Framework for Identifying Cybersecurity Risks in Manufacturing

Increasing connectivity, use of digital computation, and off-site data storage provide potential for dramatic improvements in manufacturing productivity, quality, and cost. However, there are also risks associated with the increased volume and pervasiveness of data that are generated and potentially accessible to competitors or adversaries. Enterprises have experienced cyber attacks that exfiltrate confidential and/or proprietary data, alter information to cause an unexpected or unwanted effect, and destroy capital assets. Manufacturers need tools to incorporate these risks into their existing risk management processes. This paper establishes a framework that considers the data flows within a manufacturing enterprise and throughout its supply chain. The framework provides several mechanisms for identifying generic and manufacturing-specific vulnerabilities and is illustrated with details pertinent to an automotive manufacturer. In addition to providing manufacturers with insights into their potential data risks, this framework addresses an outcome identified by the NIST Cybersecurity Framework.

[1]  Lei Ren,et al.  A Security Framework for Cloud Manufacturing , 2014 .

[2]  Barack Obama,et al.  Executive Order 13636: Improving Critical Infrastructure Cybersecurity , 2013 .

[3]  Michael K. Reiter,et al.  Homeland Security , 2004, IEEE Internet Comput..

[4]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[5]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[6]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[7]  Kincho H. Law,et al.  An intelligent machine monitoring system for energy prediction using a Gaussian Process regression , 2014, 2014 IEEE International Conference on Big Data (Big Data).

[8]  Jules White,et al.  Cyber-physical security challenges in manufacturing systems , 2014 .

[9]  Gregory A. Witte,et al.  Framework for Improving Critical Infrastructure Cybersecurity | NIST , 2014 .

[10]  Dyadem Press Guidelines for Failure Mode and Effects Analysis (FMEA), for Automotive, Aerospace, and General Manufacturing Industries , 2003 .

[11]  Robert Avag Stuxnet Malware and Natanz: Update of ISIS December 22, 2010 Report | Institute for Science and International Security , 2011 .

[12]  A. Anderson Report to the President on Ensuring American Leadership in Advanced Manufacturing. , 2011 .

[13]  Athulan Vijayaraghavan,et al.  Enabling Manufacturing Research through Interoperability , 2009 .

[14]  Charles Yoe,et al.  Principles of Risk Analysis , 2011 .

[15]  Dennis W. King Statistical Quality Design and Control , 1993 .

[16]  Telecommunications Board,et al.  At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues , 2014 .

[17]  Jon R. Lindsay,et al.  Stuxnet and the Limits of Cyber Warfare , 2013 .