Page 1

Table of Contents Attendees ...................................................................................................................................................... 2

Kennametal Tour........................................................................................................................................... 3

Safety Brief .................................................................................................................................................... 3

Introductions ................................................................................................................................................. 3

Overview and application of Cyber Physical security ................................................................................... 3

Antitrust statement ...................................................................................................................................... 3

Cyber Physical Security ................................................................................................................................. 4

NIST Cyber Framework ............................................................................................................................. 4

Questions from Cyber Physical Security Working Group: ........................................................................ 4

NTMA 6S award ............................................................................................................................................ 5

Tech Award ................................................................................................................................................... 5

Emerging Leaders .......................................................................................................................................... 5

NNMI update ................................................................................................................................................ 6

TechTrends Update ....................................................................................................................................... 7

MTConnect Student Challenge ..................................................................................................................... 7

IMTS Update ................................................................................................................................................. 7

ETC Update .................................................................................................................................................... 7

New NNMI update ........................................................................................................................................ 7

TIC Breakout .................................................................................................................................................. 7

Actions .......................................................................................................................................................... 8

Meeting Adjourned ....................................................................................................................................... 8

Files embedded ............................................................................................................................................. 8

Page 2

Attendees Scott Hibbard (Chairman) VP of Technology, Industrial Applications (DC-IA/ENG-AM) Bosch-Rexroth Corporation Hoffman Estates, Ill. Mr. Alejandro Aguilar Mechanical Engineer Hardinge Inc. Elmira, N.Y. AMT STAFF: Tim Shinbara (Staff Liaison) VP-Manufacturing Technology AMT McLean, Va. Benjamin Moses Technical Director AMT McLean, Va. Guest Heather Moyer Executive Director CTC Johnstown, Pa.

NTMA TECHNOLOGY TEAM Jack Burley BIG Kaiser Precision Tooling Inc. Hoffman Estates, Ill. Herb Homeyer Chairman of the Board National Tooling & Machining Assn. Marthasville, Mo. Robert O'Donnell O-D Tool & Cutter Inc. Mansfield, Mass. David A. Tilstone President National Tooling & Machining Assn. Cleveland, Ohio Gillen Young Custom Tool, Inc. Cookeville, Tenn. NTMA Staff Liaisons: Tiffany Bryson National Account Manager National Tooling & Machining Assn. Cleveland, Ohio Pamela Wightman Board Team Administrative Assistant National Tooling & Machining Assn. Cleveland, Ohio

Page 3

Kennametal Tour A facilities tour was provided by T.J. from Kennametal. This location specializes in stage 3 of the product lifecycle development; maturing the concept to a production ready product.

Safety Brief A safety brief was provided.

Introductions Each team member introduced themselves.

Overview and application of Cyber Physical security All major industrial countries are focused on manufacturing. Europe Industry 4.0 (http://www.gtai.de/GTAI/Content/EN/Invest/_SharedDocs/Downloads/GTAI/Brochures/Industries/industrie4.0-smart-manufacturing-for-the-future-en.pdf) , USA NNMI (https://www.manufacturing.gov/nnmi/) , China Made in China 2025 (https://www.csis.org/analysis/made-china-2025) , India Made in India (http://www.makeinindia.com/home) With the increase digital access and government attention, now is the time to increase attention on cyber physical security. A joint working of group cyber and manufacturing industry experts are working together to access industrial security needs. NDIA white papers from 2015 characterizing DOD cyber threat. This paper has created awareness that a real threat exists to America’s infrastructure. http://www.ndia.org/Policy/LegislativeandFederalIssuesUpdate/Documents/Cyber_for_Manufacturing_White_Paper_5May14.pdf Virginia Tech’s Industrial threat experiment reinforces the impact. Virginia Tech ran an experiment where one group was tasked with printing a dog bone for destructive testing. Another group was tasked to infiltrate the machine and induce a flaw. A void was added to the STL (https://en.wikipedia.org/wiki/STL_(file_format)) file. This flaw was not discovered until destructive testing. The test destructive test results were significantly different that the theoretical. http://namrc-msec-2015.uncc.edu/sites/namrc-msec-2015.uncc.edu/files/media/NAMRC-Papers/paper_81_framed.pdf Several groups were formed to address threats from the NDIA paper. One group is focused on standards and policy. The second group is defining the problem to manufacturing. The third group is assessing technology solutions – available solutions , emerging and gaps that need investing. DFAR(http://www.acq.osd.mil/dpap/dars/dfarspgi/current/) updates will be rolled out 2017. This will be flowed down from primes to all sub-contractors. The significant challenge will be to ensure everyone can comply. Penalties of non-compliance will be similar to ITAR infractions (https://www.bis.doc.gov/index.php/forms-documents/doc_view/781-export-licensing). The major concern is an intrusion to make a bad part. Not data being stolen.

Antitrust statement The antitrust statement was reviewed

Page 4

Cyber Physical Security

NIST Cyber Framework Framework core has 5 major areas of focus. identify, protect, detect, respond and recover. NIST is on the 4th iteration of a smart manufacturing test bed that will be used for Cyber security. Areas of interest are: Process Control, Collaborative Robotics, Additive Manufacturing and Assembly. Research outcomes will be used for guidance to industrial best practices for cost effective implementation cyber security standards and guidelines without negatively impacting ICS performance. Attack Vectors are defined as where the attacks are coming from. This aids in problem solving. Common vectors are hacking and thumb drives. Team brought up concerns of solutions making sure they work together. The focus of the solution should be on discrete machines and flow of information. Question from a company that host files for general public usage. If they have “files” that have virus’ embedded files, who is liable? Most likely originator will be. Questions are still open. Not a one size fits all solution. Every company needs to develop a plan based on business plan and security tolerance.

Questions from Cyber Physical Security Working Group: 1. How are operational technology (OT) systems fundamentally different from information technology (IT) and how

will this affect the types of technologies and solutions that might be applied? a. Word Brainstorm: Operators, different disciplines, Different objectives, Different priorities, not heavy IT,

Expertise is up to date? Security may need specialist, Who reports to who? More network protocols, more proprietary networks (lack of openness may limit solutions), Is hardware and software separate, Human behavior may revert back to previous problems if the interface is too cumbersome, Interfaces need to remain simple, definition of risk IT loss of data OT loss of physical material and human capital, Who is developing Okuma apps?,

2. Given the differences between OT and IT, what techniques or technologies that are used to protect IT systems are unlikely to be suitable for OT systems and/or the operational environment?

a. Username and password on machines, IT is adaptable while OT is a longer timeframe, What does an update on a machine mean to production, Ability to change programs is local an IT system is centralized Most manufacturing shops want some level of controls at the machine, Assessment of machine update needs to be updated, Ability to revert to previous version maybe key, Backing up to the cloud is a solution and problem, Changes and security may burden CPU to reduce ability to provide real-time need, HAAS focused on processing speed for new controller to ensure new graphics don’t effect cycle time.

3. What solutions and best practices can we adopt from IT cyber security to better secure OT? a. Force password changes 30,60,90 days, Password protocols are problems too may passwords, single

sign on, Define access by sign in – operators can be limited to XX changes on a machine and network, detecting abnormality, Networks can be controlled not a heavy focus on discrete machines,

Page 5

4. Revised question – How do you protect the entire enterprise? Holistic Enterprise Network, Lights out factory will greatly gain from remote network control, Industry 4.0 is working on standards to allow MRO similar to an HP being able to order print supplies,

5. Where do you draw the boundary for IT/OT? HVAC? Doors? Facilities? a. HVAC are standalone machines, but if they are connect – Use cases – System of systems propagating to

effect production. Hacking a HVAC damper that trickles down to a problem. Indirectly affecting production. This is not a real problem because the threshold is so high. Connected HVAC could be a problem. Still a problem with disgruntled employee. The knowledge the employee has is a severe problem. If processes are environment, then is this a problem. Responsibilites of a connected HVAC, is facilities department.

6. Information flow of data of geographically separate facilities. Distributed manufacturing. Is this a concern? a. No.

7. Externally loaded data? PO, Invoices, engineering data? a. Companies that push data for general public use is not sure of security of data going out and local

downloader is not sure of security of download. 8. Rank greatest risk of breach – Confidentiality, integrity, availability

a. IP/Confidentiality 9. Would you consider cybersecuriy insurance?

a. Yes 10. What is the cost of DFAR’s compliance?

a. That is the cost of doing business with DoD. Businesses need information on how this impacts cost of the part. Tier 3 suppliers probably won’t be able to comply or meet the business case.

NTMA 6S award The NTMA 6s award process was reviewed. NTMA investigating how to increase 6S adoption through the award process? Looking for AMT members to nominate NTMA 6S award. Chapter competition? Low percentage of NTMA members know about the award. Brand awareness is a common problem for both associations. Need several ways to raise awareness. Chapter completion is one way. AMT nominating themselves and/or NTMA shops. 6S award is open to everyone.

Tech Award The NTMA Tech awards was reviewed. It is suggested to move the joint meeting to Fall. This would allow the joint meeting to be held on the front-end of the Fall Conference. MFG is a good place to award 6s

Emerging Leaders The emerging leader program was reviewed. NTMA is interested in expanding this group to include AMT leaders. Bring these two groups together in a networking event.

Page 6

NNMI update Summary of awarded institutes https://www.manufacturing.gov/nnmi-institutes/

• America Makes o Additive Manufacturing o Youngstown, Ohio o https://americamakes.us/

• American Institute for Manufacturing Photonics – AIM o Integrated photonic circuit manufacturing o Rochester, N.Y. o http://www.aimphotonics.com/

• Digital Manufacturing and Design Institute - DMDII o Digital Manufacturing o Chicago, Ill. o http://dmdii.uilabs.org/

• Lightweight innovations for Tomorrow – LIFT o Advanced lightweight materials o Detroit, Mich. o http://lift.technology/

• NextFlex o Flexible Hybrid Electronics o San Jose, Calif. o http://www.nextflex.us/

• Institute for Advanced Composites Manufacturing Innovation - IACMI o Advanced polymer composites o Knoxville, Tenn. o http://iacmi.org/

• Power America o Wide Bandgap Semiconductors o Raleigh, N.C. o https://www.poweramericainstitute.org/

Goal is to create 13-15 institutes DoD is launching two new institutes where one is on Advanced Tissue Biofabrication. DoC is also creating two new institutes. One of them may be machine tool related. Each institutes is independent – different membership and IP agreements How are technologies selected? Funding department drives. DoD has clear direction but DoC is more open to industrial input. How does a SME business gain from these institutes? Project support

Trickle down of technologies and work force development Networking

Page 7

TechTrends Update The TechTrends initiatives will kick off the first release of tools for the industry. Research and Development Trends will be released through MTInsight. This tool can be used to further understand what research is going on and who to connect to fir more information on a specific paper. Beta will be released at IMTS. Production version will be release Q2 2017.

MTConnect Student Challenge The Student Challenge was reviewed. Ideation winners were announced during the [MC]2 conference (http://mc2conference.com/). Application winner will be announced during IMTS.

IMTS Update IMTS was reviewed. The floor has been completely filled with a healthy backlog.

ETC Update The Emerging Technology Center has been relabeled to Tech Trends.

