Skip to main content

Advertisement

SpringerLink
Log in

Defending against product-oriented cyber-physical attacks on machining systems

  • ORIGINAL ARTICLE
  • Published:
The International Journal of Advanced Manufacturing Technology Aims and scope Submit manuscript

A Correction to this article was published on 22 November 2019

This article has been updated

Abstract

Industry 4.0 and its related technologies (e.g., embedded sensing, internet-of-things, and cyber-physical systems) are promising a paradigm shift in manufacturing automation. However, with a continual increase in device interconnectivity, securing these systems becomes crucial. As these systems evolve, opportunities for cyberattacks extend to include attacks that can physically alter parts (Product-Oriented C2P attacks). Fortunately, since these cyber-physical attacks affect the physical world, there exists potential to detect an attack through its physical manifestation. Typically, in manufacturing, quality control (QC) systems are used to detect quality losses or deviations from nominal. This paper proposes that QC tools can be adapted to act as physical detection layers as part of a defense-in-depth strategy (common IT security strategy) that increases the difficulty/cost required for a successful attack. However, effectively designing physical detection layers requires understanding the extent to which attacks can (and cannot) be designed to avoid detection. In response, this paper proposes a machining specific attack design scheme and an attack design designation system (ADDS) that provides the structure to populate a wide variety of potential attacks. To illustrate the importance of applying a defense-in-depth strategy for machining, a case study is conducted with several realistic attacks against an example machining process that collects in-situ process data. Within this case study, the proposed ADDS is employed to systematically describe how these attacks could be designed to avoid detection. Finally, through this exploration, this paper shows how employing process-domain knowledge to understand the effects of Product-Oriented attacks on process physics can further aid in detection layer designs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Change history

  • 22 November 2019

    The original version of this article contained a mistake.

References

  1. Jazdi N (2014) Cyber physical systems in the context of Industry 4.0. In: IEEE International Conference on Automation, Quality and Testing, Robotics. IEEE, pp 1–4

  2. Ren L, Zhang L, Tao F, Zhao C, Chai X, Zhao X (2015) Cloud manufacturing: from concept to practice. Enterp Inf Syst 9(2):186–209

    Article  Google Scholar 

  3. Wells LJ, Camelio JA, Williams CB, White J (2014) Cyber-physical security challenges in manufacturing systems. Manufact Lett 2(2):74–77. https://doi.org/10.1016/j.mfglet.2014.01.005

    Article  Google Scholar 

  4. Lee RM, Assante MJ, Conway T (2014) German steel mill cyber attack. Industrial Control Systems. SANS Institute

  5. Sturm LD, Williams CB, Camelio JA, White J, Parker R (2014) Cyber-physical vulnerabilities in additive manufacturing systems. In: 25th Annual Solid Freeform Fabrication Symposium, Austin, TX

  6. Yampolskiy M, Horvath P, Koutsoukos XD, Xue Y (2012) Sztipanovits J Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach. In: the 5th International Symposium on Resilient Control Systems (ISRCS). IEEE, pp 55–62

  7. Yampolskiy M, Horvath P, Koutsoukos XD, Xue Y (2013) Sztipanovits J Taxonomy for description of cross-domain attacks on CPS. In: Proceedings of the 2nd ACM international conference on High confidence networked systems. ACM, pp 135–142

  8. Elhabashy AE, Wells LJ, Woodall WH, Camelio JA (2018) A cyber-physical attack taxonomy for production systems: a quality control perspective. J Intell Manuf:1–16

  9. Sturm LD, Williams CB, Camelio JA, White J, Parker R (2017) Cyber-physical vulnerabilities in additive manufacturing systems: a case study attack on the. STL file with human subjects. J Manuf Syst 44:154–164

    Article  Google Scholar 

  10. Fabro M, Gorski E, Spiers N (2016) Recommended practice: improving industrial control system cybersecurity with defense-in-depth strategies. DHS Industrial Control Systems Cyber Emergency Response Team

