A growing number of researchers are investigating how to detect and prevent security breaches in the connected factory.January 18, 2016
Last spring, a 94,000-square-foot lab and work space opened its doors amid great fanfare in Chicago. A public-private partnership called the Digital Manufacturing and Design Innovation Institute (DMDII), a good chunk of its real estate would be dedicated to a 24,000-square foot glass-enclosed smart manufacturing lab. The aim: to speed up development of what’s known as “the connected factory” in the U.S.
But, while the Institute plans to advance research in a number of areas, one key sector has nothing to do with the design and production of goods. Instead, it’s all about pinpointing and preventing the cybersecurity threats such connected factories may face and that need to be addressed before manufacturers can embrace the technology.
The DMDII is hardly the only site trying to address these issues, however. With the increasing digitization of production, in which systems and data pertaining to design, manufacturing and even maintenance are connected digitally, there’s also been a growing awareness of the potential for catastrophic security breaches, from theft of proprietary data to attempts to cripple operations. “The digital thread—the process by which digits go in and parts come out--is fraught with the potential for peril without strong cybersecurity capabilities”“The digital thread—the process by which digits go in and parts come out--is fraught with the potential for peril without strong cybersecurity capabilities,” says Larry John, principal analyst at Analytic Services, a nonprofit research institute. For that reason, a growing number of researchers, government agencies and public-private consortiums are stepping up their investigations into ways to find areas of vulnerability and stop attacks from happening in the first place.
Equipment that does the real thing
Testing out security solutions on real manufacturing plants is next to impossible, because doing so means slowing down, or even shutting down, operations, something manufacturers are reluctant to do. For that reason, much of this work involves applied research in which engineers use their own equipment, like robots, able to do the real thing or, when necessary, create simulations.
For example, National Institute of Standards and Technology (NIST) is in the process of setting up a lab to measure the impact of cybersecurity protections on manufacturing performance, with a focus on collaborative robotic assembly and process control in chemical plants, among other areas, according to Keith Souffer, project manager, cybersecurity for industrial control systems at NIST; the aim is to make sure the fixes not only work, but also don’t slow down operations. A dedicated lab room includes functioning robots able to do assembly work and a control system linked to a simulated chemical plant.
This effort builds on a cybersecurity framework developed about a year ago by NIST, working with government agencies and industry. It covers 16 infrastructure areas, such as chemical companies, the energy sector and electrical manufacturing, and encompasses five components: identifying the processes and assets that need to be protected; protecting them through safeguards and controls; detecting security breaches; responding by using methods that can contain any possible incidents; and recovering operations through techniques able to restore the system.
Improving intrusion prevention and detection systems
At the Department of Energy’s Idaho National Laboratory (INL), researchers are working on various aspects of what Craig Rieger, the instrumentation, control and intelligent systems signature lead, calls “resilient control systems” in manufacturing. One part of that investigation involves cybersecurity.
For example, researchers are working on how to improve intrusion prevention and detection sensor systems. One approach creates a “signature” for intrusions allowing it to detect that tell-tale identification should the breach appear again. Another looks for anomalies to whatever has been established as the baseline for normal communications. But INL researchers have looked into creating complementary detection systems using a physical model that can determine a baseline level of normal functioning. “This way, you now have diverse means to recognize problems,” says Reiger.
As an example, according to Reiger, engineers could determine that a furnace should operate at a certain temperature range. If they were to develop, say, a heat transfer model for what the temperature should be for a specific process, then they could use it to detect when the amount of heat is too low or high, signaling a potential intrusion. “It could mean something is wrong with the furnace or something has happened in the cyber world that needs to be corrected,” says Reiger.
A longer term research project is trying to take that one step further. In addition to having diverse means of cybersecurity detection, the system would choose additional sensors used to control a manufacturing operation. That would allow manufacturers to keep their plant functioning while, at the same time, letting operators know a security engineer needs to evaluate a possible security breach.
Take that furnace. Engineers would create a baseline physical operational model and also ensure there were multiple sensors reading the same point on the equipment, which would be connected to a network. Then, the system would “interrogate” those sensors to ensure all were working smoothly. If, however, it was unable to get a direct reading of, say, the temperature because the detector had failed, it could choose one of the still-functioning additional sensors to take over. Or the system could couple the heat transfer model of the furnace with a nearby functioning sensor close enough to provide the temperature at the point of the failed device.
“Everybody will be happy because the furnace will continue to run and the operation will still function normally,” says Reiger. “But, in the meantime, you also will have been warned there’s a sensor with a problem.”
We welcome the re-use, republication, and distribution of "The Network" content. Please credit us with the following information: Used with the permission of http://thenetwork.cisco.com/.