New NNMI update Department of Commerce (DoC) is looking to create another NNMI focused on machine tool. SME is the target audience. 1.2 billion for machine tool controls affect $3 trillion. Need to verify Need NTMA input What are the areas of focus? The team brought up the following concepts:

Machine tool and control systems – Driving to expand scope of Machine Tool to include accessories. Affordable automation 1st part correct

Buying machines and automation is easy. The trouble is finding skilled labor. Sensing and prediction Lights out manufacturing Big Data How do you improve measurements before they are problem? Improve efficiency to reduce the need to increase the workforce

TIC Breakout Not enough TIC members for a quorum. June has historically low attendance Proposed changing the timing of meetings to : Jan, April, Oct. This may increase attendance. October can be used as a joint meeting with NTMA’s fall conference.

Page 8

Should TIC name change. We have not had many requests for projects, but there is significant value in topics covered. Does the name still fit?

Actions • Next meeting will be in October

o Survey TIC for date / venue o 2017 combined meeting to be connected to the NTMA fall conference.

• Proposal to move joint meeting to Fall. This will allow joint work on Tech award. Proposed overall schedule is Jan, April, Oct. In Oct, a day before the fall conference works with NTMA.

• 6S survey for NTMA and AMT. Awareness this year. Survey next year. Mike Hirsh and Pam are the points of contact.

• Alex volunteered to write an article for TIC views. Topic is a response to new NNMI. • How can AMT increase engagement with Emerging Leaders venue? Tim to discuss with Doug. • Send out request to NTMA Tech for volunteers for TechTrends prebeta users • Add AMT Tech slot for NTMA fall conference 2017

Meeting Adjourned Meeting adjourned

Respectfully submitted,

Timothy J. Shinbara Jr. Staff Liaison

Files embedded See attachment option in PDF reader to access files.

• Presentation • NDIA White Paper • Virginia Tech White Paper • Tech Time Articles on Cyber Security

7901 Westpark Drive McLean, VA 22102-4206

703.893.2900 | www.AMTonline.org

Trojan Detection and Side-Channel Analyses for

Cyber-Security in Cyber-Physical Manufacturing

Systems

Hannah Vincent1, Lee Wells

1,*, Pablo Tarazaga

2, and Jaime Camelio

1

1Grado Department of Industrial and Systems Engineering, Virginia Tech

2Mechanical Engineering, Virginia Tech

Blacksburg, VA, U.S.

hannahev@vt.edu, leejay@vt.edu, pablot@vt.edu, and jcamelio@vt.edu

Abstract

As the maliciousness and frequency of cyber-attacks continues to grow, the safety and security of

cyber-physical critical infrastructures, such as manufacturing, is quickly becoming a significant

concern across the globe. Outside of traditional intellectual property theft, attacks against

manufacturing systems pose a threat to maintaining a product’s design intent. More specifically, such

attacks can alter a manufacturing system to produce a part incorrectly; resulting in impaired

functionalities or reduced performance. Manufacturing systems rely heavily upon the use of quality

control systems to detect quality losses and to ensure the continued production of high-quality parts.

However, quality control systems are not designed to detect the effects of malicious attacks and are ill-

suited to act as a cyber-security measure for many manufacturing systems. Therefore, this paper

presents a novel product/process design approach to enable real-time attack detections to supplement

the shortcomings of quality control systems. The proposed approach, inspired by side-channel

schemes used to detect Trojans (foreign malicious logic) in integrated circuits, aims at detecting

changes to a manufactured part’s intrinsic behavior through the use of structural health monitoring

techniques.

Keywords: Cyber-Attack detection, Cyber-Physical manufacturing systems, Quality control, Side-Channel

analyses, Structural Health Monitoring, Trojans

1 Introduction

The evolution of manufacturing systems from disjoint mechanical processes to interconnected

cyber-physical systems has introduced many opportunities for cyber-attacks against advanced

manufacturing systems. The recent increase in the reliance on digital technologies has introduced new

* Corresponding Author

Procedia Manufacturing

Volume XXX, 2015, Pages 1–9

43rd Proceedings of the North American Manufacturing ResearchInstitution of SME http://www.sme.org/namrc

Selection and peer-review under responsibility of the Scientific Programme Committee of NAMRI/SMEc© The Authors. Published by Elsevier B.V.

1

vulnerabilities that occur from taking trusted parts from untrusted sources [Rizzo, 2010], and in

securing the current manufacturing cyber infrastructures [DMDI Institute, 2013]. In general, these

vulnerabilities can be categorized as: 1) Technical data theft, 2) Data alteration, and 3) Process control

[NDIA, 2014].

The categories described above provide an overview of the current cyber-security situation for

cyber-physical systems. While most companies and manufacturers have instituted methods to protect

their solely digital systems and information; manufacturing security requirements are significantly

different than those of traditional business IT systems [NDIA, 2014]. Typical cyber-security focuses

solely on digital systems, whereas current manufacturing technologies apply both cyber and physical

components. As a “first line of defense”, traditional cyber-security techniques are used to protect

against cyber-attacks aimed at manufacturing. However, as stated by FBI Director James Comey,

“There are two kinds of big companies in the United States. There are those who’ve been

hacked…and those who don’t know they’ve been hacked.” [Cook, 2014]. This statement exemplifies

the growing mentality in the cyber-community that 100% security can never be guaranteed and that all

cyber-enabled systems can be exploited.

Given that cyber-attacks against manufacturing systems can result in a physical manifestation

allows for the possibility of a “second line of defense”. In the information technology industry, this

“second line of defense” has a long history in identifying flaws placed into computer hardware and

software logic. Unfortunately little to no research has focused on cyber-enabled attacks on

manufactured components. Therefore, this paper presents a novel product/process design approach to

enable real-time attack detection of compromised parts. The rest of the paper is organized as follows;

in Section 2 we will discuss cyber-attacks in manufacturing systems and how traditional QC

techniques are not necessarily capable of detecting the effects of cyber-attacks. Next, in Section 3, we

will introduce the field of Trojan (malicious foreign logic) detection in integrated circuits. Finally, in

Section 4, we will introduce an approach, based upon current Trojan detection strategies, to detect the

effects of cyber-attacks on manufactured parts through the use of structural health monitoring

techniques.

2 Cyber-Attacks Against Manufacturing Systems

Between late 2009 and early 2010 the infamous Stuxnet virus was responsible for destroying as

many as 1,000 Iranian high-speed centrifuges used for uranium enrichment [Albright et al., 2010]. The

core attack used by Stuxnet was to periodically change the rotational speeds of the centrifuges,

drastically shortening their life-spans. While very successful, the attack would have been futile if not

for the man-in-the-middle exploit used on the system's programmable logic controller (PLC) that

presented false equipment readings to operators [Cherry & Constantine, 2011]. Currently,

manufacturing systems are evolving into highly integrated cyber-physical systems that rely on their

cyber components as much as they do their physical ones. This begs the question, "Is it possible to

attack a cyber-physical manufacturing system to produce flawed parts, and if so, can the quality

control (QC) system be exploited to hide the effects of the attack?"

Recently, two case studies were performed at Virginia Tech [Wells et al., 2014; Strum et al., 2014]

to answer the first part of this question by demonstrating the ease in which cyber-physical

manufacturing systems can be attacked to produce flawed parts with drastically reduced performance.

In addition, these attacks was accomplished without visually alerting the system's operators to any

signs of treachery. Figure 1 illustrates the different manufacturing process chains that were involved in

these two studies and indicates the location in this chain where the attack was implemented.

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

2

Figure 1: Manufacturing Process Chains used in the Attacks Implemented in the Studies by Wells et al.,

2014 and Strum et al., 2014

In the first case study [Wells et al., 2014] an attack interfered with the transfer of digital design

files used to manufacture a part. Participants were tasked to: 1) Design a tensile test specimen using

computer-aided design (CAD) software, 2) Generate tool-paths using (computer-aided manufacturing)

CAM software, and 3) Machine the specimen. The tool-path file was transferred to a computer that

controlled a computer numerical control (CNC) milling machine. During this file transfer, a malicious

software intercepted and altered the tool-path files, resulting in the manufacturing of an incorrect part.

If this part had been used as intended, the end-product would have prematurely failed. Furthermore,

participants were unable to determine the cause for producing incorrect parts as they were unaware of

potential attacks against manufacturing.

In the second study [Strum et al., 2014] a malicious software was designed to modify STL files

used in additive manufacturing. STL files are the standard CAD format used to manufacture parts

using additive manufacturing technologies. In this experiment, an internal defect (void) was

introduced within the part causing it to fail prematurely when tested. It should be noted that the

malicious software analyzed the STL file to determine an optimal (with respect to causing the largest

increase in stress concentrations) location to place the void. Similar to the results of [Wells et al.

2014], participants were unable to determine the cause of these incorrect parts, and concluded that the

problem was due to an error in the printing process. While the aforementioned study demonstrated that cyber-attacks against manufacturing systems

are indeed feasible, the question still remains, “Can the QC system be exploited to hide the effects of

the attack?" Over the past century, QC strategies have been vital for manufacturing to detect quality

losses and in ensuring the continued production of high-quality parts. However, QC approaches are

not designed to detect the effects of cyber-attacks. QC methods are based upon assumptions (sustained

system shifts, rational sub-grouping, feature-based monitoring, etc.) that may no longer be valid under

the presence of an attack. In fact, these assumptions can be exploited to make an attack undetectable.

For instance, QC approaches generally focus on a product’s key quality characteristics (KQCs). Any

attack that alters a non-KQC will most likely go undetected, especially for high-volume, complex

parts. To illustrate this concept, a very simple and highly plausible example of a cyber-attack against a

real-world manufacturing system is described in the remainder of this section.

Consider a manufacturer (Manufacturer A) that produces commercial trucks. The side frame rails

for these trucks are being produced by Manufacturer B. Manufacturer B produces a wide range of rails

for several commercial truck manufacturers through an almost completely automated process. The

design specifications provided to Manufacturer B for these rails include the thickness, length, and

cross-sectional geometry. In addition, Manufacturer B is provided with the size, location, and number

of holes (bolts, wiring, brake-lines, etc.) required for the rails. For each rail that Manufacturer B

produces, a simple text file that contains the locations and sizes for all necessary holes are uploaded to

CAD

Software

Quality Control

& Inspection

Wells et al., 2014

Strum et al., 2014

CAM

Software

Tool path

Commands file

CNC

Machine

Compromised

Part

STL

File

CAM

Software

Tool path

Commands File

AM

Machine

Compromised

Part

Attack

Attack

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

3

a punching machine’s controller. In addition, typical rails range from 30 to 40 ft. long and can easily

have upwards of 100 required holes.

For QC purposes, Manufacturer B has an automated inspection system to test the hardness

(indirectly measure the strength) of each rail they produce. In addition, two rails are inspected using a

coordinate measuring machine (CMM) each day (out of more than 100 produced in a day). It should

be noted that due to the large variety of rails being produce, not every rail model can be inspected.

This inspection process ensures dimensional accuracy of the rail’s cross-section and the quality of the

holes (i.e. determine if a punch is worn or broken) being punched. Any holes that are missing (broken

punch) are sent to rework.

