A cyber-physical attack taxonomy for production systems: a quality control perspective

With recent advancements in computer and network technologies, cyber-physical systems have become more susceptible to cyber-attacks, with production systems being no exception. Unlike traditional information technology systems, cyber-physical systems are not limited to attacks aimed solely at intellectual property theft, but include attacks that maliciously affect the physical world. In manufacturing, cyber-physical attacks can destroy equipment, force dimensional product changes, or alter a product’s mechanical characteristics. The manufacturing industry often relies on modern quality control (QC) systems to protect against quality losses, such as those that can occur from an attack. However, cyber-physical attacks can still be designed to avoid detection by traditional QC methods, which suggests a strong need for new and more robust QC tools. As a first step toward the development of new QC tools, an attack taxonomy to better understand the relationships between QC systems, manufacturing systems, and cyber-physical attacks is proposed in this paper. The proposed taxonomy is developed from a quality control perspective and accounts for the attacker’s view point through considering four attack design consideration layers, each of which is required to successfully implement an attack. In addition, a detailed example of the proposed taxonomy layers being applied to a realistic production system is included in this paper.

[1]  Mohammad I. Albakri,et al.  Impedance-based non-destructive evaluation of additively manufactured parts , 2017 .

[2]  Young B. Moon,et al.  Taxonomy of Cross-Domain Attacks on CyberManufacturing System , 2017 .

[3]  James H. Graham,et al.  A New Approach to Cyberphysical Security in Industry 4.0 , 2017 .

[4]  J. Stamp,et al.  Common vulnerabilities in critical infrastructure control systems. , 2003 .

[5]  William H. Woodall,et al.  Innovation, Quality Engineering, and Statistics , 2012 .

[6]  Fadel M. Megahed,et al.  Statistical Perspectives on “Big Data” , 2015 .

[7]  Jules White,et al.  Bad Parts: Are Our Manufacturing Systems at Risk of Silent Cyberattacks? , 2015, IEEE Security & Privacy.

[8]  Mohammad Abdullah Al Faruque,et al.  Cross-domain security of cyber-physical systems , 2017, 2017 22nd Asia and South Pacific Design Automation Conference (ASP-DAC).

[9]  Anthony Skjellum,et al.  Using 3D printers as weapons , 2016, Int. J. Crit. Infrastructure Prot..

[10]  Jaime A. Camelio,et al.  Trojan Detection and Side-channel Analyses for Cyber-security in Cyber-physical Manufacturing Systems , 2015 .

[11]  Hermann Kühnle,et al.  Enhancing Dependability and Security of Cyber-Physical Production Systems , 2017, DoCEIS.

[12]  Jaime A. Camelio,et al.  An approach to cyber-physical vulnerability assessment for intelligent manufacturing systems , 2017 .

[13]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[14]  Nong Ye,et al.  Statistical process control for computer intrusion detection , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[15]  John W. Sutherland,et al.  Framework for Identifying Cybersecurity Risks in Manufacturing , 2015 .

[16]  Connie M. Borror,et al.  EWMA techniques for computer intrusion detection through anomalous changes in event intensity , 2002 .

[17]  Robert Avag,et al.  Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant? | Institute for Science and International Security , 2010 .

[18]  Douglas C. Montgomery,et al.  Introduction to Statistical Quality Control , 1986 .

[19]  Jill Slay,et al.  Lessons Learned from the Maroochy Water Breach , 2007, Critical Infrastructure Protection.

[20]  D. J. Reifer,et al.  Application stress testing Achieving cyber security by testing cyber attacks , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[21]  Nektarios Georgios Tsoutsos,et al.  Manufacturing and Security Challenges in 3D Printing , 2016 .

[22]  Young B. Moon,et al.  Detecting cyber-physical attacks in CyberManufacturing systems with machine learning methods , 2017, Journal of Intelligent Manufacturing.

[23]  Qiang Chen,et al.  Computer intrusion detection through EWMA for autocorrelated and uncorrelated data , 2003, IEEE Trans. Reliab..

[24]  Douglas C. Schmidt,et al.  Taxonomies for Reasoning About Cyber-physical Attacks in IoT-based Manufacturing Systems , 2017, Int. J. Interact. Multim. Artif. Intell..

[25]  Haichao Zhang,et al.  Mitigating distributed denial-of-service attacks using network connection control charts , 2007 .

[26]  Rafic Bachnak,et al.  STATISTICAL QUALITY CONTROL APPROACHES TO NETWORK INTRUSION DETECTION , 2011 .

[27]  Yongro Park,et al.  Statistical Process Control‐Based Intrusion Detection and Monitoring , 2014, Qual. Reliab. Eng. Int..

[28]  Joel F. Brenner Eyes wide shut: The growing threat of cyber attacks on industrial control systems , 2013 .

[29]  Jules White,et al.  Cyber-physical security challenges in manufacturing systems , 2014 .

[30]  Alla R. Kammerdiner Statistical Techniques for Assessing Cyberspace Security , 2014 .

[31]  Curtis B. Storlie,et al.  Scan Statistics for the Online Detection of Locally Anomalous Subgraphs , 2013, Technometrics.

[32]  Joshua Lubell,et al.  Cybersecurity Framework Manufacturing Profile , 2017 .

[33]  Arquimedes Canedo,et al.  KCAD: Kinetic Cyber-attack detection method for Cyber-physical additive manufacturing systems , 2016, 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[34]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[35]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[36]  Jules White,et al.  Cyber-physical vulnerabilities in additive manufacturing systems: A case study attack on the .STL file with human subjects , 2017 .

[37]  William Bradley Glisson,et al.  Implications of Malicious 3D Printer Firmware , 2017, HICSS.