expressed its thanks to “NIST and its other contributors for developing and updating this outstanding and valuable manufacturing profile for our sector.”