Imagine that this system was attacked by altering the text file used by the punching machine’s

controller to produce a rail for Manufacturer A. This simple attack adds an additional hole (by adding

one line of text) to the rail in a location of significantly high stress. Given that not all rail models are

inspected on a given day could result in this attack going unnoticed. However, even if this rail model

was inspected, detecting the addition of one hole would be nearly impossible. The CMM is

programmed to measure KQCs, namely the location and size of holes that are supposed to exist and a

view discrete points for measuring the rails cross-section. In addition, the probability of the CMM

operator noticing an addition hole is incredible unlikely considering: 1) the overall length of the part,

2) the large number of holes that already exist, 3) the fact that numerous rail models are produced in

the facility, and 4) the simple fact that (from the CMM operator’s point of view) the occurrence of an

additional hole is impossible.

After the frame rails for Manufacturer A have been produced they are shipped and delivered. At

Manufacturer A’s assembly plant, line operators begin to assemble these rails to other frame

components, the suspension system, and the drive-train. During this process it is highly unlikely that

the additional hole would be noticed considering: 1) cycle times for assembly stations in the

automotive industry tend to be less than a few minutes, 2) line operators are responsible for very

specific tasks that focus on a small section of the entire frame, 3) unoccupied/unused holes are

common as they are required for subsequent assembly operations, and 4) the simple fact that (from the

line operator’s point of view) the occurrence of an additional hole is impossible.

Unoccupied/unused holes exist throughout the assembly process until the body is finally assembled

to the frame. During this process, the body is lowered unto the frame and joined at discrete locations,

which will aid in concealing the hole for the remainder of the assembly process. It could be argued

that over time the effects of this attack will be noticed. However, by this time the damage would have

already been done and dozens if not hundreds of trucks could have been produced with compromised

side frame rails. In addition, the attack could have been implemented for only a short period of time. If

this were the case, the attack may not be detected until the rail fails in-use.

From this example, it has been shown that current QC strategies cannot be relied upon to detect

the effects of the malicious cyber-attack against manufacturing. Therefore, a more holistic approach to

attack detection for manufacturing systems is desperately needed.

3 Integrated Circuits and Trojans

An area that parallels the current state of cyber-physical security for manufacturing systems is in

the detection of “Trojans” placed in integrated circuits (ICs) produced by untrusted overseas

manufacturers [Jin et al., 2009; Banga et al., 2009; Wang et al., 2008]. Trojans are extraneous

malicious logic introduced into ICs in order to perform a specific task unrelated to the original intent

of the IC. Once inserted, the Trojan’s extra code within the IC reacts to specific triggers or situations,

which activates the Trojan’s harmful nature. Identifying these Trojans is difficult because the circuits

cannot be easily tested for the presence of Trojans nor their effects. Traditional testing fails because

the unanticipated behavior introduced by the Trojan is not necessarily on the IC’s fault list [Jin et al.,

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

4

2009]. Sifting through millions of lines of code or logic gates is inefficient, and destructively testing

ICs is undesirable. In addition, natural variations that arise from the manufacturing process make it

difficult to detect extraneous and malicious logic, burying the attack under inherent process noise

within the IC. All these factors combine to create challenges very similar to those in current

manufacturing systems; where inspection costs, system variability, and quality control/inspection

limitations make it difficult to ensure absolute product integrity.

In order to battle these limitations and to develop new detection strategies, a taxonomy describing

Trojans and their effects on ICs has been created. Current Trojan taxonomy breaks Trojans down

according to three broad categories: payload, activation type (or trigger), and “physical” characteristics

[Chakraborty et al., 2009]. The payload of a Trojan is the event or action enacted by the Trojan.

Activation type or triggers focus on how the Trojan is activated, whether this is through internal or

external means. Physical characteristics include characteristics such as type, size, and structure. This

taxonomy allows for a full description of both the intent and characteristics of a Trojan. For additional

information regarding this taxonomy, readers are referred to [Wang et al., 2008]. This paper will focus

primarily on Trojan payloads and the events triggered by the activation of a Trojan within an IC.

Payloads can be classified by three functions: 1) retrieving and/or relaying data back to the attacker, 2)

compromising IC functionality, and 3) destroying the IC [Jin et al., 2009]. Given the intent and

repercussions of each of these payload categories, Trojans pose a high risk to those producing and

using ICs within their systems. Trojans can induce a wide variety of faults within ICs, including

reduced functionalities and premature failures.

The creation of different techniques for detecting the presence of a Trojan has been widely

explored [Chakraboarty et al., 2009; Tehranipoor et al., 2009]. These detection approaches can be

roughly categorized into side-channel, Trojan activation, and architecture-level detection. The

methods using Trojan activation and architecture-level for Trojan detection rely heavily on the purely

digital aspects of the Trojan, and make use of the idea that Trojans can be activated [Agrawal et al.,

2007; Lin et al., 2009] and have inputs and outputs that can be monitored.

Of these methods, side-channel detection approaches provide the strongest link to manufacturing.

These approaches rely solely on measuring side-channels, and use external characteristics of the

Trojan for detection. Side-channel detection of Trojan uses non-destructive testing of the IC to create a

“fingerprint” or characterization of the IC [Agrawal et al., 2007; Lin et al., 2009; Du et al., 2010;

Narasimhan et al., 2010]. Side-channels have used timing delays, leakage measurements, and

temperature to build IC operational models. Through the careful selection of IC characteristics for

model generation, attackers have little information on the side-channel measurements being used. This

makes the process of engineering an undetectable Trojan much more difficult [Agrawal et al., 2007].

The ultimate challenge lies in creating a comprehensive model that is not impractical in the number of

tests required. If this can be accomplished, side-channel analysis allows for detection of Trojans

without having to exhaustively search through all IC logic gates or code, using a more hollistic

approach to identifying Trojans.

4 IC Trojan Detection Approaches for Manufacturing

The current research into detecting Trojans within ICs has significant applications in developing

strategies for detecting for attacks against cyber-physical manufacturing systems. Natural system

variation, limitations in measurement techniques, inspection costs, and other limitations to ensure that

a part matches its intended design difficult and costly. For instance, several non-destructive techniques

can be used to analyze a manufactured part for alteration, such as; 3D laser scanning, interferometry,

etc. However, the cost and time associated with these would be detrimental to a manufacturing

environment, especially when considering the need to capture the entire 3D surface. This cost

increases when considering internal attacks against 3D printed parts, which would require X-Ray

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

5

images or CT scans. In addition, these techniques often require significant training to classify data as

healthy or unhealthy.

The aforementioned limitations may be overcome by integrating IC Trojan detection approaches

into manufacturing. The similarities between manufacturing cyber-attacks and Trojans are most

clearly seen in their respective intentions or payloads, described in Section 3. Compromising a

manufactured part can be done by simply adding an additional hole or changing the shape of a part,

much like a Trojan can be introduced by simply adding an additional logic gate. This can result in a

part performing sub-optimally or performing a different function entirely. For example, if a gas pedal

on a car was made longer than specified, it may stick causing uncontrolled acceleration or accidents.

Premature or catastrophic failures can also be induced by changing part characteristics, such as

altering a part’s shape to result in higher stress concentrations or changes in mechanical properties. In

addition, alterations to the part design or intentional flaws can be hidden from view, making detection

schemes similar to those for hidden Trojans a necessity for manufacturing.

In the IC world, side-channel detection schemes do not attempt to discover the effects a possible

Trojan has on a system nor do they test for changes in system functionality. Side-channel approaches

operate at a more fundamental level, as they rely on the fact that any change to the system will perturb

its intrinsic behavior. Therefore, side-channels in manufacturing should capture intrinsic part

behaviors and should not necessarily focus on detecting specific attacks (design alterations) or changes

to a part’s functionality.

It could be argued that a physical part’s intrinsic behavior can be captured by its dynamic

properties, which is a unique function of both the part’s mass, stiffness, and damping. A cyber-attack

that alters a part’s design will affect these characteristics; resulting in a different dynamic response.

However, testing the dynamic behavior of a physical part, through modal analysis, is extremely time

consuming, expensive, and not very robust.

Over the past several decades, the field of structural health monitoring (SHM) has made significant

progress in detecting structural degradation. One of the crucial technologies behind the success of

SHM is piezoelectric materials [Ciang et al., 2008]. Piezoelectric transducers (PZTs) have been used

significantly in SHM due to their ability to quickly and accurately determine a system’s dynamic

response (impedance) through coupled electrical-mechanical analysis [Liang et al., 1994]. This paper

proposes that SHM techniques, specifically PZT augmented impedance based SHM [Peairs et al.

2007], could be applied as a side-channel attack detection approach for manufactured parts. It should

be noted that piezoelectric-based SHM has already been successfully applied to manufacturing for the

purpose of detecting damage accumulation in assembly fixtures [Rickli and Camelio, 2009]. However,

until now there has been little need to apply SHM technology to detecting changes to manufacturing

parts. SHM technologies cannot be used to accurately measure specific part features without

substantial modeling efforts [Albakri et al., 2014] nor can they be used for diagnosis, both of which

are crucial for traditional QC.

For any attack detection strategy to be a realistic solution for manufacturing, it should 1) not

substantially interfere with the manufacturing system, 2) not require significant additional processing

to be implemented, and 3) be relatively quick. To satisfy these requirements, the SHM attack detection

approach proposed in this paper is based upon a removable “antenna” to connect a PZT with a host

structure (manufactured part). An example of this concept is provided in the subsequent paragraph.

Consider the GE jet engine bracket [GE, 2013] illustrated in Figure 2a. In order to implement the

proposed approach, the bracket would need to be redesigned to accommodate the antenna, as shown in

Figure 2b. During the manufacturing process the antenna/PZT assembly is joined to the bracket

(Figure 2c). Then the PZT is excited and the resulting impedance signature would be acquired. It is

worth noting that impedance based SHM techniques use a very high frequency measurement range

(10kHz and up) which allow for the measurements to be taken in micro-seconds and do not pose any

risk on the systems integrity (e.g., in many cases this is done during operational conditions). This

signature is then analyzed to determine if the part has been altered. The measured signature is

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

6

compared against a previously measured part that has no defect (i.e., a baseline measurement). This

deviation can be bound by manufacturing and material tolerances providing a measure that would

allow the detection of damage or in this case the incipient intrusion and part modification. Finally the

antenna/PZT is removed from the bracket and the manufacturing process would continue.

(a)

(b)

(c)

Figure 2: SHM Attack Detection Concept Illustrating a) Original Part to be Manufactured (adapted from

GE, 2013), b) Modified Part to Accommodate Testing “Antenna”, and c) Testing “Antenna” and

Manufactured Part Assembly

For this proposed detection approach to be an acceptable solution for manufacturing, an SHM

detection system must exhibit two traits: 1) the system must be robust to inherent system variability

and 2) the system must be highly sensitive to non-inherent changes to the physical product. These two

requirements can only be achieved by considering the SHM system during the product and process

design stages. A manufactured product is typically designed with respect to its form, fit, function, and

cost. While a manufacturing process is typically designed with respect to cost, quality, throughput, and

safety. As discussed by Ravi et al. (2004), when dealing with embedded computing systems, security

considerations should be a mainstream system (hardware/software) design issue rather than an

afterthought. Given the current state of cyber-attacks against critical infrastructures, such as

manufacturing, it is becoming imperative that security considerations need to be made during the

design of these systems.

The proposed SHM detection system allows for a new form of physical security to be instilled

into manufacturing during both the product and process design stages. In order to design an optimal

(robust to inherent variability and highly sensitive to product alterations) SHM system, the product

and process design must simultaneously consider all factors that will affect the system’s impedance.

