Detecting Abnormal Cyber Behavior Before a Cyberattack

November 15, 2021
System hacked warning on a computer screen. A yellow triangle with an exclamation mark appears above the words

Credit: iStock/solarseven

The promise of advanced manufacturing technologies — also known as smart factories or Industry 4.0 — is that by networking our machines, computers, sensors and systems, we will (among other things) enable automation, improve safety and ultimately become more productive and efficient. And there is no doubt that manufacturing has already benefited from that transformation.


Connecting all of these sensors and devices to our industrial control systems (ICS), and the increase in remote work and monitoring, results in manufacturing networks with greater vulnerabilities to cyberattack. This is an increasingly challenging dynamic as manufacturers sort out how to adopt commercial information technology (IT) standards that are compatible with their operational technology (OT) standards.

New Standards-Based Capabilities Will Help Manufacturers

NIST’s National Cybersecurity Center of Excellence (NCCoE), in conjunction with NIST’s Engineering Laboratory, recently released a report that demonstrated a set of behavioral anomaly detection (BAD) capabilities to support cybersecurity in manufacturing organizations. The use of these capabilities enables manufacturers to detect anomalous conditions in their operating environments to mitigate malware attacks and other threats to the integrity of critical operational data.


In other words, manufacturers will be able to continuously monitor systems in real-time or near real-time for evidence of compromise. The development of standards-based cyber controls is an important aspect of security requirements of manufacturers.

How BAD Monitoring Translates to Early Detection of Cyber Threats

Behavioral anomaly detection involves the continuous monitoring of systems for unusual events or trends. The monitor looks in real time for evidence of compromise, rather than for the cyberattack itself. Early detection of potential cybersecurity incidents is key to helping reduce the impact of these incidents for manufacturers. Cyber breaches are typically detected after the attack.


BAD tools are implemented in ICS and OT environments and could be monitored by a human control interface, which many manufacturers use to monitor their operations. The operator would be able to see network traffic and be alerted to the addition of any authorized or unauthorized device or connection.


For example, the system would know what communications are authorized with a programmable logic controller (PLC), so any new contact would generate an alert. Likewise, any abnormal talking between connected machines, modifications in human-machine interface (HMI) logic or other anomalies would be noted.


The BAD solution is a relatively inexpensive modular approach and an efficient way to detect anomalies, however BAD alerts are passive in nature and would not necessarily take remedial actions such as shutting down the production process.

Manufacturers Remain a Target for Cyberattacks

According to the U.S. Department of Homeland Security, manufacturing was the most targeted industry for infrastructure attacks in 2015, and small and medium-sized manufacturers (SMMs) continue to be prime cyber targets.

There is greater demand for cybersecurity because of manufacturers’ growing dependence on technology and data as drivers of productivity and efficiency. SMMs traditionally have been challenged in how to manage cybersecurity concerns for a variety of reasons:

  • The manufacturing technology mix includes IT (networks and business-side software such as email, finance and ERPs) and OT (operational technology, such as machines and control systems).
  • Cyber competes with many other areas in terms of funding, awareness and education.
  • It’s difficult to dedicate specialty resources for in-house staffing.
  • Cybersecurity has not been a priority in the OT build, which means as IT and OT are connected, the vulnerabilities of legacy systems become potential liabilities to the whole network.

What’s next from NIST Labs and NCCoE for Cybersecurity

The work to develop the BAD capability used 16 test cases, or classifications. Some were simple alerts to an event, such as password and authentication failures, and others involved some level of analytics, such as notification of unauthorized software installations and an alert of denial of service.

The next joint project from NIST’s NCCoE and Engineering Laboratory, Protecting Information and System Integrity in Industrial Control System Environments, takes a more comprehensive approach to protection from data integrity hacks. These capabilities include:

  • Security incident and event monitoring;
  • Application allowlisting;
  • Malware detection and mitigation;
  • Change control management;
  • User authentication and authorization;
  • Access control least privilege; and
  • File-integrity checking mechanisms

Nine manufacturing vendors and integrators have signed cooperative research and development agreements (CRADA) with the NCCoE to help develop the capability.

Contact Your Local MEP Center For Expert Cybersecurity Advice

Cybersecurity experts working in the manufacturing sector see education as a key to SMM adoption. More SMMs are looking at cyber consultations in a similar manner to how they might seek expertise for finance or insurance.

If you are not sure where to start with cybersecurity for your manufacturing firm, contact CONNSTEP.


