Abstract
Industry 4.0 and its related technologies (e.g., embedded sensing, internet-of-things, and cyber-physical systems) are promising a paradigm shift in manufacturing automation. However, with a continual increase in device interconnectivity, securing these systems becomes crucial. As these systems evolve, opportunities for cyberattacks extend to include attacks that can physically alter parts (Product-Oriented C2P attacks). Fortunately, since these cyber-physical attacks affect the physical world, there exists potential to detect an attack through its physical manifestation. Typically, in manufacturing, quality control (QC) systems are used to detect quality losses or deviations from nominal. This paper proposes that QC tools can be adapted to act as physical detection layers as part of a defense-in-depth strategy (common IT security strategy) that increases the difficulty/cost required for a successful attack. However, effectively designing physical detection layers requires understanding the extent to which attacks can (and cannot) be designed to avoid detection. In response, this paper proposes a machining specific attack design scheme and an attack design designation system (ADDS) that provides the structure to populate a wide variety of potential attacks. To illustrate the importance of applying a defense-in-depth strategy for machining, a case study is conducted with several realistic attacks against an example machining process that collects in-situ process data. Within this case study, the proposed ADDS is employed to systematically describe how these attacks could be designed to avoid detection. Finally, through this exploration, this paper shows how employing process-domain knowledge to understand the effects of Product-Oriented attacks on process physics can further aid in detection layer designs.
Similar content being viewed by others
Change history
22 November 2019
The original version of this article contained a mistake.
References
Jazdi N (2014) Cyber physical systems in the context of Industry 4.0. In: IEEE International Conference on Automation, Quality and Testing, Robotics. IEEE, pp 1–4
Ren L, Zhang L, Tao F, Zhao C, Chai X, Zhao X (2015) Cloud manufacturing: from concept to practice. Enterp Inf Syst 9(2):186–209
Wells LJ, Camelio JA, Williams CB, White J (2014) Cyber-physical security challenges in manufacturing systems. Manufact Lett 2(2):74–77. https://doi.org/10.1016/j.mfglet.2014.01.005
Lee RM, Assante MJ, Conway T (2014) German steel mill cyber attack. Industrial Control Systems. SANS Institute
Sturm LD, Williams CB, Camelio JA, White J, Parker R (2014) Cyber-physical vulnerabilities in additive manufacturing systems. In: 25th Annual Solid Freeform Fabrication Symposium, Austin, TX
Yampolskiy M, Horvath P, Koutsoukos XD, Xue Y (2012) Sztipanovits J Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach. In: the 5th International Symposium on Resilient Control Systems (ISRCS). IEEE, pp 55–62
Yampolskiy M, Horvath P, Koutsoukos XD, Xue Y (2013) Sztipanovits J Taxonomy for description of cross-domain attacks on CPS. In: Proceedings of the 2nd ACM international conference on High confidence networked systems. ACM, pp 135–142
Elhabashy AE, Wells LJ, Woodall WH, Camelio JA (2018) A cyber-physical attack taxonomy for production systems: a quality control perspective. J Intell Manuf:1–16
Sturm LD, Williams CB, Camelio JA, White J, Parker R (2017) Cyber-physical vulnerabilities in additive manufacturing systems: a case study attack on the. STL file with human subjects. J Manuf Syst 44:154–164
Fabro M, Gorski E, Spiers N (2016) Recommended practice: improving industrial control system cybersecurity with defense-in-depth strategies. DHS Industrial Control Systems Cyber Emergency Response Team
Blackwell C, Zhu H (2014) Cyberpatterns: unifying design patterns with security and attack patterns. Springer
Mitre-Corporation (2018) Common weakness enumeration (CWE). Mitre Corporation. http://cwe.mitre.org/index.html. Accessed 05/04/2018
Mitre-Corporation (2018) Common vulnerabilities and exposures (CVE®). Mitre Corporation. http://cve.mitre.org/index.html. Accessed 05/04/2018 2018
Mell P (2005) The national vulnerability database. NIST Presentation
Mitre-Corporation (2017) Common attack pattern enumeration and classification (CAPECTM). Mitre Corporation. https://capec.mitre.org/. Accessed 05/04/2018 2018
NIST (2018) Framework for improving critical infrastructure cybersecurity, Version 1.1. 1.1 edn. National Institute of Standards and Technology
Vincent H, Wells L, Tarazaga P, Camelio J (2015) Trojan detection and side-channel analyses for cyber-security in cyber-physical manufacturing systems. Procedia Manufactur 1:77–85. https://doi.org/10.1016/j.promfg.2015.09.065
Huang Y, Leu MC, Mazumder J, Donmez A (2015) Additive manufacturing: current state, future potential, gaps and needs, and recommendations. J Manuf Sci Eng 137(1):014001
Kline S, Guckes ACM, Schafer J (2017) Machine tools. 2018 Capital Spending Survey Results
Hutchins MJ, Bhinge R, Micali MK, Robinson SL, Sutherland JW, Dornfeld D (2015) Framework for identifying cybersecurity risks in manufacturing. Procedia Manufactur 1:47–63