These considerations include but are not limited to: 1) part geometries, 2) part materials, 3) boundary

condition between the part and the testing station, 4) boundary conditions between the antennae and

the part, 5) antennae geometries, 6) boundary conditions between PZT(s) and their respective

antennae, and 7) excitation signature(s). If successful, the use of SHM for attack detection would

provide a quick and cost effective approach for detecting attacks on manufactured parts.

5 Conclusion

In this paper, we have explored cyber-physical manufacturing systems and their vulnerabilities to

cyber-attacks. We have demonstrated the need for new methods for detecting attacks beyond

traditional quality control techniques. It is clear that current manufacturing systems can be exploited to

allow compromised parts to pass both quality control and visual inspections. Therefore, it is essential

to develop new manufacturing specific approaches for detecting cyber-attacks that incorporate the

physical nature of the manufacturing systems. In response to this need, this paper adapted the key

principles of state-of-the-art approaches for detecting Trojans in integrated circuits to detect physical

changes in manufactured parts. More specifically, the approach proposed in this paper incorporates the

use of structural health monitoring techniques to detect changes in a part’s intrinsic behavior. If

successful, the proposed approach has the potential to quickly detect compromised manufactured parts

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

7

without significantly disrupting the manufacturing process flow. In addition, the proposed approach

brings manufacturing cyber-security considerations to the product/process design stages. This

transition is of the utmost importance as cyber-security for manufacturing should not be considered as

an after-thought, but as a key consideration throughout the product/process design chain.

6 Acknowledgement

This research was partially supported by NSF grant CMMI-1436365.

References

Albakri, M., and Tarazaga, P.A. Impedance-Based Structural Health Monitoring Incorporating

Frequency Shifts for Damage Identification. In: IMAC XXXII A Conference and Exposition on

Structural Dynamics, 2014.

Albright, D., Brannan, P., and Walrond, C. Did Stuxnet Take Out 1,000 Centrifuges at the Natanz

Enrichment Plant? Institute for Science and International Security 2010.

Agrawal, D., Baktir, S., Karakoyunlu, D., Rohatgi, P., and Sunar, B. Trojan detection using IC

fingerprinting. In: IEEE Symposium on Security and Privacy, 2007, pp. 296–310.

Banga, M., Chandrasekar, M., Fang, L., and Hsiao, M. S. Guided test generation for isolation and

detection of embedded Trojans in ics. In: Proceedings of the 18th ACM Great Lakes symposium on

VLSI, 2008, pp. 363–366.

Chakraborty, R.S., Narasimhan, S., and Bhunia, S. Hardware Trojan: Threats and emerging

solutions. In: High Level Design Validation and Test Workshop, 2009 IEEE International, 2009, pp.

166–171.

Cherry S. and Constantine L. (2011). "Sons of Stuxnet", IEEE Spectrum.

Cook, J. (2014). “FBI Director: China Has Hacked Every Big US Company,” Business Insider.

Accessed Oct. 10, 2014 from http://www.businessinsider.com/fbi-director-china-has-hacked-every-

big-us-company-2014-10.

Digital Manufacturing and Design Innovation (DMDI) Institute (2013). “Overview - Digital

Manufacturing and Design Innovation (DMDI) Institute.” Retrieved from http://www.manufacturing.

gov/docs/dmdi_overview.pdf.

Du, D., Narasimhan, S., Chakraborty, R.S., and Bhunia, S. Self-referencing: a scalable side

channel approach for hardware Trojan detection. In: Cryptographic Hardware and Embedded

Systems, CHES, 2010, pp. 173–187.

GE (2013). “GE jet engine bracket challenge,” GE. Accessed on Jan. 5, 2015 from

https://grabcad.com/challenges/ge-jet-engine-bracket-challenge

Jin, Y., Kupp, N., and Makris, Y. Experiences in hardware Trojan design and implementation. In:

IEEE International Workshop on Hardware-Oriented Security and Trust, 2009, pp. 50–57.

Liang, C., Sun, F.P., and Rogers, C.A. Coupled electromechanical analysis of adaptive material

systems - Determination of the actuator power-consumption and system energy-transfer. Journal of

Intelligent Material Systems and Structures, 1994, 5: 12–20.

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

8

Lin, L., asper, M., G neysu, T., aar, C., and Burleson, W. Trojan side-channels: Lightweight

hardware Trojans through side-channel engineering. In: Cryptographic Hardware and Embedded

Systems-CHES 2009, 2009, pp. 382–39.

Narasimhan, S., Du, D., Chakraborty, R.S., Paul, S., Wolff, F., Papachristou, C., Roy, K., and

Bhunia, S. Multiple-parameter side-channel analysis: a non-invasive hardware Trojan detection

approach. In: Hardware-Oriented Security and Trust, 2010 IEEE International Symposium, 2010, pp.

13–18.

National Defense Industrial Association (2014). “Cybersecurity for Advanced Manufacturing.”

Retrieved from http://www.ndia.org/Advocacy/LegislativeandFederalIssuesUpdate/Documents/

Cyber_for_Manufacturing_White_Paper_5May14.pdf

Peairs, D., M., Tarazaga, P.A., and Inman, D.J. Frequency Range Selection for Impedance-Based

Structural Health Monitoring. Journal of Vibration and Acoustics, 2007; 129(6): 701-709.

Ravi, S., Raghunathan, A., Kocher, P., and Hattangady, S. Security in embedded systems: Design

challenges. ACM Transactions on Embedded Computing Systems (TECS), 2004; 3(3): 461-491.

Rickli, J.L. and Camelio, J.A. Damage detection in assembly fixtures using non-destructive

electromechanical impedance sensors and multivariate statistics. The International Journal of

Advanced Manufacturing Technology, 2009; 42(9-10): 1005-1015.

Rizzo, J. (2010). “Industry experts: Less 'made in usa' puts security at risk.” Retrieved from

http://edition.cnn.com/2010/US/09/21/manufacturing.security/index.html

Strum, L.D., Williams, C B., Camelio, J., White, J., and Parker, R. Cyber-physical Vulnerabilities

in Additive Manufacturing Systems. In: International Solid Freeform Fabrication Symposium, 2014,

Austin, TX.

Tehranipoor, M. and Koushanfar, F. A survey of hardware Trojan taxonomy and detection. 2009.

Wang, X., Tehranipoor, M., and Plusquellic, J. Detecting malicious inclusions in secure hardware:

Challenges and solutions. In: Hardware-Oriented Security and Trust, 2008 IEEE International

Workshop, 2008, pp. 15–19.

Wells, L.J., Camelio, J.A., Williams, C.B., and White, J. Cyber-Physical Security Challenges in

Manufacturing Systems. Manufacturing Letters, 2014; 2(2): 74-77.

Trojan Detection and Side-Channel Analyses for Cyber-Security Vincent et al.

9

Kennametal – LaTrobe, PA June 15, 2016

Tim Shinbara, AMT Liaison VP – Manufacturing Technology

Association for Manufacturing Technology

Scott Hibbard, TIC Chair VP – Technology

Bosch Rexroth – Elec. Drives & Controls

AMT Technology Issues Committee (TIC) & NTMA Technology Team Combined Meeting

Safety Briefing

Agenda

9:45 – 10:00 Break

11:30 – 12:30 Lunch/Roundtable - Partnership

1:15 – 1:30 Break

2:30 – 2:45 Break

4:00 - Conclude and Adjourn

Annual Statements: Antitrust

AMT TIC Mission Statement

acts as the voice of the membership by providing input to the association on member needs in support of AMT’s products and services.

The Committee also assists AMT in meeting the objectives of the Board of Directors’ Strategic Plan.

Cyber Physical Security

Cybersecurity Framework Components

Describes how cybersecurity risk is managed by an organization and degree the risk management

practices exhibit key characteristics

Aligns industry standards and best practices to the Framework Core in a particular implementation scenario

Supports prioritization and measurement while factoring in business needs

Cybersecurity activities and informative references, organized

around particular outcomes

Enables communication of cyber risk across an

organization

Framework Core

Framework Implementation

Tiers

Framework Profile

Framework Core Cybersecurity Framework Component

What processes and assets need protection?

What safeguards are available?

What techniques can identify incidents?

What techniques can contain impacts of

incidents?

NIST Cybersecurity for Smart Manufacturing Systems Testbed

• Reconfigurable nature of testbed will allow for researching various implementations for each scenario – Process Control – Collaborative Robotics – Additive Manufacturing – Assembly

• Research outcomes will be used to provide guidance to industry on best practices for cost effectively implementing cybersecurity standards and guidelines without negatively impacting ICS performance

Testbed Scenarios • Continuous Processes

– Chemical Processing

• Advanced Discrete Processes – Dynamic Robotic Assembly

– Additive Manufacturing

• Distributed Operations – Smart Grid

– Smart Transportation

Dynamic Robotic Assembly • Discrete process • Cooperative robotics • Dynamic Planning • Integrated safety system • Computer Vision • Embedded control • A variety of protocols

including EtherCAT

NIST Cybersecurity for Smart Manufacturing Systems Testbed

Collaborative Robotics Enclave

Process Control Enclave

Measurement Enclave

NIST Cybersecurity for Smart Manufacturing Systems Testbed

CAD Workstation

External world connection (Local Network/Internet)

CAD Software

CAD Model .STL file CAM Software

CAM Workstation

Part Process control

parameters

Controller

AM Machine

Physical System

Tool command file

Equipment vendor connection for remote maintenance & troubleshooting (e.g., firmware update of controllers)

Goal – Attack the quality of the additive manufactured product Layers – CAD model, .STL/.AMF file, Tool command file, Process Control Parameters, Controllers

Attack vectors • Rogue designers inserting malicious logic into the CAD model, STL file or Tool command file • 3rd party models or files embedded with unwanted logic • Malicious 3rd party CAD/CAM software that inserts extraneous or deletes logic into the models/files • Tampers models/files/control parameters via Malware infection (by exploiting insecure external

communications and software vulnerabilities of CAD/CAM software or Operating systems) • Modifying files or process control parameters by exploiting Insecure local area communications • Update controller firmware by exploiting insecure physical interfaces such as USB

Remote Local Physical

1. How are operational technology (OT) systems fundamentally different from information technology (IT) and how will this affect the types of technologies and solutions that might be applied?

2. Given the differences between OT and IT, what techniques or technologies that are used to protect IT systems are unlikely to be suitable for OT systems and/or the operational environment?

3. What solutions and best practices can we adopt from IT cybersecurity to better secure OT?

4. How do we protect the OT/IT interface as these systems essentially converge?

5. How do we address cybersecurity on legacy manufacturing systems designed for a 20+ year lifecycle?

6. Where do you see the biggest need (solution gap) for technology development to increase cybersecurity in the manufacturing environment?

7. What unique commercial offerings for cybersecurity are you aware of that may be broadly applicable in the manufacturing domain?

8. What non-commercial R&D efforts or products are you aware of that may be of value to OT owners and operators?

9. What solutions is your company/organization in the process of developing or testing?

10. Who else do you know is doing research to increase cybersecurity in the manufacturing environment?

Break

Roundtable - Technology

NNMI: Institute Updates

Integrated Photonics

Digital Manufacturing

Advanced Composites Power Electronics (WBG)

Additive Manufacturing

Lightweight Metals

Flexible, Hybrid Electronics

Revolutionary Fibers & Textiles

6S Excellence Award Background:

In 2007, a group of NTMA shop apprentices toured Switzerland as guests of the Swiss Embassy. Upon return, they commented on the cleanliness and

orderliness of the Swiss facilities relative to US shops. Based on this feedback, the NTMA Education and Technology Teams committed to improve the

perception of American manufacturing by promoting and recognizing excellence in member shop organization and efficiency. The 6S Excellence

Award was created.

