Modern supply chains are geographically diverse and quickly formed in response to market opportunities. While this creates many advantages for manufacturers and consumers alike, it has also created new risks such as manufacturing process disruption, quality problems, product recalls, and cyberattacks. If unaddressed, these risks can erode customer trust. Advances in information technology (such as sensors, IoT, cloud computing, ubiquitous GIS, and powerful new platforms for integration and analytics) are providing new data and services to partially address some of these challenges. However, traceability of products in the agri-food manufacturing sector requires sharing and merging diverse data across supply chains. In addition, trust between agri-food manufacturing supply chain partners requires on-demand demonstration of compliance with cybersecurity practices that are traceable to business requirements. These tasks are difficult today due to lack of common practices, standards, platforms and even common IT readiness levels among supply chain participants. The Supply Chain Traceability for Agri-Food Manufacturing project will develop common models for key data entities for traceability and security assurance, work with industry and SDOs to enhance standards to support these entities, and provide mechanisms to enable the exchange of this information.
Objective - Develop and deploy new standards, tools, and guidelines for traceability and cybersecurity that increase trust among participants and customers of agri-food manufacturing supply chains.
What is the technical idea?
The new technical idea is to develop the measurement science basis for the definition of the information entities and exchange mechanisms necessary to support traceability in the agri-food manufacturing sector. This includes both the information and management infrastructure necessary to enable agri-food manufacturing traceability system development and deployment, and the information, policies, and guidelines necessary for manufacturing supply chain partners to demonstrate compliance with business-specific cybersecurity requirements.
What is the research plan?
The project will pursue its two research thrusts in parallel, incorporating results from one into the other where appropriate. The combined elements of research for the two research thrusts are as follows. Investigate traceability and cybersecurity requirements in the agri-food manufacturing domains working with industry partners and organizations such as AgGateway and identify key standards to extend to address those requirements. Develop a canonical model for Critical Tracking Events (CTEs) and associated Key Data Elements to support traceability of grain. Develop, test, and deploy enhancements to standards such as AgXML and OAGIS for message exchanges to support traceability and security configuration checklist compliance. Develop mappings from the canonical model for CTEs to related content in standards. Pilot use of new sensor and communication technologies to gather data for traceability and detect security vulnerabilities and misconfigurations of network endpoints. Develop models and tools to reduce the cost of security profile development and checklist content authoring. A more detailed description of the two thrusts is provided below.
The integrity of traceability data requires a common understanding of the different key occurrences (termed Critical Tracking Events) for a product within agri-food supply chains and the key data associated with each of these occurrences (termed Key Data Elements). Then a means of ensuring that occurrences of these events are recognized and that the information associated with them is captured and kept is needed. This information will be stored in many different forms and systems, yet it must be collected and merged when tracing the source of a problem, or tracking down affected product. The traceability thrust will create a canonical model for Critical Tracking Events and Key Data Elements that will provide a format and technology independent representation to facilitate a common understanding and merging of traceability data through mapping to standards. We will work with industry on new pilots and technologies to collect the data and enhancements to standards to transfer the data. The project will leverage the canonical model and explore means of machine reasoning to detect problems and gain insight from the merged data.
Cybersecurity Assurance Thrust
Management of cybersecurity risk is essential for assuring trust in a supply chain. But today this is a largely manual processes driven by documentary guidelines and spreadsheets. Today’s methods, although having achieved tangible results for enterprise IT environments, do not scale for IIoT with its explosion of hardware and OS types and wide variety of security configuration requirements. Digitizing security content and making it a first-class citizen in the digitization of manufacturing (alongside product design, logistics support, supply chain management, etc.) is needed. Doing so not only reduces the effort required for security assurance, but also enables a risk-based cybersecurity approach that is traceable to business requirements and the system life cycle. Through use of NIST’s Risk Management Framework, Security Content Automation Protocol (SCAP), and IETF security automation, monitoring, and incident management standards, and leveraging the Cybersecurity for Smart Manufacturing Systems (CSMS) project’s Cybersecurity Framework Manufacturing Profile, this thrust will develop digitized security profiles and configuration checklists to meet the security needs of advanced manufacturing systems. This thrust will collaborate with the CSMS project to deliver tools and guidance for developing and deploying SCAP-encoded security checklists in manufacturing environments, and with the Measurement Science for Additive Manufacturing program to develop risk-based and system life cycle-based security guidance and SCAP content to support additive manufacturing scenarios. Additionally, this project will support the Model Based Enterprise Program through leadership of the DoD ManTech Advanced Manufacturing Enterprise Cybersecurity Working Group. For now, cybersecurity for agri-food manufacturing is out of scope for the Cybersecurity Thrust. The project anticipates that the Traceability Thrust’s CTE canonical model and its implementation will mature to the point where industry focus moves beyond the functionality of the technology itself into the need to protect against security threats unique to the new technology. Once this shift occurs, the project will develop cybersecurity framework profiles and SCAP content to protect against cyber-threats to CTE-based grain traceability systems.
Organizations and standards
SCT4Agri-Food project staff will participate in projects and subgroups in AgGateway and the SCAP Version 2 Community. We will also look at standards from GS1, AgXML, Open Applications Group, IETF, and ISO. Finally, we will investigate efforts in other sectors that may provide synergy such as the Product Traceability Initiative, and the Provenance and Pedigree working group at OMG.