Jim Barkley Khai Waterman JamesBarkleyuilabsorg KhaiWatermanuilabsorg UNLIMITED DISTRIBUTION BACKGROUND Industry Challenges AGENDa Data in Manufacturing IoT and IIoT Threat Picture ID: 799356
Download The PPT/PDF document "CYBERSECURITY IN MANUFACTURING" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
CYBERSECURITY IN
MANUFACTURING
Jim Barkley, Khai Waterman
James.Barkley@uilabs.org, Khai.Waterman@uilabs.org
UNLIMITED DISTRIBUTION
Slide2BACKGROUND
Industry Challenges
AGENDa
Data in Manufacturing
IoT
and
IIoT
Threat Picture
Types of Attacks
Prevalence of Attacks
Three Key Examples
Solutions & Investment Areas
Current Solutions
Nine Key Initiatives for Industry
Digital Manufacturing Commons & Security as a Service
Questions
Who We Are
Slide3Atoms are the new bits.
- Neil
Gershenfeld
cybersecurity
In manufacturing
Slide4U.S. MANUFACTURING
Manufacturing is disproportionately contributory to the U.S. economy, innovation, GDP, jobs, and trade:In 2015, every $1.00 spent in manufacturing, another $1.81 is added to the economyProduct and process innovation is most frequently seen in software, design, and production processes
Check out the full reports at http://manufacturing.gov/
In 2015 there were 12.3 million mfg. workers
Disproportionate job provider
9.8%
In 2013 248,155 of 251,857 firms were small or medium businesses
LONG TAIL OF SMALL TO MEDIUMS
98.5%
Slide5Who
we are?UI LABS is a Chicago-based 501(c)3 non-profit corporation that focuses on leveraging collective investments in innovation to deliver better solutions, more quickly and more efficiently. Our partnerships transform industries.
UI LABS Operates the Digital Manufacturing and Design Innovation Institute (DMDII), one of the premiere national manufacturing institutes launched under the Obama Administration.
Placeholder image
We are committed to
DIGITIZING AMERICAN MANUFACTURING!
Established with a
$70M cooperative agreement
with the US Department of Defense, +$12M additional grants
Addresses underinvestment in
“pre-competitive” applied R&D
that can advance the entire industrial base
Designs “corporate interest projects” to develop
proprietary go-to-market solutions
Current
pipeline of 50+ projects
Slide6Slide7Slide8Slide9Slide10Discrete manufacturing constitutes 1072 petabytes; process manufacturing 740 petabytes.
Source: IDC; McKinsey Global Institute Analysis
DATA IN MANUFACTURING
The rate of data growth has surpassed Moore’s Law.Source: Berkeley University Research
Slide11“When I say supply chain, I include everything from the supply to the manufacturing, and to packaging and shipping down to the final stuff. Having a collaboration platform that brings together all these elements, for me, is perfect.”
- Executive, Manufacturing Support Company
111101001011
PRODUCT LIFECYCLE
1101001001000111101101010110011101111101
101011011010000101001001000111101111101010111101000011110101111101111
TIER-1
SUPPLIER
TIER-1
SUPPLIER
010101001101010101101101010100100100101001001000111101010101111011111010111110111110010100101111
10110110101010101000001101010101101101010100101001001011110100101101110010001111010101111011111010111110111110101111101111101
00010010101011110101010010010001111011010001001000110101010110110101010001010101101101011010011110111110101111101111101011111011111010111110010101100111
10111101101001111011101101010101011001011010010001101010101101101010100100100011110101001010010010001111010111111110111110101111101111101011111011111010111110111110101100010100101111
ASSEMBLE
AFTER-
SALES
SERVICE
QUALIFY
SELL &
DELIVER
END OF
LIFE
REUSE
RECYCLE
FABRICATE
DESIGN
TIER-2
SUPPLIER
DATA ACROSS THE PRODUCT LIFECYCLE
VALUE
DECISIONS
INFORMATION
DATA
MANUFACTURING
INDUSTRY CHALLENGES
2D Drawings
Cad Models
PMI
Capabilities & MRA
Inspection &
test data
Bid info
Assembly drawings
Work instructions
Inventory
QIF Data
Cert. reports
Quality data
Inspection records
Contracts/invoicing
Cust
. Data
Service inspection
FSR reports
Slide12Industrial internet of things
“I’m not going to store my data somewhere where it’spotentially accessible. It brings a lot of legal risk on my
side too. A lot of what we do is off network for thatreason.”
“Machine shops are still in the dark ages of digitization”“How many people have seen a password taped to a machine tool?”
Slide13Cheer up, the worst is yet to come
- Philander Johnson
THREAT
PICTURE
Slide14CYBER
ATTACKS
SCADA & ICS systems => critical infrastructure issues
Stuxnet
, election-meddling => Cyberwar/soft power
https://en.wikipedia.org/wiki/Stuxnet
German Steel Mill => manufacturing plants (
https://www.sentryo.net/cyberattack-on-a-german-steel-mill/
)
Corporate espionage => Cybercrime
Slide15DETAILS:
Dictionary Attacks for quessing default passwordsLaunch HTTP Flods and various network (OSI layer 3-4) DDoS attackscapable of launching GRE IP and GRE ETH floods, as well as SYN and ACK floods, STOMP (Simple Text Oriented Message Protocol) floods, DNS floods and UDP flood attacks
Hardcoded list of IP’s Mirai bots are programmed to avoid includes US Postal Service, DoD, IANA, and IP ranges from HP and GETerritorial Nature, searches out and destroys other worms and Trojans
Traces of Russian Language
CASE STUDY:
MIRAI
WHEN:
October 14, 2016
WHERE:
Global
ATTACKER:
Global attack, hackers not identified
VICTIM:
DYN (DNS provider on East Coast)
WHY:
????