HOW IT WORKS: NTMA and non-NTMA companies may apply for the award by

submitting a self-assessment based on criteria that demonstrates best in class practice in the six S’s:

1. Safety 2. Sort 3. Set in Order 4. Shine 5. Standardize 6. Sustain Companies that retain the 6S criteria can receive the award multiple

years.

NTMA Technology Excellence Award

Background

The Technology Excellence Award was the development of an NTMA Technology Team initiative to bring value to members. AMT is a proud sponsor of

the Technology Excellence Award and recognizes companies that demonstrate a best-practice or best-

use of its member’s products and services.

TECHNOLOGY AWARD – CATEGORY 1

“Advanced Technology Development and/or Integration” OR

“Lead Time Reduction Through Flow, Safety and Organization”

TECHNOLOGY AWARD – CATEGORY 2 “Leader/Associate Partnerships: World-Class Performance”

OR “Results Based Performance Through Goal Deployment and Visual

Management Systems”

HOW IT WORKS: Only NTMA members are eligible to be nominated Nominations are submitted to the NTMA Technology Team Winners are selected by the Technology Team as judged

against selection criteria Awards are presented at the MFG Meeting Recipients have the opportunity to share their awarded

technology/practice during the NTMA break out session at the MFG Meeting

Lunch: 11:30 – 12:30 Roundtable - Partnership

AMT Updates

Tech Trends

Problem: Business and Technical Intelligence Solution for Technologies Research and Development Data Stream

MTInsight Research & Development

Visual representation of technology trend Easy to use Access anywhere User defined information Expandable

MTInsight Research & Development

Summary Top Trends User defined trends Advanced connected search

MTConnect Student Challenge Ideation winners announced @ [MC]2

Application winners to be announced @ IMTS

Break

AMT and NTMA Breakout Sessions

Other Business: Next Meeting

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

Board Meeting

MC2 Board Meeting

CIRP IMTS Board Meeting

DMC (last week)

MFG GFMC

JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC

TIC *TIC TIC?

AMT: 2016 Outlook

TIC: 2016 Outlook

*Combined NTMA Meeting

Round Table Input T.I.C. Member TIC Role

Smart manufacturing, IIoT, Industry 4.0 Scott Hibbard TIC Views

AM material and equipment development Randy Gilmore TIC Views

Platform for workforce development Steve O’Neal TIC Views

Energy efficiency Scott Hibbard TIC Views

Break

Roundtable - Networking

Recap/Action Items

Adjournment

Promoting National Security Since 1919

CYBERSECURITY FOR

ADVANCED MANUFACTURING

a White Paper prepared by

National Defense Industrial Association’s Manufacturing Division

and Cyber Division

May 5, 2014

PREFACE DoD and industry have focused much effort on protecting technical information in business and

engineering information systems. Relatively less action has been taken to improve protection of

technical data in factory floor networks and control systems, which are increasingly subject to cyber

threats. Cybersecurity on the factory floor merits increased DoD and industry attention.

NDIA’s Manufacturing Division and Cyber Division have jointly developed this White Paper to heighten

awareness of the emerging threats, vulnerabilities and consequences in the Industrial Control Systems

used in manufacturing. Better practices and technical solutions are needed to protect against theft of

technical data transiting or residing in manufacturing systems, alteration of the data (thereby

compromising the physical parts produced), or interference with reliable and safe operation of a

production line. Solutions must be cost effective, especially for smaller manufacturers in defense supply

chains. This White Paper offers several recommendations for enhancing protection of technical data in

factory floor networks and control systems.

NDIA wishes to acknowledge the authors, contributors and reviewers of this report (Appendix 1), with

special thanks to the many government and industry subject matter experts (Appendix 2) who graciously

consented to data collection interviews.

NDIA White Paper – Cybersecurity for Advanced Manufacturing

1

Overview

This paper reports the results of NDIA’s study of the need to protect unclassified controlled technical information in manufacturing. It addresses the unique needs of cybersecurity for manufacturing systems and networks in general, and for the Defense Industrial Base (DIB) in particular. It was prepared by a Joint Working Group of the NDIA Cyber and Manufacturing Divisions (Appendix 1).

The objectives of the paper are to raise awareness of needs, identify known solutions and best practices, point out gaps and recommend courses of action to better manage cybersecurity risks in defense manufacturing networks. The study is based on information gleaned from a literature review and a highly informative series of interviews with senior stakeholders in government, industry and academia (Appendix 2). Key findings from the study include:

The threat is real and manufacturing companies are targets

Factory floor systems are a weak link in safeguarding technical information

Small Business manufacturers are not well equipped to manage the risks

The last section of the paper presents recommendations for DoD to work with industry to heighten awareness and improve cybersecurity in Defense supply chain manufacturing systems.

Protecting the Digital Thread

Defense contractors throughout DoD's supply chain have been targeted by cyber criminals attempting to steal unclassified technical data. Concerned about potential damage to national security, in November 2013 DoD issued a new contract clause,1 with mandatory flow-down to subcontractors, requiring defense contractors to incorporate established information security standards on their unclassified networks and to report cyber-intrusion incidents that result in the loss of unclassified controlled technical information. Implementation of this requirement will require DoD and industry to work together to manage risks at every level of the enterprise, including the factory floor.

Figure 1 – Protecting the

Digital Thread

1 Federal Register /Vol. 78, No. 222 /Monday, November 18, 2013 /Rules and Regulations 69281

(http://www.gpo.gov/fdsys/pkg/FR-2013-11-18/pdf/2013-27313.pdf)

NDIA White Paper – Cybersecurity for Advanced Manufacturing

2

The factory floor is a growing area of concern for cybersecurity. In much of the Defense Industrial Base (DIB) manufacturing is digitally driven. The era of skilled machinists operating from paper engineering drawings has given way to networks of computers, automated machines, ubiquitous sensors, and technicians whose job is to convert digital data into physical parts and assemblies. Design, manufacturing and product support operations are driven by a “digital thread” of technical data -- product and process information -- that can be shared throughout the supply chain and must be protected. Much attention has been given to protecting technical information in information technology (IT) systems and networks. But protecting the operational systems of a manufacturing enterprise presents a new and different set of challenges. Not only must the technical data be protected from theft, it must also be protected from alteration that could impair the proper functioning of parts produced or affect the safety and availability of the production system. These concerns are especially challenging for small and mid-size manufacturers.

The Threat is Real, and Manufacturing Companies are Targets

Cyber threats to manufacturing enterprises may be motivated by espionage, financial gain or other reasons to compromise data Confidentiality, Integrity or Availability – the C-I-A concerns that are the focus of IT cybersecurity2. For the advanced manufacturing enterprise, these concerns are translated as:

1. Theft of technical data, including critical national security information and valuable commercial intellectual property. This is a Confidentiality concern.

2. Alteration of data, thereby altering processes and products. This is an Integrity concern. 3. Impairment or denial of process control, thereby damaging or shutting down operations.

This is an Availability concern.

These concerns exist from the point of creation of the technical data, through its access at any point in the supply chain, to its use to control physical manufacturing processes throughout the product life cycle. There is ample cause for concern. Symantec reports that manufacturing was the most targeted sector in 2012, accounting for 24% of all targeted attacks.3 State-sponsored data breaches became the second most common variety of data breaches in 2012, following only organized crime, according to a study by Verizon.4 McAfee’s 2012 Threat Predictions identifies industrial networks as the leading cybersecurity vulnerability, and states, “Attackers tend to go after systems that can be successfully compromised, and ICS [industrial control systems] have shown themselves to be a target-rich environment.”5 Cyber spies, cyber criminals, cyber terrorists, disgruntled insiders and hacktivists can attack in very sophisticated ways. For example, the Washington Post (May 28, 2013) reported that a cyber espionage Advanced Persistent Threat (APT) exfiltrated technical design data on over two dozen US defense systems. Mandiant6 provided details on a class of sophisticated APTs that is traceable to China, and that took most victim companies months to discover and additional months to mitigate – a long window during which sensitive intellectual property was being compromised. Stuxnet,7 the worm that attacked the Iranian uranium refinement capabilities, was a sophisticated attack targeted to specific

2 ISA (2013), ”NIST Cybersecurity Framework ISA99 Response to Request for Information,” April 5, 2013, Research

Triangle Park, NC: ISA, p3. (http://csrc.nist.gov/cyberframework/rfi_comments/040513_international_society_automation.pdf) 3 Symantec Internet Security Threat Report - 2013, p15 (www.symantec.com)

4 Verizon 2013 Data Breach Investigations Report, p21 (http://www.verizonenterprise.com/DBIR/2013/)

5 McAfee 2012 Threat Predictions, p3 ( http://www.mcafee.com/us/resources/reports/rp-threat-predictions-

2012.pdf) 6 Mandiant Intelligence Center APT1 report (http://intelreport.mandiant.com/)

7 Symantec W.32 Stuxnet Dossier (http://www.symantec.com)

NDIA White Paper – Cybersecurity for Advanced Manufacturing

3

machine controllers similar to those widely used in manufacturing operations. Hackers attacked Lubrizol, an Ohio-based chemicals company, through ICS to steal intellectual property causing substantial financial damage.8 Threats like these are hard to detect and containment/restoration can take months. Fortunately, according to Verizon, such sophisticated attacks are not yet commonplace. Over 70% of the attacks examined in 2012 were of low or moderate sophistication, but this should not be cause for complacency. As Verizon9 puts it, “Would you fire a guided missile at an unlocked screen door?”

Manufacturing Needs and Priorities Differ from Business IT Systems

Much of the current attention to cybersecurity is focused on information technology (IT) systems that, in large organizations, are usually under the purview of a Chief Information Officer (CIO) or Chief Information Security Officer (CISO). CIOs and CISOs in large defense firms are implementing strong cyber risk management standards, technologies and practices. Their participation in DoD’s DIB Cyber Security/ Information Assurance (CS/IA) program and the Defense Security Information Exchange (DSIE), an NDIA cyber threat sharing committee, has been a model for industry-government and industry-industry collaboration on complex issues. Interviews conducted for this study revealed that large companies:

Are confident in their risk management posture but are concerned about suppliers, especially small businesses, who lack the resources and knowledge to identify and mitigate cyber risks. Large companies are concerned that supplier vulnerabilities could become their vulnerabilities, and are willing to work with suppliers on improvements.

Have not yet seen an upsurge in the threat to factory systems, but acknowledge the growing interconnections between factory systems and other systems, and the existence of targeted attack examples. They do not want manufacturing systems to be the weak link in the enterprise.

View increased mandatory cyber protection requirements with concern unless they are accompanied by funding for implementation. They advocate use of voluntary commercial standards and practices where possible, and advocate a process of cost/risk tradeoffs to arrive at affordable solutions for cybersecurity in the DIB.