Chhetri SR, Wan J, Al Faruque MA (2017) Cross-domain security of cyber-physical systems. Design Automation Conference (ASP-DAC), 2017 22nd Asia and South Pacific, IEEE:200–205
DeSmit Z, Elhabashy AE, Wells LJ, Camelio JA (2017) An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems. J Manuf Syst 43:339–351
Yampolskiy M, Skjellum A, Kretzschmar M, Overfelt RA, Sloan KR, Yasinsac A (2016) Using 3D printers as weapons. Int J Crit Infrastruct Prot 14:58–71
Pan Y, White J, Schmidt DC, Elhabashy A, Sturm L, Camelio J, Williams C (2017) Taxonomies for reasoning about cyber-physical attacks in IoT-based manufacturing systems. Int J Interact Multimed Artific Intel 4(3)
DeSmit Z (2017) Cyber-physical security in advanced manufacturing Doctoral Dissertation, Virginia Tech
Sturm LD, Albakri M, Williams CB, Tarazaga P (2016) In-situ detection of build defects in additive manufacturing via impedance-based monitoring. In: Paper presented at the Proceedings of the 27th Annual International Solid Freeform Fabrication Symposium. An Additive Manufacturing Conference, Austin, pp 8–10
Chhetri SR, Canedo A, Al Faruque MA (2016) KCAD: kinetic cyber-attack detection method for cyber-physical additive manufacturing systems. Paper presented at the International Conference On Computer Aided Design (ICCAD '16), Austin, 7-10
Belikovetsky S, Solewicz Y, Yampolskiy M, Toh J, Elovici Y (2017) Detecting cyber-physical attacks in additive manufacturing using digital audio signing arXiv preprint arXiv:170506454
Wu M, Song Z, Moon YB (2017) Detecting cyber-physical attacks in CyberManufacturing systems with machine learning methods. J Intell Manuf 30:1–13. https://doi.org/10.1007/s10845-017-1315-5
Turner H, White J, Camelio JA, Williams C, Amos B, Parker R (2015) Bad parts: are our manufacturing systems at risk of silent cyberattacks? IEEE Secur Priv 13(3):40–47
Zeltmann SE, Gupta N, Tsoutsos NG, Maniatakos M, Rajendran J, Karri R (2016) Manufacturing and security challenges in 3D printing. J Miner, Met Materi Soc (JOM) 68(7):1872–1881. https://doi.org/10.1007/s11837-016-1937-7
Belikovetsky S, Yampolskiy M, Toh J, Elovici Y (2016) Dr0wned-cyber-physical attack with additive manufacturing arXiv preprint arXiv:160900133
Moore SB, Glisson WB, Yampolskiy M Implications of malicious 3D printer firmware. In: Proceedings of the 50th Hawaii International Conference on System Sciences. HICSS, Waikoloa Village, pp 6089–6098
Slaughter A, Yampolskiy M, Matthews M, King WE, Guss G, Elovici Y (2017) How to ensure bad quality in metal additive manufacturing: in-situ infrared thermography from the security perspective. In: Proceedings of the 12th International Conference on Availability, Reliability and Security. ACM, p 78
Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10(1):1–35
Evans JR, Lindsay WM (2013) Managing for quality and performance excellence. Cengage Learn
Teti R, Jemielniak K, O’Donnell G, Dornfeld D (2010) Advanced monitoring of machining operations. CIRP Annals-Manufactur Technol 59(2):717–739
Tang C (2017) Key performance indicators for process control system cybersecurity performance analysis. US Department of Commerce, National Institute of Standards and Technology
Urbina DI, Urbina DI, Giraldo J, Cardenas AA, Valente J, Faisal M, Tippenhauer NO, Ruths J, Candell R, Sandberg H (2016) Survey and new directions for physics-based attack detection in control systems. US Department of Commerce, National Institute of Standards and Technology
Barnum S (2008) Common attack pattern enumeration and classification (capec) schema description. Cigital Inc, https://capec.mitre.org/documents/documentation/CAPEC_Schema_Descr iption_v1 3
Kuttolamadom MA, Mears ML, Kurfess TR (2012) On the volumetric assessment of tool wear in machining inserts with complex geometries—part 1: need, methodology, and standardization. J Manuf Sci Eng 134(5):051002
ASME (2009) Dimensioning and tolerancing, p Y145
Federal-Aviation-Administration (2012) Aircraft landing gear systems. In: Aviation maintenance technician handbook - airframe, vol 1. U.S. Department of Transportation, Flight Standards Service
Caldwell T (2011) Ethical hackers: putting on the white hat. Netw Secur 2011(7):10–13
Acknowledgments
The authors would like to thank the Center for Innovation Based Manufacturing (CIBM) at Virginia Tech and its director, Dr. Jaime Camelio, for utilizing the center’s manufacturing equipment, sensors, and DAQ system used in running the experimental investigation. Also, the authors thank SANDVIK COROMANT for providing the cutting tools used in the experimental investigation.
Funding
This research work was partially supported by the National Science Foundation (NSF) and Department of Homeland Security (DHS) under grant no. CNS 1446804.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The original version of this article was revised: Table 4 is missing in the original published article.
Rights and permissions
About this article
Cite this article
Shafae, M.S., Wells, L.J. & Purdy, G.T. Defending against product-oriented cyber-physical attacks on machining systems. Int J Adv Manuf Technol 105, 3829–3850 (2019). https://doi.org/10.1007/s00170-019-03805-z
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00170-019-03805-z