Slide16Case study:
kinetic damage
WHEN:
2014
WHERE:
Germany, undisclosed location
ATTACKER:
Not identified
VICTIM:
Undisclosed Steel Mill
WHY:
????
DETAILS:
Multiple attackers used an advanced social engineering attack to gain access to the company network and then worked their way onto the control system network. This resulted in an incident where a furnace could not be shut down in the regular way and the furnace was in an undefined condition which resulted in massive damage to the whole system.
Slide17The Titanic was built on best practices.
SOLUTIONS and
INVESTMENT areas
Slide18current solutions
Until recently, solutions have been focused on securing the perimeter.In a globally-connected planet, there ain’t no perimeter!
Currently Available Resources
Placeholder image
We are committed to
DIGITIZING AMERICAN MANUFACTURING!
NIST Guide to Industrial Control Systems (
https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82.pdf
)
DHS Guide (
https://www.dhs.gov/science-and-technology/iot-world-2016
)
Industrial Security Incidents Database (RISI,
http://www.risidata.com/
)
Slide19manufacturing cybersecurity needs
Business Challenge
Technical Challenge
Solution
Cybersecurity for legacy systems
Legacy and current controllers/systems that are attached to physical systems are vulnerable and cannot be upgraded.
Provide secured connectivity for control system devices communicated over untrusted networks.
Certifiable HW
interfaces that provide configurable isolation, authentication, authorization, and accounting for legacy systems.
Cybersecurity
testbed
Research,
forensics, replay, and experimentation are difficult due to cost and operational nature of systems.
Operations include many unique machines & control systems
in a highly configuration-controlled environment.
A
cybersecurity testbed including a mix of simulation, emulation and physical equipment to flexibly address issues.
Secure manufacturing protocols
Lack of technical solutions and human resources to solve protocol problems for manufacturing businesses.
Need for protocols to:
gather info on plant operations at a fine-grained level, information exchange, data at rest and in motion security.
Standards-based
protocols for non-intrusive data gathering, command and control, and intrusion detection.
Cybersecurity as a Service
Crime as a Service and black-hat groups are becoming more sophisticated. Small
and medium businesses need affordable and non-complex solutions.
Solutions are not customizable and right-sized for many businesses which constitute
the supply chain.
Provide a toolbox of cybersecurity solutions to suit all business needs,
particularly in an on-demand or SaaS fashion.
Tools for threat management in OT
Absence of sufficient information for management to determine the level of investment required
to sufficiently protect a production process.
Determining how to translate adverse effects
of cyber-attacks on production processes into business performance (e.g., quality, downtime, etc.).
Augment production process planning tools and simulators (e.g., NS-3) to incorporate
DoS
, degradation, destruction into models.
Threat analysis in OT
Protect integrity and quality, prevent intentional damage, reduce detection time.
Intrusion detection and threats from the physical
side (e.g., anomalous machine behavior).
Spatio
-temporal
patterns and measurements, ML, dynamical tests, and other systematic methods.
Industry consortium for collaboration
Little sharing of vulnerabilities,
threats and best practices among the industry.
Currently a resource intensive problem to identify and mitigate current
threats due to a lack of knowledge & tools.
Establish
industry consortium(s) for sharing TTPs, workforce skill, etc. DHS efforts need to be factored in.
Supply chain management practices
“Standard” SCM practices do not typically include cyber-security risk/resiliency assessment.
Risk assessment requires a robust model and multiple data feeds/sources to populate it.
Explore popular
SCM models (SCOR, GSCF) and identify the processes impacted by cyber.
Mapping the policy landscape
Hard to understand opportunities and barriers to change inherent in the
exsting
and emerging national policy environment (including statues & treaties).
Abundance of policies and lack
of cross-referencing make it difficult to map.
Good mapping and visualization of policies and their implications.
Slide20THE
COMMONS
The DMC is a leading open-source platform for connecting communities and sharing solutions across the manufacturing product life cycle.
Expose tools, data and compute in a searchable automation platform
Advertise company capabilities
Manage storefront offerings
Slide21Security as a service: three NOTIONAL exampleS
Automated Data De-Identification
Automated Reporting & Benchmarking
Data stripped of IP and other sensitive data.
Aggregated incident & threat reports available.
Raw data is fed into an app to prep it for sharing with partners.
Data can be submitted by IT & OT staff, or data feeds can be directly connected from IDS’s, etc.
Risk Assessment
Scan reports, recommended patch levels, etc. are available.
Automatic scans can be initiated for live equipment or static configuration data.
Slide22QUESTIONS?
FIND OUT
MORe
:
http://opendmc.org/
askdmc@uilabs.org