8 “High-impact Threats to Critical Infrastructure,” Proceedings of the Policy Studies Organization 22 (December

2012): 92 (http://www.ipsonet.org/proceedings/wp-content/uploads/2013/08/Proceedings-22-reduced.pdf) 9 Verizon, Op. Cit., p 49 (http://www.verizonenterprise.com/DBIR/2013/)

NDIA White Paper – Cybersecurity for Advanced Manufacturing

4

In assessing how to extend the CIO/CISO IT thinking into applications in manufacturing systems, it is important to recognize the similarities and differences between the manufacturing operational technology (OT) culture and the information technology (IT) environment and culture. Factory floor technology includes networks, servers and end point computers, but it also includes cyber-physical systems where networked machines, sensors and software combine to produce physical changes in materials, parts and environments. The Industrial Control Systems (ICS) that control these processes typically run specially designed operating systems and communications protocols, handle real-time processing and synchronization needs, have a lifetime on the order of 15-20 years, are rarely rebooted or stopped to install patches, depend on networked sensor feedback, and can have catastrophic physical safety consequences if they are compromised. ICS outages may need to be scheduled weeks in advance. While cybersecurity is deeply ingrained in the IT culture, the Operations Technology (OT) culture is focused first and foremost on safety and availability of factory systems for production output. Technicians, including those from the original manufacturer, often have administrator privileges, and use them creatively to keep the machines running. In essence, digits (executable files from global sources) go into the factory and parts come out, often with limited ability to screen the files or the resulting products for integrity.

In the past, most ICS networks were autonomous and built upon proprietary vendor technology. ICS solutions were geared towards speed, functionality, reliability and safety. Cybersecurity features were not a high priority when there was an air gap between ICS networks and other networks in the enterprise. Today, however, competitive pressures are driving the integration and analysis of “big data” collected from business information systems, engineering information systems and manufacturing systems across the supply chain. Organizations need to respond quickly to market changes and they need to manage operations and maintenance with fewer people. Executives need timely and accurate information. Production control systems – ICS – must feed this information to the decision makers as soon as possible.10 Several interviews conducted during this study indicated a distinct trend toward integration of IT and OT systems. Manufacturing enterprises handle a wide range of sensitive data through their highly connected relationships with customers, suppliers and equipment vendors. In the future, enhancing ICS cybersecurity must be addressed as an integral part of enterprise security.

10

Honeywell White Paper, Cybersecurity in Manufacturing and Production, WP 686, August, 2011, Http://www.honeywell.com/ps

NDIA White Paper – Cybersecurity for Advanced Manufacturing

5

The community of ICS vendors, users and standards organizations has made significant strides in enhancing ICS cybersecurity. Both the ISA99 series of international standards for Industrial Automation and Control Systems, and NIST’s Guide to ICS Security (SP 800-82) recognize these unique needs (see Appendix 3) and identify best practices to mitigate risks. These standards and guides also define a comprehensive set of good practices that the providers and owners/operators of ICS technologies use in critical infrastructure systems (e.g. nuclear industry, power grid, chemical industry). Implementation in manufacturing is, at present, spotty.

ICS component vendors and integrators build their latest products with cybersecurity in mind. The installation of new ICS networks in manufacturing plants is architected to protect vulnerable network interfaces. Users are advised to implement the best practices documented in ICS standards, guides and vendor manuals. Unfortunately, the long operational life of older ICS equipment and the challenges of integrating new equipment with older systems inhibit full implementation of the known cybersecurity solutions. For the human element of the system, changing the factory floor culture to embrace good cybersecurity hygiene is a slow process. And from a technology standpoint, manufacturing applications have needs that differ from the other ICS applications that have been the primary drivers of solutions. In continuous operations such as the power grid or the transportation system, the priority is to protect the safe operation of the ICS itself. In manufacturing, the additional priority is to protect the data residing in or transiting through the ICS from theft or alteration. DoD's emphasis on technical data protection will require continued development of technologies, standards and practices for data protection on the factory floor.

Small and Mid-Size Firms Face Large-Size Challenges

Defense prime integrators are concerned about their suppliers' ability to manage cybersecurity risks. Technical data packages, process flows and other critical information move up and down the supply chain in business transactions and in engineering collaborations. While most large corporations have made significant improvements in their business information technology network protections, research for this report found only an emerging awareness of the threats to the manufacturing information networks. Additionally, the lower tier DIB contractors struggle to secure their business networks and most have not initiated protection of their manufacturing networks.

McAfee’s 2012 Threat Predictions11 identifies industrial networks as the leading cybersecurity vulnerability, and states, “Attackers tend to go after systems that can be successfully compromised, and ICS systems have shown themselves to be a target-rich environment.” Many smaller suppliers do not

11

McAfee, Op. Cit., p3 (http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf)

Additive Manufacturing

An interesting microcosm of what happens on the cyberphysical factory floor is evident in Additive Manufacturing, also known as 3-D printing. This process can make a three-dimensional solid object of virtually any shape from a digital model, and the palette of materials is growing from plastics to metals and composites. It is rapidly evolving as a production method for functional parts, such as cooling ducts in the F-35 and parts for turbine engines. For the DoD, its ability to produce small quantities efficiently (lot size of one) makes it particularly attractive. Information about materials, finish, and other physical attributes are all contained in the digital production (print) file – which makes this file a critical piece of intellectual property to protect for both competitive and national security reasons. Recent experiments by Virginia Tech Applied Research Corporation have shown typical additive manufacturing operations will be a soft target for hackers wishing to alter the properties or features of the manufactured item in hard-to-detect ways. While additive manufacturing is inherently no more vulnerable than other manufacturing methods, the opportunity exists to build more security into these emerging systems now.

NDIA White Paper – Cybersecurity for Advanced Manufacturing

6

have the resources, expertise or financial incentives to identify vulnerabilities and mitigate risks. Their ICS networks are typically vulnerable to backdoors, default passwords, discoverable IP addresses, connection by portable devices and connection from outside networks. Small manufacturers often believe that they are not likely to be targets of cyber attacks, and that perimeter defenses such as firewalls and virus protection will keep them safe -- a false hope in light of recent data.

Verizon’s 2013 Data Breach Investigation Report (DBIR) found that manufacturing networks are more likely to be targeted for purposes of espionage than for financial gain, and operations with fewer than 1,000 employees are more often targeted than the large corporations.12 While the Verizon sampling is not large enough to make sweeping recommendations, the data highlight the particular threat to the multi-tiered defense industrial base that contains sensitive defense system design and production information.

This concern underlies the DoD mandate to flow down to suppliers mandatory contract requirements to protect unclassified controlled technical data. NDIA's member companies want to work with DoD on implementing this mandate in a way that does not impose unrecoverable costs or introduce potential liabilities that deter suppliers from entering or remaining in the DoD market. Significant advances can be made without great expense. A recent report from the Penn State Applied Research Laboratory13

notes that “[m]itigations against most attacks are neither expensive nor difficult. It is estimated that four mitigation techniques can prevent at least 85% of attacks.”

Smaller companies, for their part, view ISA99 standards and the NIST SP 800-82 guidelines for ICS security as complex and hard to implement. Many small manufacturers have no full time cybersecurity staff. There are no turnkey solutions for protection, and available information on pertinent threats is limited or classified. The forums available to large companies for information exchange (e.g. the DIB CS/IA program) are often beyond their reach.14 They cannot afford to deal with differing cybersecurity requirements from different customers, and therefore seek standard practices among their aerospace and defense prime integrators. Once such practices are defined, small companies will need training and implementation assistance. Aerospace and defense integrators may work through existing business collaboration forums, such as Exostar,15 to help selected suppliers improve cybersecurity risk management. Established government programs, such as NIST’s nationwide network of Manufacturing Extension Partnership (MEP) centers,16 offer a potentially broader channel for delivery of training and assistance to small manufacturers.

A mechanism is needed to help DIB stakeholders -- DoD, defense prime integrators, and suppliers -- collaboratively define needs, adopt known solutions and best practices, and develop new solutions to fill gaps. This mechanism must meet the business needs of the manufacturing sector. The NIST-led Cybersecurity Framework initiative offers an excellent starting point for developing such a mechanism in the DIB critical infrastructure sector.

12

Verizon 2013, Op. Cit. p. 14 (http://www.verizonenterprise.com/DBIR/2013/) 13

B. Toth, C. Severn and J.Hoerr, “Understanding Security,” Technical Report No. TR-13-003, 29 August 2013, The Applied Research Laboratory, The Pennsylvania State University, State College, PA. 14

Of the entire supplier base to DoD only 2,650 companies have been identified as eligible participants, with less than 100 actively participating in such programs.

15 www.exostar.com

16 http://www.nist.gov/mep/

NDIA White Paper – Cybersecurity for Advanced Manufacturing

7

The Cybersecurity Framework for Critical Infrastructure Protection

The President’s February 2013 Executive Order (EO 13636), "Improving Critical Infrastructure Cybersecurity", called for DHS-led revision of the National Infrastructure Protection Plan to enhance cybersecurity protection in 16 critical infrastructure sectors. The EO required NIST to lead development of a voluntary, technology-neutral framework to provide a common language and mechanism for organizations to use in managing cybersecurity risk. NIST’s February 2014 Cybersecurity Framework for Critical Infrastructure Protection Version 1.017 defines the concepts and core standards and practices that apply to all critical infrastructure sectors. It is intended to be a point of departure for sector-specific organizations to build on and extend to meet sector business needs. The risk management concepts in the Framework are general enough to apply to manufacturing cybersecurity, and are supported by a Framework Core, with categories and informative references (cross-cutting standards and guides) for risk management in five key cybersecurity functions -- Identify, Protect, Detect, Respond and Recover. As Figure 1 illustrates, the Framework identifies standards and best practices relevant to each subcategory. It provides a tier-based model and target profile concepts firms can use to tailor implementation to an appropriate level of cyber risk management for their business needs.

Figure 1. Excerpt from NIST Cybersecurity Framework Version 1.0

During development of the Framework, NDIA comments emphasized that industry values the risk-based principles and the voluntary implementation approach the Framework provides. We believe the same risk-based principles and voluntary framework can be used as a starting point to fill gaps in cybersecurity

17

NIST Cybersecurity Framework (www.nist.gov/cyberframework/)

NDIA White Paper – Cybersecurity for Advanced Manufacturing

8

for manufacturing systems. Adopting the vocabulary and principles of the Framework will facilitate efforts by companies that support the DIB to integrate and implement concepts from several areas of DoD policy that affect factory floor operations. These include cybersecurity policies, program protection policies, trusted component policies, and DFAR regulations for safeguarding unclassified controlled technical information.

An Integrated Approach to Cybersecurity for Defense Manufacturing

NDIA believes improving cybersecurity risk management in manufacturing systems requires effort at the intersection of three complementary DoD policy areas: Procurement Policy (the DFAR requirement for protecting unclassified controlled technical information); Systems Acquisition Policy (DODI 5200.39 requirements for Program Protection Plans and DODI 5200.44 requirements for Trusted Components); and Information Assurance policy (the DODI 8500.2 cybersecurity requirements).18 We believe the new Framework offers an opportunity to build on common, commercial principles, standards and practices as DoD and DIB companies work together at the intersection of these policies to strengthen risk management in manufacturing systems.

