CYBERSECURITY IN MANUFACTURING - PowerPoint Presentation

Slide1

CYBERSECURITY IN

MANUFACTURING

Jim Barkley, Khai Waterman

James.Barkley@uilabs.org, Khai.Waterman@uilabs.org

UNLIMITED DISTRIBUTION

BACKGROUND

Industry Challenges

AGENDa

Data in Manufacturing

IoT

and

IIoT

Threat Picture

Types of Attacks

Prevalence of Attacks

Three Key Examples

Solutions & Investment Areas

Current Solutions

Nine Key Initiatives for Industry

Digital Manufacturing Commons & Security as a Service

Questions

Who We Are

Atoms are the new bits.

- Neil

Gershenfeld

cybersecurity

In manufacturing

U.S. MANUFACTURING

Manufacturing is disproportionately contributory to the U.S. economy, innovation, GDP, jobs, and trade:In 2015, every $1.00 spent in manufacturing, another $1.81 is added to the economyProduct and process innovation is most frequently seen in software, design, and production processes

Check out the full reports at http://manufacturing.gov/

In 2015 there were 12.3 million mfg. workers

Disproportionate job provider

9.8%

In 2013 248,155 of 251,857 firms were small or medium businesses

LONG TAIL OF SMALL TO MEDIUMS

98.5%

Who

we are?UI LABS is a Chicago-based 501(c)3 non-profit corporation that focuses on leveraging collective investments in innovation to deliver better solutions, more quickly and more efficiently. Our partnerships transform industries.

UI LABS Operates the Digital Manufacturing and Design Innovation Institute (DMDII), one of the premiere national manufacturing institutes launched under the Obama Administration.

Placeholder image

We are committed to

DIGITIZING AMERICAN MANUFACTURING!

Established with a

$70M cooperative agreement

with the US Department of Defense, +$12M additional grants

Addresses underinvestment in

“pre-competitive” applied R&D

that can advance the entire industrial base

Designs “corporate interest projects” to develop

proprietary go-to-market solutions

Current

pipeline of 50+ projects

Discrete manufacturing constitutes 1072 petabytes; process manufacturing 740 petabytes.

Source: IDC; McKinsey Global Institute Analysis

DATA IN MANUFACTURING

The rate of data growth has surpassed Moore’s Law.Source: Berkeley University Research

“When I say supply chain, I include everything from the supply to the manufacturing, and to packaging and shipping down to the final stuff. Having a collaboration platform that brings together all these elements, for me, is perfect.”

- Executive, Manufacturing Support Company

111101001011

PRODUCT LIFECYCLE

1101001001000111101101010110011101111101

101011011010000101001001000111101111101010111101000011110101111101111

TIER-1

SUPPLIER

TIER-1

SUPPLIER

010101001101010101101101010100100100101001001000111101010101111011111010111110111110010100101111

10110110101010101000001101010101101101010100101001001011110100101101110010001111010101111011111010111110111110101111101111101

00010010101011110101010010010001111011010001001000110101010110110101010001010101101101011010011110111110101111101111101011111011111010111110010101100111

10111101101001111011101101010101011001011010010001101010101101101010100100100011110101001010010010001111010111111110111110101111101111101011111011111010111110111110101100010100101111

ASSEMBLE

AFTER-

SALES

SERVICE

QUALIFY

SELL &

DELIVER

END OF

LIFE

REUSE

RECYCLE

FABRICATE

DESIGN

TIER-2

SUPPLIER

DATA ACROSS THE PRODUCT LIFECYCLE

VALUE

DECISIONS

INFORMATION

DATA

MANUFACTURING

INDUSTRY CHALLENGES

2D Drawings

Cad Models

PMI

Capabilities & MRA

Inspection &

test data

Bid info

Assembly drawings

Work instructions

Inventory

QIF Data

Cert. reports

Quality data

Inspection records

Contracts/invoicing

Cust

. Data

Service inspection

FSR reports

Industrial internet of things

“I’m not going to store my data somewhere where it’spotentially accessible. It brings a lot of legal risk on my

side too. A lot of what we do is off network for thatreason.”

“Machine shops are still in the dark ages of digitization”“How many people have seen a password taped to a machine tool?”

Cheer up, the worst is yet to come



- Philander Johnson

THREAT

PICTURE

CYBER

ATTACKS

SCADA & ICS systems => critical infrastructure issues

Stuxnet

, election-meddling => Cyberwar/soft power

https://en.wikipedia.org/wiki/Stuxnet

German Steel Mill => manufacturing plants (

https://www.sentryo.net/cyberattack-on-a-german-steel-mill/

)

Corporate espionage => Cybercrime

DETAILS:

Dictionary Attacks for quessing default passwordsLaunch HTTP Flods and various network (OSI layer 3-4) DDoS attackscapable of launching GRE IP and GRE ETH floods, as well as SYN and ACK floods, STOMP (Simple Text Oriented Message Protocol) floods, DNS floods and UDP flood attacks

Hardcoded list of IP’s Mirai bots are programmed to avoid includes US Postal Service, DoD, IANA, and IP ranges from HP and GETerritorial Nature, searches out and destroys other worms and Trojans

Traces of Russian Language

CASE STUDY:

MIRAI

WHEN:

October 14, 2016

WHERE:

Global

ATTACKER:

Global attack, hackers not identified

VICTIM:

DYN (DNS provider on East Coast)

WHY:

????

