Manufacturers are hesitant to adopt common security technologies, such as encryption and device authentication, due to concern for potential negative performance impacts in their systems. This is exacerbated by a threat environment that has changed dramatically with the appearance of advanced persistent attacks specifically targeting industrial systems, such as Stuxnet in 2010, Shamoon in 2012, BlackEnergy in 2015, and WannaCry and TRITON in 2017. Smart manufacturing systems need to be protected from vulnerabilities that may arise as a result of their increased connectivity, use of wireless networks and sensors, and use of widespread information technology. The Cybersecurity for Smart Manufacturing Systems project will deliver cybersecurity implementation methods, metrics and tools to enable manufacturers to implement cybersecurity capabilities in smart manufacturing systems while addressing the demanding performance, reliability, and safety requirements of these systems.
WHAT IS THE TECHNICAL IDEA?
The new technical idea is to develop the measurement science basis for understanding the impact of cybersecurity technology on reliability and performance in a manufacturing environment. The results of this research will inform guidelines, best practices, and standards that help manufacturers determine which cybersecurity technologies will best fit their needs, how to design systems that incorporate new cybersecurity technology, how to predict their effects, and how to continually monitor their operations to ensure that they achieve the desired benefits.
WHAT IS THE RESEARCH PLAN?
Through collaboration with industry groups, academia, and other NIST cybersecurity researchers, we will develop and deploy guidelines and performance metrics and measurements, to facilitate the implementation of the Cybersecurity Framework (CSF) Manufacturing Profile in smart manufacturing systems in a way that does not negatively impact the performance of the system. Deliverables include implementation guides for the Low, Moderate and High cybersecurity baselines defined in the CSF Manufacturing Profile, performance impact data sets, NCCoE practice guides and cybersecurity guidance scaled to be implementable by Small and Medium sized manufacturers. The project will collaborate with other Smart Manufacturing programs and projects (e.g., the Supply Chain Traceability for Agri-Food Manufacturing project) as well as ITL and the CPS Office, to research and develop guidelines for implementing emerging technologies for cybersecurity in smart manufacturing systems. These technologies include AI for cyber threat detection and handling, blockchain for security of sensitive manufacturing information, and security of Industrial Internet of Things (IIoT) devices when deployed in smart manufacturing systems. The project members will work with standards development organizations (e.g., the International Society of Automation (ISA), and the International Electrotechnical Commission (IEC)), to develop guidelines and standards to facilitate the implementation of cybersecurity requirements in smart manufacturing systems that do not negatively impact the performance of the system. NIST contributions will ensure that the standards are written so that compliance can be measured, and that performance (e.g., safety, reliability, real-time communication) can be measured and assured at target levels of acceptability.