The DFAR requirement and the Framework have already been discussed. The Program Protection Plan (PPP) required by DODI 5200.39 for major acquisition programs typically includes an Information Assurance strategy that complies with DoDI 8500.2. The PPP is a “living” document intended to help programs ensure that they adequately protect critical program information over the program’s lifecycle. The DODI 5200.44 policy on Trusted Systems and Networks requires risk management for trusted components throughout the lifecycle. Although factory system vulnerabilities are an area of risk implicitly covered by these policies, there is no specific guidance on cybersecurity risk management for manufacturing in the policies. The connections must be made in company plans and program plans. For example, production of trustworthy components could be compromised by cyber penetration that alters the digital files driving manufacturing, thereby altering the functionality of the manufactured components.

Developing the guidance for cybersecurity in manufacturing systems, identifying the relevant standards and best practices, and assisting supply chain partners with voluntary implementation will require collaborative DoD and industry efforts. Commonality of expectations in business interfaces across DIB supply chains is highly desirable, and can be facilitated by adopting commercial concepts, standards and practices wherever possible. Much work remains to be done to define solutions at an implementable level of detail, but NDIA believes the Framework offers a useful point of departure for such work.

NDIA Recommendations for USD(AT&L)

1. Designate a focal point to work with industry on risk-based, voluntary standards and practices to strengthen factory floor cybersecurity in defense supply chains. NDIA is willing to take an active role in addressing factory floor issues and to facilitate DoD and industry interaction to:

Evaluate the core standards, practices and concepts of the NIST Framework as a starting point for improving Industrial Control System (ICS) security in manufacturing applications, with DIB sector-specific extensions as needed. Use a common vocabulary and aim for compatibility with commercial solutions wherever possible, while meeting

18

DoDI 8500.2 Information Assurance Implementation, DoDI 5200.39 Critical Program Information Protection, DODI 5200.44 Protection of Mission Critical Functions to Achieve Trusted Systems and Networks (DoD Issuances Website)

NDIA White Paper – Cybersecurity for Advanced Manufacturing

9

national security needs. Collaboration with the DHS established and DoD managed DIB Sector Critical Infrastructure Protection Program may prove fruitful for this effort.

Create common business interface expectations among DoD, prime contractors and suppliers for cybersecurity controls in manufacturing systems

2. Conduct a series of forums with defense prime contractors and suppliers (with special emphasis on small business participation) to improve broad understanding and implementation planning for the new DFAR clause on safeguarding unclassified technical information (including factory floor implications). NDIA would be willing to organize and host such a series.

3. Update DoD guidance on the Program Protection Plan (PPP) to address critical information that resides in or transits manufacturing systems and networks. Let industry make appropriate risk/cost tradeoffs in developing PPPs for DoD review.

4. Expand the use of red teams to identify manufacturing system cybersecurity vulnerabilities, and identify specific capabilities that need strengthening. Sponsor R&D (including S&T and SBIR programs) to develop better data protection capabilities in industrial control systems and networks used in manufacturing, with the goal of dynamic mitigation of cyber threats in high availability, safety-critical, real-time manufacturing operations.

5. Develop programs to facilitate manufacturing system cybersecurity in defense supply chains

Work with the NIST Manufacturing Extension Partnership network and other delivery channels to develop and deliver training to small and mid-size manufacturers and assist them in implementing cybersecurity principles, standards and practices to meet the needs of DoD and DIB trading partners.

Provide incentives and, where justified, investment assistance for capital investments to upgrade and strengthen ICS systems and networks. Investigate applicability of the Manufacturing Technology program and Defense Production Act Title III authorities for use in improving cybersecurity for assured domestic sources of supply.

Develop Defense Acquisition University training modules to familiarize the DoD acquisition workforce with cost-effective cybersecurity risk management practices and to provide training in appropriate application of contract requirements for safeguarding unclassified controlled technical information, including in manufacturing systems.

NDIA White Paper – Cybersecurity for Advanced Manufacturing

10

Appendix 1 – NDIA Cyber Division and Manufacturing Division

Joint Working Group Members

Co-chairs:

Jennifer Bisceglie, Interos Solutions Inc. (NDIA Cyber Division)

Michael McGrath, Analytic Services Inc. (NDIA Manufacturing Division)

Study Group:

David Chesebrough, Association for Enterprise Integration

Mark Fedak, Private Consultant

James Godwin, Britewerx Inc.

Mark Gordon, National Center for Advanced Technologies

Larry John, Analytic Services Inc.

Catherine Ortiz, Defined Business Solutions, LLC

Chris Peters, The Lucrum Group

Reviewers:

William Barkman, Y-12 Babcock & Wilcox

Barry Bates, NDIA

Brench Boden, Air Force ManTech (AFRL)

Kevin Fischer, Rockwell Collins

Matthew Fleming, Homeland Security Institute

Michael Lemon, International Technegroup, Inc.

Rebecca Taylor, National Center for Manufacturing Sciences

John Vankirk, Kennametal

NDIA Manufacturing Division

NDIA Cyber Division

NDIA Systems Engineering Division

NDIA Armaments Division

NDIA Small Business Division

NDIA White Paper – Cybersecurity for Advanced Manufacturing

11

Appendix 2 – Subject Matter Experts Interviewed by NDIA Working Group

The working group gratefully acknowledges the not-for-attribution contributions of the following individuals and organizations:

Jon Boyens, National Institute of Standards and Technology Elana Broitman, Office of the Secretary of Defense (MIBP) Jaime Camelio, Virginia Tech Eric Cosman, Dow Chemical and ISA99 Committee Don Davidson, Office of the Secretary of Defense (CIO) Emmanuel de la Hostria, Rockwell Automation and ISA99 Committee Paul Didier, CISCO Geoffrey Donatelli, Raytheon Missile Systems Lee Holcomb, Lockheed Martin Gregory Larsen, Institute for Defense Analyses Daniel Massey, Department of Homeland Security Johan Nye, Exxon Mobil and ISA99 Committee Laura Odell, Institute for Defense Analyses Robert Parker, VT Applied Research Corporation Perry Pederson, The Langner Group LLC Michael Pozmantier, Department of Homeland Security Melinda Reed, Office of the Secretary of Defense (Systems Engineering) Charlie Robinson, International Society of Automation (ISA) Keith Stouffer, National Institute of Standards and Technology Doug Thomas, Lockheed Martin Steven Venema, Boeing Doug Wylie, Rockwell Automation

NDIA White Paper – Cybersecurity for Advanced Manufacturing

12

Appendix 3 – How ICS Systems Differ from IT Systems Source: NIST SP 800-82

Category Information Technology System Industrial Control System Performance Requirements

-Non-real-time -Response must be consistent -High throughput is demanded -High delay and jitter may be acceptable

-Real-time -Response is time-critical -Modest throughput is acceptable -High delay and/or jitter is not acceptable

Availability Requirements

-Responses such as rebooting are acceptable -Availability deficiencies can often be tolerated, depending on the systems operational requirements

-Responses such as rebooting may not be acceptable -Availability requirements may necessitate redundant systems -Outages must be planned and scheduled days/weeks in advance High availability requires exhaustive pre-deployment testing

Risk Management Requirements

-Data confidentiality and integrity is paramount -Fault tolerance is less important – momentary downtime is not a major risk -Major risk impact is delay of business operations

-Human safety and protection of the process are paramount -Fault tolerance is essential, momentary downtime may not be acceptable -Major risk impacts are regulatory non-compliance, environmental impacts, loss of life, equipment or production.

Architecture Security Focus

-Primary focus is protecting the IT assets, and the information stored on or transmitted among these assets -Central server may require more protection

-Primary goal is to protect edge clients (e.g. field devices such as process controllers) -Protection of central server is also important

Unintended Consequences

-Security solutions are designed around typical IT systems

-Security tools must be tested (e.g., off-line on a comparable ICS) to ensure that they do not compromise normal ICS operation

Time-Critical Interaction

-Less critical emergency interaction -Tightly restricted access control can be implemented to the degree necessary for security

-Response to human and other emergency interaction is critical -Access to ICS should be strictly controlled, but should not hamper or interfere with human-machine interaction

System Operation

-Systems are designed for use with typical operating systems -Upgrades are straightforward with the availability of automated deployment tools.

-Differing and possibly proprietary operating systems, often without security capabilities built in -Software changes must be carefully made, usually by software vendors, to accommodate specialized control algorithms and perhaps modified hardware

Resource Constraints

-Systems are specified with enough resources to support the addition of third-party applications such as security solutions

-Systems are designed to support the intended industrial process and may not have enough memory and computing resources to support the addition of security capabilities

Communications -Standard communications protocols -Primary wired networks with some localized wireless capabilities -Typical IT networking practices

-Many proprietary and standard communication protocols -Several types of communications media used including dedicated wire and wireless (radio and satellite) -Networks are complex and sometimes require the expertise of control engineers

Change Management

-Software changes are applied in a timely fashion in the presence of good security policy and procedures. The procedures are often automated.

-Software changes must be thoroughly tested and deployed incrementally throughout a system to ensure that the integrity of the control system is maintained. -ICS outages often must be planned and scheduled days/weeks in advance. -ICS may use OS's that are no longer supported.

Managed Support

-Allow for diversified support styles -Service support is usually via a single vendor

Component Lifetime

-Lifetime on the order of 3-5 years -Lifetime on the order of 15-20 years

Access to Components

-Components are usually local and easy to access

-Components can be isolated, remote, and require extensive physical effort to gain access to them.

Page 6 AMT NEWS/August 2015

®

UpdateBy Hilena Hailu MTConnect Product Manager hhailu@AMTonline .org

@mtconnect

Tech Time…Cyber-Physical securityBy Benjamin Moses Technical Director

MTConnect Technical Advisory Group meeting September 1-2, 2015

The third MTConnect Technical Advisory Group (TAG) meeting of the year will be held Sept. 1-2, 2015, at Georgia Tech Manufacturing Institute in Atlanta, Ga. Representatives from

TAG member organizations will meet to work on enhancements for the MTConnect standard version 1.4.0 release, as well as report progress of active working groups.

This meeting is strictly for TAG members. For membership infor-mation, visit the “Join the Institute” section of www.MTConnect.org.

MTConnect Student Challenge seeking innovative solutions

The MTConnect Student Challenge is seeking innovative ideas and applications that utilize the MTConnect standard. Open to U.S. community college and university students at the undergraduate and graduate

Cyber security has been around since the dawn of the internet. Protecting confidential financial and engineering data is paramount. Badge readers and security guards are evidence of physical security in most plants.

“The Critical Manufacturing (CM) sector is crucial to the economic prosperity and continuity of the United States, as products designed and distributed by U.S. manufacturers make up 13 percent of the U.S. gross domestic product and directly employ 11.7 million of the nation’s workforce.” (Critical Manufacturing Sector Coordinating Council).

IBM Security Services Cyber Security Intelligence Index 2014

National Institute of Standards and TechnologyNIST SP 800-82 - http://csrc .nist .gov/publications/nistpubs/800-82/SP800-82-final .pdf

“Guide to Industrial Control Systems Security”

Provides guidance for establishing secure ICS; Addresses unique performance, reliability, and safety requirements; Provides guidance for imple-menting NIST SP 800-53 controls to industrial and manufacturing systems of all sizes

Department of Homeland Security ResourcesRecommended Practices – http://ics-cert .us-cert .gov/introduction-recommended-practices

Alerts and Bulletins - http://us-cert .gov/ncas

Cyber Resilience Review (CRR) - http://us-cert .gov/ccubedvp/self-service-crr

A no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices . The assessment is designed to measure existing organizational resilience, as well as provide a gap analysis for improvement based on recognized best practices .