  11. Blackwell C, Zhu H (2014) Cyberpatterns: unifying design patterns with security and attack patterns. Springer

  12. Mitre-Corporation (2018) Common weakness enumeration (CWE). Mitre Corporation. http://cwe.mitre.org/index.html. Accessed 05/04/2018

  13. Mitre-Corporation (2018) Common vulnerabilities and exposures (CVE®). Mitre Corporation. http://cve.mitre.org/index.html. Accessed 05/04/2018 2018

  14. Mell P (2005) The national vulnerability database. NIST Presentation

  15. Mitre-Corporation (2017) Common attack pattern enumeration and classification (CAPECTM). Mitre Corporation. https://capec.mitre.org/. Accessed 05/04/2018 2018

  16. NIST (2018) Framework for improving critical infrastructure cybersecurity, Version 1.1. 1.1 edn. National Institute of Standards and Technology

  17. Vincent H, Wells L, Tarazaga P, Camelio J (2015) Trojan detection and side-channel analyses for cyber-security in cyber-physical manufacturing systems. Procedia Manufactur 1:77–85. https://doi.org/10.1016/j.promfg.2015.09.065

    Article  Google Scholar 

  18. Huang Y, Leu MC, Mazumder J, Donmez A (2015) Additive manufacturing: current state, future potential, gaps and needs, and recommendations. J Manuf Sci Eng 137(1):014001

    Article  Google Scholar 

  19. Kline S, Guckes ACM, Schafer J (2017) Machine tools. 2018 Capital Spending Survey Results

  20. Hutchins MJ, Bhinge R, Micali MK, Robinson SL, Sutherland JW, Dornfeld D (2015) Framework for identifying cybersecurity risks in manufacturing. Procedia Manufactur 1:47–63

    Article  Google Scholar 

  21. Chhetri SR, Wan J, Al Faruque MA (2017) Cross-domain security of cyber-physical systems. Design Automation Conference (ASP-DAC), 2017 22nd Asia and South Pacific, IEEE:200–205

  22. DeSmit Z, Elhabashy AE, Wells LJ, Camelio JA (2017) An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems. J Manuf Syst 43:339–351

    Article  Google Scholar 

  23. Yampolskiy M, Skjellum A, Kretzschmar M, Overfelt RA, Sloan KR, Yasinsac A (2016) Using 3D printers as weapons. Int J Crit Infrastruct Prot 14:58–71

    Article  Google Scholar 

  24. Pan Y, White J, Schmidt DC, Elhabashy A, Sturm L, Camelio J, Williams C (2017) Taxonomies for reasoning about cyber-physical attacks in IoT-based manufacturing systems. Int J Interact Multimed Artific Intel 4(3)

  25. DeSmit Z (2017) Cyber-physical security in advanced manufacturing Doctoral Dissertation, Virginia Tech

  26. Sturm LD, Albakri M, Williams CB, Tarazaga P (2016) In-situ detection of build defects in additive manufacturing via impedance-based monitoring. In: Paper presented at the Proceedings of the 27th Annual International Solid Freeform Fabrication Symposium. An Additive Manufacturing Conference, Austin, pp 8–10

    Google Scholar 

  27. Chhetri SR, Canedo A, Al Faruque MA (2016) KCAD: kinetic cyber-attack detection method for cyber-physical additive manufacturing systems. Paper presented at the International Conference On Computer Aided Design (ICCAD '16), Austin, 7-10

    Google Scholar 

  28. Belikovetsky S, Solewicz Y, Yampolskiy M, Toh J, Elovici Y (2017) Detecting cyber-physical attacks in additive manufacturing using digital audio signing arXiv preprint arXiv:170506454

  29. Wu M, Song Z, Moon YB (2017) Detecting cyber-physical attacks in CyberManufacturing systems with machine learning methods. J Intell Manuf 30:1–13. https://doi.org/10.1007/s10845-017-1315-5

    Article  Google Scholar 

  30. Turner H, White J, Camelio JA, Williams C, Amos B, Parker R (2015) Bad parts: are our manufacturing systems at risk of silent cyberattacks? IEEE Secur Priv 13(3):40–47

