4 research outputs found
Graph-Theoretic Approach for Manufacturing Cybersecurity Risk Modeling and Assessment
Identifying, analyzing, and evaluating cybersecurity risks are essential to
assess the vulnerabilities of modern manufacturing infrastructures and to
devise effective decision-making strategies to secure critical manufacturing
against potential cyberattacks. In response, this work proposes a
graph-theoretic approach for risk modeling and assessment to address the lack
of quantitative cybersecurity risk assessment frameworks for smart
manufacturing systems. In doing so, first, threat attributes are represented
using an attack graphical model derived from manufacturing cyberattack
taxonomies. Attack taxonomies offer consistent structures to categorize threat
attributes, and the graphical approach helps model their interdependence.
Second, the graphs are analyzed to explore how threat events can propagate
through the manufacturing value chain and identify the manufacturing assets
that threat actors can access and compromise during a threat event. Third, the
proposed method identifies the attack path that maximizes the likelihood of
success and minimizes the attack detection probability, and then computes the
associated cybersecurity risk. Finally, the proposed risk modeling and
assessment framework is demonstrated via an interconnected smart manufacturing
system illustrative example. Using the proposed approach, practitioners can
identify critical connections and manufacturing assets requiring prioritized
security controls and develop and deploy appropriate defense measures
accordingly.Comment: 25 pages, 10 figure
Recommended from our members
Secure Cyber-Physical Manufacturing Systems (Secure-CyPhyMan): Advanced Methods for Manufacturing Cybersecurity Threat Characterization, Risk Modeling and Assessment, and a Resilient Attack Detection and Prevention
The integration of Information Technology (IT) and Operational Technology (OT) in the manufacturing industry has significantly transformed production processes, resulting in interconnected and data-driven smart manufacturing systems. While enhancing operational efficiency and system visibility, this convergence has also introduced and expanded the cyberattack surface, making physical manufacturing operations vulnerable to significant cyber threats. Addressing the pressing need for robust cybersecurity measures in manufacturing, this dissertation presents three significant scientific advancements: systematically characterizing and classifying manufacturing-specific cyber threats, establishing a cybersecurity risk assessment framework for discrete manufacturing systems, and developing physics-informed detective and preventive defense mechanisms.
First, this dissertation introduces a consistent and structured classification scheme to systematically characterize and categorize manufacturing-specific cyberattack attributes. It analyzes and synthesizes existing manufacturing cyberattack taxonomies, compiles them into a unified meta-taxonomy, proposes several use cases on how taxonomies can be leveraged for assessing security threats and their associated risks and identifies the gaps in existing taxonomical classifications. Building upon this foundation, a more comprehensive taxonomy encompassing a broader range of attack attributes is introduced. The proposed taxonomy categorizes attack methods/vectors and targets/locations and incorporates operational and system-level attack impacts. This study also presents a classification structure for countermeasures, provides examples of potential countermeasures, and explains how they fit into the proposed taxonomical classification. Finally, the implementation of the proposed taxonomy is illustrated using two realistic scenarios of attacks on typical smart manufacturing systems, as well as several real-world cyber-physical attack incidents and academic case studies. The developed manufacturing attack taxonomy offers a holistic view of the attack chain in manufacturing systems, starting from the attack launch to the possible damages and system behavior changes. Furthermore, it guides the design and development of appropriate protective and detective countermeasures by leveraging the attack realization through observed system deviations.
Second, this dissertation introduces the first taxonomy-driven graph-theoretic model and framework to formally represent this unique cybersecurity threat landscape and identify vulnerable manufacturing assets requiring prioritized control. The proposed framework characterizes threat actors' techniques, tactics, and procedures using taxonomical classifications of manufacturing-specific threat attributes and integrates these attributes into cybersecurity risk modeling. This facilitates systematic generation of comprehensive and generalizable cyber-physical attack graphs for discrete manufacturing systems. Using attack graph formalism, the proposed framework enables concurrent modeling and analysis of a wide variety of cybersecurity threats comprising varying attack vectors, locations, vulnerabilities, and consequences. The risk model captures the cascading attack impact of varying attack methods through different cyber and physical entities in manufacturing systems, leading to specific consequences. Then, the constructed cyber-physical attack graphs are analyzed to comprehend threat propagation through the discrete manufacturing value chain and identify potential attack paths. Next, a quantitative risk assessment approach is presented to evaluate the cybersecurity risk associated with potential attack paths. It also identifies the attack path with the maximum likelihood of success, pointing out critical manufacturing assets requiring prioritized control. The proposed risk modeling and assessment framework has been demonstrated using an illustrative example.
Third, this dissertation introduces a novel anomaly detection method connecting product design, process design, and in situ monitoring of process power consumption to identify the physical manifestations of cyber-physical attacks. The proposed approach can verify the geometric integrity of a machined part by observing cutting power signals during machining. Process and product knowledge is utilized to segment the power signal into the cutting cycles corresponding to specific geometrical features and extract process-related information accordingly. The extracted information is used to construct quality control charts for detecting geometric integrity deviations of machined parts. The proposed method is demonstrated using a case study of cyber-physical attacks on machining processes aiming to tamper with different product's dimensional and geometrical features. In addition to the detective defense, this dissertation presents a preventive defense measure for protecting proprietary manufacturing processes and product information and maintaining data integrity in metal AM processes. It investigates potential information leakage from raw melt pool image data sharing for collaborative model development for anomaly detection. In doing so, a proactive attack scheme is designed to discover the scan pattern from melt pool images in laser powder bed fusion AM processes with close to 100% accuracy. Next, this dissertation introduces two security-aware data-sharing strategies for melt pool data sharing with different privacy guarantees while ensuring the data utility for model development.
This dissertation advances the state of knowledge in manufacturing cybersecurity by systematically characterizing manufacturing-specific cybersecurity threats, developing a risk modeling and assessment framework, and proposing novel detective and preventive defense mechanisms. The findings and methodologies presented herein are essential for manufacturing stakeholders to adopt proactive cybersecurity strategies, safeguard critical manufacturing infrastructure, and enhance the overall security posture of smart manufacturing systems.Release after 08/16/202
Recommended from our members
Physics-based detection of cyber-attacks in manufacturing systems: A machining case study
The overlap between operational technologies and information technology has resulted in profound improvements in the manufacturing ecosystem, but it increases the risk of a non-conventional class of cyber-attacks capable of inflicting physical damages on manufacturing processes and/or products. If successful in penetrating traditional cyber-only defenses, such attacks may not be detected timely, leading to financial losses, and potentially endangering human safety. However, malicious alterations of products and/or processes intended by these attacks can be manifested as anomalous changes in process dynamics. Hence, monitoring physical process variables such as vibration and power consumption (known as side-channels in cybersecurity literature) can provide a physical-domain defense layer to detect such attacks. Focusing on product-oriented attacks, we propose a method to connect the product design, process design, and in situ monitoring to identify the physical manifestations of these attacks. The proposed approach can verify the geometric integrity of a machined part by observing cutting power signals during machining. We utilize the process and product knowledge to segment the power signal into the cutting cycles corresponding to specific geometrical features and extract process-related information accordingly. This work primarily focuses on extracting machining times for individual geometric features in parts. Next, we use the extracted information to construct quality control charts to use in detecting geometric integrity deviations of machined parts. Finally, we demonstrate our proposed method using a case study of cyber-physical attacks on machining processes aiming to tamper with different product's dimensional and geometrical features.Arizona Board of Regents24 month embargo; available online: 28 April 2022This item from the UA Faculty Publications collection is made available by the University of Arizona with support from the University of Arizona Libraries. If you have questions, please contact us at [email protected]