Cybersecurity Evaluation Tool (CSET) and On-Site Consulting – http://ics-cert .us-cert .gov/assessments

Industrial control systems security posture assessments – a self-assessment tool . Features include a mapping to control systems standards based on a network architecture mapping tool . The tool can be downloaded for self-use or organizations can request a facilitated site visit, which could include basic security assessments, network architectural review and verification, network scanning using custom tools to identify malicious activ-ity and indicators of compromise and penetration testing .

Critical Manufacturing Sector Coordinating Council – http://www .dhs .gov/cipac-sector-charters-and-membership

Critical Infrastructure Partnership Advisory Council (CIPAC) membership is comprised of the critical infrastructure sectors and federal agencies identified in Presidential Policy Directive 21: Critical Infrastructure Security and Resilience and the partnership structure identified in the National Infrastructure Protection Plan 2013: Partnering for Critical Infrastructure Security and Resilience .

When you combine the two, it takes a tangent that some may not be aware of. As the industrial sector pushes further into the digital factory, interconnectivity of machines and equipment becomes significantly more prevalent. Guarding these physical machines against cyber

threats has been an increasing focus of the U.S. government.

NIST (National Institute of Standards and Technology) and the DHS (Department of Home-land Security) have provided guides, software and training centers to improve the resiliency of industrial manufacturing.

NIST and DHS guides, software and training centers

Membership Services

Steve LesnewichV.P. - Membership Services

Smartwatch? The Apple Watch is very smart and very cool!

levels, the challenge may be of particular interest to students who are studying manufacturing-related fields; electrical, mechani-cal or industrial engineering; as well as software engineering and IT-related studies.

Full rules and submission details are available at www.challenge.gov/challenge/mtconnectstudentideas and www.challenge.gov/challenge/mtconnectstudentapps.

MTConnect Workshop at NAMRC published

At North American Manufac-turing Research Conference (NAMRC) in June, Will Sobel of System Insights hosted a techni-

cal workshop to discuss MTCon-nect and its use. Video and slides from the workshop are now available, covering the following topics:• MTConnect data model and

protocol• MTConnect Adapters• Machine-to-machine communi-

cation with a read-only interface

• Current research using MTConnect

• Open source frameworks, data source and data sets

Visit www.MTConnect.org/resources to view the workshop and download the slides.

You knew this was coming. How could we continue to print Road Warrior articles without doing one on the new Apple Watch? In a nutshell, the Apple Watch is a simple way to communicate without using your phone. That said, there are some additional good and not-so-good aspects to the Apple Watch.

The Apple Watch, in my opinion, is a very good looking product and is feature-packed with hundreds of apps for fitness tracking, communication, music and more. The watch is also able to use Apple Pay, plays music using bluetooth, and tells time from one of the many different and unique watch faces you can choose from.

On the downside, battery life is limited, lasting just over 24 hours between charges. The watch also only works with iPhone 5 or later version, which can be a damper for those who own older iPhone models. Then there’s the high price tag. An Apple Watch ranges between $349.00 for the Watch Sport, $399 to about $999 for the watch with various watch band offerings and up to $17,000.00 for the Watch Edition.

Overall, the Apple Watch has

four core functions, including communica-tions, fitness, informa-tion and of course, time. With it you can receive messages, send texts, dictate messages, answer or make speaker calls, track steps, log runs, monitor your heart rate and

listen to music via bluetooth. It also has a really good looking case.

The Apple Watch works by swiping or tapping just like the iPhone and also has a scroll stem. Notifications arrive accompanied by buzzes (vibrations) and pings (sounds). You can adjust the strength of the buzz and the loudness of the ping (the pings drove me crazy so I turned mine

off).Being a typical sales

guy, I learned about some of the features purely by accident. For instance, I was playing with the watch and saw the camera icon, I tapped it thinking maybe it would work like

a camera. The Apple Watch thought for a second and suddenly my daughter Krista’s boyfriend Glenn’s face was there looking at me. What the…? It turns out that the watch, when you tap its camera app, will automatically

Smartwatch See Page 7

For upcoming ANSI B11

and ISO machinery safety

meetings, go to

www.b11standards.org

Contact Dave Felinski, B11

Standards, Inc., at

dfelinski@b11standards.org

for updated information.

Page 6 AMT NEWS/December 2015

Tech Time…

By Stephen LaMarca Manufacturing Technology Analyst

Recommendations for modernizing cybersecurity

For upcoming ANSI B11

and ISO machinery safety

meetings, go to

www.b11standards.org

Contact Dave Felinski, B11

Standards, Inc., at

dfelinski@b11standards.org

for updated information.

If you run your manufacturing facility with controllers, are you using the latest acceptable operat-ing system? A factory with control-lers using a dated OS is just one example of cyber vulnerability.

The Office of Personal Manage-ment was breached in June of this year because of a vulnerability related to the scenario above. This preventable breach was caused because of unpatched servers. It could have been thwarted via current patches and an implementation of two-factor authentication. The OPM breach sparked the Cyber Sprint which ultimately led to the CSIP.

On October 30 of this year, the Federal Chief Information Officer (FCIO) Tony Scott released the “Cybersecurity Strategy and Implementation Plan (CSIP) for the Federal Civilian Government” to the general public. Through this document, the Office of Manage-ment and Budget (OMB) has directed a series of actions for federal agencies to continue strengthening cybersecurity and modernizing the government’s technology infrastructure.

Five objectives are set forth in the CSIP that focus on strengthen-ing federal civilian cybersecurity. The first objective is prioritizing the identification and protection of high value information and assets. Next is the timely detection of and rapid response to cyber incidents. Following this is the rapid recovery from said incidents when they occur. The fourth objective is the recruitment and retention of the most highly qualified cybersecurity workforce talent the federal government can bring to bear. Lastly, is the efficient and effective acquisition and deployment of existing and emerging technology. For the most part, all government cybersecurity literature is based around “identify, protect, detect, respond, and recover.”

The CSIP timeline for federal

agencies is available at https://www.whitehouse.gov/sites/default/files/omb/memoranda/2016/m-16-04.pdf on page 4 of the document.

So what does this mean to those in the manufacturing industry? If a company plans to sell to the government in the future, they will have to establish a baseline cybersecurity program with defined industry best practices for security protections. All federal acquisitions will have blanket requirements for such sourcing.

A high value asset (HVA) is defined in the CSIP as “systems, facilities, data and datasets that are of particular interest to potential adversaries. These assets, systems, and datasets may contain sensitive controls, instructions or data used in critical federal operations, or house unique collections of data (by size or content) making them of particular interest to criminal, politically motivated, or state-sponsored actors for either direct exploitation of the data or to cause a loss of confidence in the U.S. government.”

Should a company operate a HVA, then they will get strong influence to adopt the Cyber Security Framework (CSF) put out for industry assets. This involves having a security program with defined industry best practices. The CSF was written specifically for industry, thus is lighter in requirements than those listed in the Federal Information Security Modernization Act (FISMA), which is geared more toward government use.

Alongside the CSIP and the CSF is another powerful government tool available to the public’s disposal, the National Checklist Program (NCP). The NCP is the federal database of publicly available security checklists (benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems and applications.

Cyber threats cannot be eliminated entirely but they can be managed much more effectively. These tools help get the current federal system in order and are excellent models for civilian and commercial systems to go by.

For more information on any document mentioned above or the official document itself go to:CSIP – https://www.whitehouse.

gov/sites/default/files/omb/memoranda/2016/m-16-04.pdf

CSF – http://www.nist.gov/cyberframework/

NCP – https://web.nvd.nist.gov/view/ncp/repository

The recent growth of digital technologies in manufacturing has provided opportunities to promote interoperability between systems across the manufactur-ing enterprise. These opportuni-ties have allowed manufacturers to generate better intelligence about their systems through the efficient and effective use of data and information. The result is improved decision-making support through moni-toring, analytics, modeling, and simulation that has promoted the competitiveness of those manu-facturers able to harness ad-vanced manufacturing technolo-gies within their operations.

However, it has become increasingly challenging for

manufacturers to navigate the breadth and type of technologies now available to them. This problem is confounded by technologies developed without a good understanding of the capabilities and limitations of the manufacturing environment, especially within small-to-medium enterprises.

To assure that advanced manufacturing technologies work

well together and with existing manufactur-ing systems, it is critical that

manufacturers and solution providers collaborate to identify problem areas and pool solutions and best practices. The Advanced Manufacturing Partnership Steering Committee argues in its final report that this type of shared understanding can enable the successful deployment and widespread adoption of advanced

manufacturing technologies to benefit the entire manufacturing community. Such a resource can also highlight standardization opportunities and help close the innovation “valley of death” by addressing scale-up and deploy-ment issues early in the develop-ment of new manufacturing technologies.

NIST to develop a preliminary database

The National Institute of Standards and Technology (NIST) has been conducting research to develop a preliminary database to collect common barriers, solu-tions, and best practices for advanced manufacturing technology. NIST hopes to engage manufacturers, solution provid-ers, and other technology experts interested in contributing to this technology knowledge base by sharing:• Common implementation issues

encountered when deploying manufacturing technology

• Best practices for and/or examples of successful imple-mentations of manufacturing technology

• Feedback on the potential use of the database as a resource for the manufacturing community

NIST is a non-regulatory agency within the Department of Commerce committed to promot-ing American innovation and industrial competitiveness by advancing measurement science, standards and technologies. Through the Engineering Labora-tory and Hollings Manufacturing Extension Partnership (MEP), one of NIST’s top priorities is to provide technical support to American manufacturers so that they can outperform interna-tional competition. The goal of the technology knowledge base is to meet this mission by enabling the manufacturing community to identify the challenges, risks and opportunities for advanced manufacturing technology. This effort can create a common understanding of the best areas and methods to deploy viable technology solutions that deliver on the promise of advanced manufacturing.

For further information, please contact Moneer Helu via moneer .helu@nist.gov or 301-975-3654.

Identifying challenges for advanced manufacturing technology

By Moneer Helu Engineering Laboratory National Institute of Standards and Technology

This year’s Additive Manufacturing Con-ference 2015 in Knoxville, Tenn., proved to be another great industrial gathering planned and executed by Gardner Media (publishers of Modern Machine Shop and

the Additive Manufacturing Magazine).

AMT had the opportunity to participate as we moderated an industrial panel that included Dassault Systems, America Makes, 3DSIM and Car-penter Materials. The active engagement brought to light for the audi-ence some of the key challenges and enablers to further advance additive’s industrial usage.

This conference was differentiated by speakers who delved deep into the content. The first step of awareness was assumed at AMC 2015 and participants enjoyed in depth discussion of hot topics such as: where the reality of insertion is, the current state of standards/best practices, the role of advancing materials and simulation along with case study-based business applications for AM/3DP technologies and parts.

Looking forward to AMC 2016 at McCormick Place alongside IMTS 2016 in Chicago!

AM Magazine link: http://www.additivemanufacturing.media/articles/ 

“Valley ofDeath”

BasicResearch

Development & Scale Up

Launch & Operation

Figure: Successfully navigating the innovation “valley of death” is necessary to deploy viable advanced

manufacturing technologies

… it has become increasingly challenging for manufacturers to navigate the breadth and type of

technologies now available to them.