Case study:

kinetic damage

WHEN:

2014

WHERE:

Germany, undisclosed location

ATTACKER:

Not identified

VICTIM:

Undisclosed Steel Mill

WHY:

????

DETAILS:

Multiple attackers used an advanced social engineering attack to gain access to the company network and then worked their way onto the control system network.  This resulted in an incident where a furnace could not be shut down in the regular way and the furnace was in an undefined condition which resulted in massive damage to the whole system.

The Titanic was built on best practices.

SOLUTIONS and

INVESTMENT areas

current solutions

Until recently, solutions have been focused on securing the perimeter.In a globally-connected planet, there ain’t no perimeter!

Currently Available Resources

Placeholder image

We are committed to

DIGITIZING AMERICAN MANUFACTURING!

NIST Guide to Industrial Control Systems (

https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82.pdf

)

DHS Guide (

https://www.dhs.gov/science-and-technology/iot-world-2016

)

Industrial Security Incidents Database (RISI,

http://www.risidata.com/

)

manufacturing cybersecurity needs

Business Challenge

Technical Challenge

Solution

Cybersecurity for legacy systems

Legacy and current controllers/systems that are attached to physical systems are vulnerable and cannot be upgraded.

Provide secured connectivity for control system devices communicated over untrusted networks.

Certifiable HW

interfaces that provide configurable isolation, authentication, authorization, and accounting for legacy systems.

Cybersecurity

testbed

Research,

forensics, replay, and experimentation are difficult due to cost and operational nature of systems.

Operations include many unique machines & control systems

in a highly configuration-controlled environment.

A

cybersecurity testbed including a mix of simulation, emulation and physical equipment to flexibly address issues.

Secure manufacturing protocols

Lack of technical solutions and human resources to solve protocol problems for manufacturing businesses.

Need for protocols to:

gather info on plant operations at a fine-grained level, information exchange, data at rest and in motion security.

Standards-based

protocols for non-intrusive data gathering, command and control, and intrusion detection.

Cybersecurity as a Service

Crime as a Service and black-hat groups are becoming more sophisticated. Small

and medium businesses need affordable and non-complex solutions.

Solutions are not customizable and right-sized for many businesses which constitute

the supply chain.

Provide a toolbox of cybersecurity solutions to suit all business needs,

particularly in an on-demand or SaaS fashion.

Tools for threat management in OT

Absence of sufficient information for management to determine the level of investment required

to sufficiently protect a production process.

Determining how to translate adverse effects

of cyber-attacks on production processes into business performance (e.g., quality, downtime, etc.).

Augment production process planning tools and simulators (e.g., NS-3) to incorporate

DoS

, degradation, destruction into models.

Threat analysis in OT

Protect integrity and quality, prevent intentional damage, reduce detection time.

Intrusion detection and threats from the physical

side (e.g., anomalous machine behavior).

Spatio

-temporal

patterns and measurements, ML, dynamical tests, and other systematic methods.

Industry consortium for collaboration

Little sharing of vulnerabilities,

threats and best practices among the industry.

Currently a resource intensive problem to identify and mitigate current

threats due to a lack of knowledge & tools.

Establish

industry consortium(s) for sharing TTPs, workforce skill, etc. DHS efforts need to be factored in.

Supply chain management practices

“Standard” SCM practices do not typically include cyber-security risk/resiliency assessment.

Risk assessment requires a robust model and multiple data feeds/sources to populate it.

Explore popular

SCM models (SCOR, GSCF) and identify the processes impacted by cyber.

Mapping the policy landscape

Hard to understand opportunities and barriers to change inherent in the

exsting

and emerging national policy environment (including statues & treaties).

Abundance of policies and lack

of cross-referencing make it difficult to map.

Good mapping and visualization of policies and their implications.

THE

COMMONS

The DMC is a leading open-source platform for connecting communities and sharing solutions across the manufacturing product life cycle.

Expose tools, data and compute in a searchable automation platform

Advertise company capabilities

Manage storefront offerings

Security as a service: three NOTIONAL exampleS

Automated Data De-Identification

Automated Reporting & Benchmarking

Data stripped of IP and other sensitive data.

Aggregated incident & threat reports available.

Raw data is fed into an app to prep it for sharing with partners.

Data can be submitted by IT & OT staff, or data feeds can be directly connected from IDS’s, etc.

Risk Assessment

Scan reports, recommended patch levels, etc. are available.

Automatic scans can be initiated for live equipment or static configuration data.

QUESTIONS?

FIND OUT

MORe

:

http://opendmc.org/

askdmc@uilabs.org