    Article  Google Scholar 

  31. Zeltmann SE, Gupta N, Tsoutsos NG, Maniatakos M, Rajendran J, Karri R (2016) Manufacturing and security challenges in 3D printing. J Miner, Met Materi Soc (JOM) 68(7):1872–1881. https://doi.org/10.1007/s11837-016-1937-7

    Article  Google Scholar 

  32. Belikovetsky S, Yampolskiy M, Toh J, Elovici Y (2016) Dr0wned-cyber-physical attack with additive manufacturing arXiv preprint arXiv:160900133

  33. Moore SB, Glisson WB, Yampolskiy M Implications of malicious 3D printer firmware. In: Proceedings of the 50th Hawaii International Conference on System Sciences. HICSS, Waikoloa Village, pp 6089–6098

  34. Slaughter A, Yampolskiy M, Matthews M, King WE, Guss G, Elovici Y (2017) How to ensure bad quality in metal additive manufacturing: in-situ infrared thermography from the security perspective. In: Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, p 78

  35. Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35

    Article  Google Scholar 

  36. Evans JR, Lindsay WM (2013) Managing for quality and performance excellence. Cengage Learn

  37. Teti R, Jemielniak K, O’Donnell G, Dornfeld D (2010) Advanced monitoring of machining operations. CIRP Annals-Manufactur Technol 59(2):717–739

    Article  Google Scholar 

  38. Tang C (2017) Key performance indicators for process control system cybersecurity performance analysis. US Department of Commerce, National Institute of Standards and Technology

  39. Urbina DI, Urbina DI, Giraldo J, Cardenas AA, Valente J, Faisal M, Tippenhauer NO, Ruths J, Candell R, Sandberg H (2016) Survey and new directions for physics-based attack detection in control systems. US Department of Commerce, National Institute of Standards and Technology

  40. Barnum S (2008) Common attack pattern enumeration and classification (capec) schema description. Cigital Inc, https://capec.mitre.org/documents/documentation/CAPEC_Schema_Descr iption_v1 3

  41. Kuttolamadom MA, Mears ML, Kurfess TR (2012) On the volumetric assessment of tool wear in machining inserts with complex geometries—part 1: need, methodology, and standardization. J Manuf Sci Eng 134(5):051002

    Article  Google Scholar 

  42. ASME (2009) Dimensioning and tolerancing, p Y145

    Google Scholar 

  43. Federal-Aviation-Administration (2012) Aircraft landing gear systems. In: Aviation maintenance technician handbook - airframe, vol 1. U.S. Department of Transportation, Flight Standards Service

  44. Caldwell T (2011) Ethical hackers: putting on the white hat. Netw Secur 2011(7):10–13

    Article  Google Scholar 

Download references

Acknowledgments

The authors would like to thank the Center for Innovation Based Manufacturing (CIBM) at Virginia Tech and its director, Dr. Jaime Camelio, for utilizing the center’s manufacturing equipment, sensors, and DAQ system used in running the experimental investigation. Also, the authors thank SANDVIK COROMANT for providing the cutting tools used in the experimental investigation.

Funding

This research work was partially supported by the National Science Foundation (NSF) and Department of Homeland Security (DHS) under grant no. CNS 1446804.

Author information

Authors and Affiliations

  1. Department of Systems and Industrial Engineering, University of Arizona, Tucson, AZ, 85721, USA

    Mohammed S. Shafae

  2. Department of Industrial and Entrepreneurial Engineering and Engineering Management, Western Michigan University, Kalamazoo, MI, 49008, USA

    Lee J. Wells

  3. Department Industrial and Systems Engineering, Auburn University, Auburn, AL, 36849, USA

    Gregory T. Purdy

Authors
  1. Mohammed S. Shafae
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lee J. Wells
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gregory T. Purdy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed S. Shafae.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The original version of this article was revised: Table 4 is missing in the original published article.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Shafae, M.S., Wells, L.J. & Purdy, G.T. Defending against product-oriented cyber-physical attacks on machining systems. Int J Adv Manuf Technol 105, 3829–3850 (2019). https://doi.org/10.1007/s00170-019-03805-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00170-019-03805-z

Keywords

Search

Navigation