This article originally appeared on NIST’s Manufacturing Innovation blog and is reprinted with permission

< Older Post

Newer Post >

Recent Posts

Lean Training Improves Setup Efficiency and Drives Growth at Phoenix Manufacturing

April 29, 2026
Phoenix Manufacturing, Inc., founded in 1989, is a privately held family-operated small business in Enfield, Connecticut, specializing in precision machining for the aerospace industry. What began as a two-person operation in a 2,000-square-foot building has grown into a company with over 100 employees operating out of a 114,000-square-foot, state-of-the-art manufacturing facility. As a contract manufacturer, Phoenix specializes in complex, tight-tolerance components, supported by more than 40 CNC machines and a multi-axis mill/turn line. The company provides end-to-end manufacturing solutions—from engineering consultation through full-scale production—serving commercial aviation, spaceflight, and defense markets for both domestic and global customers, including leading aerospace and defense OEMs. A defining element of Phoenix’s growth has been its strategic investment in advanced manufacturing technology, particularly palletized machining centers. Since 2017, the company has added 11 machining centers integrated with palletized systems, enabling unattended, automated production and significantly expanding machining capacity. This automation journey has positioned Phoenix to better meet increasing customer demand while maximizing machine utilization. Phoenix’s commitment to quality is central to its operations and customer relationships. Managing more than 600 active part numbers, the company strives for 0 parts per million (PPM) defects and 99% on-time delivery (OTD) for major OEM customers. Its quality management system is certified to ISO 9001 and AS9100 Rev D standards, and Phoenix also holds NADCAP certifications in Nonconventional Machining and Nondestructive Testing, reflecting a rigorous, inspection-driven approach to delivering consistent, high-quality results.  Guided by a mission to deliver high-quality, cost-effective products through advanced technology and an uncompromising commitment to quality, Phoenix continues to invest in innovation, automation, and the next generation of manufacturing leadership.

Improving Flow, Reducing Lead Time, and Increasing Output: A Lean Transformation at Projects Inc.

April 28, 2026
Founded in 1959, Projects Inc. is a Glastonbury, Connecticut-based manufacturer specializing in precision-machined components for aerospace, industrial, and commercial applications. With 102 employees, the company operates out of 66,000 square feet of manufacturing and office space and supports customers across a range of industries, including aerospace and power generation. Projects Inc. has deep roots in the aerospace industry, where it has provided high-quality machining services for decades. Since 1996, the company has supplied FAA Parts Manufacturer Approval (PMA) components to the aviation sector. Projects Inc. received FAA Repair Station Certification in 1984. As a maintenance, repair, and overhaul (MRO) provider, Projects supports customers with repair solutions that help keep critical aerospace equipment operating safely and efficiently. Its customer base includes major aerospace companies such as Sikorsky, Pratt & Whitney, and GE Aerospace, along with airlines including United, Delta, American, and Lufthansa. Projects Inc. is Federal Aviation Administration (FAA), European Union Aviation Safety Agency (EASA), and UK Civil Aviation Authority (CAA) – approved. The company is also AS9100D and ISO 9001: 2015-certified, reflecting its commitment to quality, consistency, and industry standards. With capabilities that include prototyping, CNC machining, EDM, laser cutting, and grinding, Projects Inc. offers a broad range of precision manufacturing services supported by advanced in-house equipment and technical expertise. Today, Projects Inc. is recognized as an experienced supplier of high-quality components, with a long-standing focus on quality, reliability, and customer service.
Penn Globe logo over a room with people, possibly a conference.

Penn Globe: Lighting the Way to Growth with Employee Training

February 11, 2026
Learn how Penn Globe partnered with CONNSTEP to invest in employee training, strengthen skills, and support business growth and competitiveness.
Logo of Specialty Cable Corporation (SCC) in a warehouse setting.

Specialty Cable Manufacturer’s Commitment to Quality Earns AS9100 Recertification

February 10, 2026
See how Specialty Cable Manufacturers partnered with CONNSTEP to strengthen quality systems and successfully achieve AS9100 recertification.
People in a factory setting, with the Forum Contract Manufacturing logo in the foreground.

Building from Within: Forum Plastics’ Investment in Supervisory Training

February 9, 2026
Learn how Forum Plastics partnered with CONNSTEP to invest in supervisory training, strengthen leadership skills, and support long-term growth.
Logo of the letter

Printing Company Drives Environmental Sustainability Through Efficiency

February 8, 2026
See how a Connecticut printing company partnered with CONNSTEP to improve efficiency, reduce waste, and advance environmental sustainability.
Beekley Medical logo with text

Commitment to World-Class Service Leads to Successful Recertification for Medical Products Manufacturer

February 7, 2026
Learn how a medical products manufacturer partnered with CONNSTEP to strengthen quality systems and achieve successful recertification.
Pursuit Aerospace logo over a blurred medical equipment background. The logo is white text on a black rectangular box.

Internal Quality Audit Puts Aerospace Manufacturer Back on Track to Compliance

February 6, 2026
See how an aerospace manufacturer partnered with CONNSTEP to conduct an internal quality audit and get back on track to compliance.
Woman in lab setting, logo overlay of Syn-Mar Products Inc., blue and white color scheme.

Lean Training Streamlines Operations for Home Bathroom Remodeling Manufacturer

February 5, 2026
Learn how a home bathroom remodeling manufacturer partnered with CONNSTEP to use lean training to streamline operations and improve efficiency.
Logo for Wild CNC Machining Services on a blue background.

Manufacturer Future Growth Bolstered by Updated HR Policies

February 4, 2026
See how a manufacturer partnered with CONNSTEP to update HR policies, strengthen people practices, and support future business growth.
Show More