Graduate/Faculty Category: Engineering and Technology Degree ...
Graduate/Faculty Category: Engineering and Technology Degree Level: Graduate Informa=on Systems Abstract ID #1456
Secure Cyber-Manufacturing
Abstract As Addi=ve Manufacturing is integrated into Logis=cs Engineering, the level of disrup=on within the Logis=cs Engineering Supply Chain will be monumental. As part of this monumental disrup=on, we have importantly and less visibly an underlying amalgam of exposed cyber-security surfaces. The key component of this discussion is to iden=fy contexts necessary for iden=fying cyber-security vulnerabili=es. Discussion focusing on security aOack vectors introduced as part of Addi=ve Manufacturing integra=on is the focus of this poster
Background The Digital Thread is not secure as it relates to Cyber-Manufacturing, and used within the general context defined by Na=onal Ins=tute of Standards and Technology (NIST) in rela=on with Smart Manufacturing. During a recent NIST symposium, security concerns were iden=fied and repeated =me-and-again within the various talks highligh=ng the off-the-chart number of aOack surfaces exposed within a cradle-to-table life cycle of Cyber-Manufactured products.
LogisBcs Engineering
Cybersecurity Secure Cyber-Manufacturing
Life Cycle Logis=cs is defined as the planning, development, implementa=on, and management of a comprehensive, affordable, and effec=ve systems support strategy. Life cycle logis=cs encompasses the en=re system’s life cycle including acquisi=on (design, develop, test, produce and deploy), sustainment (opera=ons and support), and disposal.
AOack Vectors At machine – open USB ports File Ini=aliza=on – start up of machine and sub-systems Common File Format (STL) – easily modifiable XML format Internal Voids – anomalies not visible but affect
Cyber
Manufacture
Product
Digital Vapors
Design
Build
Obsolescence
ProstheBcs
performance Crack Sites For any assessment of the applicability of new technology, we need to look at our past or current work that we have done/are doing In situ Monitoring Seasoned Operators (blinded by experience) O bsolescence / DMSMS MiBgaBon Case Study – Valida=on of STL file Reverse engineering of exis=ng part to create replacement via addi=ve Net fab – failed manufacturing One group no=ced by watching complete process Port Inspec=on Front Line FabricaBon Banned Machines – unreported cyber aOack Subs=tu=on for parts delivered via costly & perilous supply lines Quality Control Techniques ProstheBcs Ac=ve Vulnerabili=es Need for unique “design” good match for addi=ve manufacturing capability Passive Vulnerabili=es Exploring STL AOacks Improve SoXware Checks Alterna=ve File Hashing Techniques Process Monitoring Operator Training (machine inten=onally miscalibrated)
Design File Format
Front Line FabricaBon
Life Cycle LogisBcs
AddiBve Manufacturing
Sustain LogisBcs Life Cycle - Design
Influence Design
InformaBon Security
§ Engage Integrated Process Team § Market Research & Inves=ga=on
Goal or Aim
Design
Materials Solu=on Phase
Provide context and examples which support the supposi=on of fundamentally insecure equipment. Design, crea=on of the Intellectual Property. During design, the opportunity to manipulate the end product begins. File Formats: Crea=on, transmission, consump=on provide many aOack vector surfaces and opportunity to introduce anomalies. Digital Vapors: Digital residue leX at the various transfer and storage points before Product is available for integra=on and/or consump=on.
Cyber Manufacture: The melding of Cyber and Manufacturing environments and processes. The number of aOack vectors where all types of anomalies can be introduced is mind-boggling. Imagine being able to “hack” a manufactured Build product as it is being manufactured. Introducing a Trojan horse which manifest only when the material used to watermark the product is exposed to the zero-day frequency. The results of imagined hack, the product self-disintegrates with poten=ally catastrophic consequences. Product: The environment and support structures where the useful intent of the end product is consumed and/or integrated. Sustain As a product realizes it’s useful life span, sustaining or providing maintenance is integral as part of Logis=cs Engineering.
§ Affordability Assessment § Analysis of Alterna=ves
InformaBon security, some=mes shortened to InfoSec, is the prac=ce of defending informa=on from unauthorized access, use, disclosure, disrup=on, modifica=on, perusal, inspec=on, recording or destruc=on. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical)1
1Wikipidea Informa=on Security
LogisBcs Life Cycle - Sustainment
Sustainment of System § Material Condi=on Status § Sample Data Collec=on
ConfidenBality, Integrity, and Availability (CIA Triangle) is at the heart of InformaBon Security
Opera=ons and Support Phase
Secure Cyber-Manufacturing
Confiden=ality
§ Performance Based Logis=cs (PBL) Support
Conclusion
The following is a summary listing of focus areas which may be sign posts for best of breed cyber product and service
§ Monitor PBL Metrics
Availability
Integrity
Standards Guides Tools Gaps Security Models “The time is now to build it in, not bolt it on” Cyber-Security for Direct Digital Manufacturing – NIST 02/2015
Charles W Miller DL/Gordon Engineering Fellow, [email protected], Master of Science Informa=on Systems, Northeastern University - College of Engineering Divyansh Srivastava Graduate Student, [email protected], Informa=on Systems, Northeastern University – College of Engineering Sagar Kamarthi Associate Professor, [email protected], Dept. of Mechanical and Industrial Engineering, Northeastern University – College of Engineering
Secure Cyber-Manufacturing
Abstract As Addi=ve Manufacturing is integrated into Logis=cs Engineering, the level of disrup=on within the Logis=cs Engineering Supply Chain will be monumental. As part of this monumental disrup=on, we have importantly and less visibly an underlying amalgam of exposed cyber-security surfaces. The key component of this discussion is to iden=fy contexts necessary for iden=fying cyber-security vulnerabili=es. Discussion focusing on security aOack vectors introduced as part of Addi=ve Manufacturing integra=on is the focus of this poster
Background The Digital Thread is not secure as it relates to Cyber-Manufacturing, and used within the general context defined by Na=onal Ins=tute of Standards and Technology (NIST) in rela=on with Smart Manufacturing. During a recent NIST symposium, security concerns were iden=fied and repeated =me-and-again within the various talks highligh=ng the off-the-chart number of aOack surfaces exposed within a cradle-to-table life cycle of Cyber-Manufactured products.
LogisBcs Engineering
Cybersecurity Secure Cyber-Manufacturing
Life Cycle Logis=cs is defined as the planning, development, implementa=on, and management of a comprehensive, affordable, and effec=ve systems support strategy. Life cycle logis=cs encompasses the en=re system’s life cycle including acquisi=on (design, develop, test, produce and deploy), sustainment (opera=ons and support), and disposal.
AOack Vectors At machine – open USB ports File Ini=aliza=on – start up of machine and sub-systems Common File Format (STL) – easily modifiable XML format Internal Voids – anomalies not visible but affect
Cyber
Manufacture
Product
Digital Vapors
Design
Build
Obsolescence
ProstheBcs
performance Crack Sites For any assessment of the applicability of new technology, we need to look at our past or current work that we have done/are doing In situ Monitoring Seasoned Operators (blinded by experience) O bsolescence / DMSMS MiBgaBon Case Study – Valida=on of STL file Reverse engineering of exis=ng part to create replacement via addi=ve Net fab – failed manufacturing One group no=ced by watching complete process Port Inspec=on Front Line FabricaBon Banned Machines – unreported cyber aOack Subs=tu=on for parts delivered via costly & perilous supply lines Quality Control Techniques ProstheBcs Ac=ve Vulnerabili=es Need for unique “design” good match for addi=ve manufacturing capability Passive Vulnerabili=es Exploring STL AOacks Improve SoXware Checks Alterna=ve File Hashing Techniques Process Monitoring Operator Training (machine inten=onally miscalibrated)
Design File Format
Front Line FabricaBon
Life Cycle LogisBcs
AddiBve Manufacturing
Sustain LogisBcs Life Cycle - Design
Influence Design
InformaBon Security
§ Engage Integrated Process Team § Market Research & Inves=ga=on
Goal or Aim
Design
Materials Solu=on Phase
Provide context and examples which support the supposi=on of fundamentally insecure equipment. Design, crea=on of the Intellectual Property. During design, the opportunity to manipulate the end product begins. File Formats: Crea=on, transmission, consump=on provide many aOack vector surfaces and opportunity to introduce anomalies. Digital Vapors: Digital residue leX at the various transfer and storage points before Product is available for integra=on and/or consump=on.
Cyber Manufacture: The melding of Cyber and Manufacturing environments and processes. The number of aOack vectors where all types of anomalies can be introduced is mind-boggling. Imagine being able to “hack” a manufactured Build product as it is being manufactured. Introducing a Trojan horse which manifest only when the material used to watermark the product is exposed to the zero-day frequency. The results of imagined hack, the product self-disintegrates with poten=ally catastrophic consequences. Product: The environment and support structures where the useful intent of the end product is consumed and/or integrated. Sustain As a product realizes it’s useful life span, sustaining or providing maintenance is integral as part of Logis=cs Engineering.
§ Affordability Assessment § Analysis of Alterna=ves
InformaBon security, some=mes shortened to InfoSec, is the prac=ce of defending informa=on from unauthorized access, use, disclosure, disrup=on, modifica=on, perusal, inspec=on, recording or destruc=on. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical)1
1Wikipidea Informa=on Security
LogisBcs Life Cycle - Sustainment
Sustainment of System § Material Condi=on Status § Sample Data Collec=on
ConfidenBality, Integrity, and Availability (CIA Triangle) is at the heart of InformaBon Security
Opera=ons and Support Phase
Secure Cyber-Manufacturing
Confiden=ality
§ Performance Based Logis=cs (PBL) Support
Conclusion
The following is a summary listing of focus areas which may be sign posts for best of breed cyber product and service
§ Monitor PBL Metrics
Availability
Integrity
Standards Guides Tools Gaps Security Models “The time is now to build it in, not bolt it on” Cyber-Security for Direct Digital Manufacturing – NIST 02/2015
Charles W Miller DL/Gordon Engineering Fellow, [email protected], Master of Science Informa=on Systems, Northeastern University - College of Engineering Divyansh Srivastava Graduate Student, [email protected], Informa=on Systems, Northeastern University – College of Engineering Sagar Kamarthi Associate Professor, [email protected], Dept. of Mechanical and Industrial Engineering, Northeastern University – College of Engineering
