Modern supply chains are geographically diverse and quickly formed in response to market opportunities. While this creates many advantages for manufacturers and consumers alike, it has also created new risks such as manufacturing process disruption, quality problems, product recalls, and cyberattacks. If unaddressed, these risks can erode customer trust. Advances in information technology (such as sensors, IoT, cloud computing, ubiquitous GIS, and powerful new platforms for integration and analytics) are providing new data and services to partially address some of these challenges. However, traceability of products in the agri-food manufacturing sector requires sharing and merging diverse data across supply chains. In addition, trust between agri-food manufacturing supply chain partners requires on-demand demonstration of compliance with cybersecurity practices that are traceable to business requirements. These tasks are difficult today due to lack of common practices, standards, platforms and even common IT readiness levels among supply chain participants. The Supply Chain Traceability for Agri-Food Manufacturing project will develop common models for key data entities for traceability and security assurance, work with industry and SDOs to enhance standards to support these entities, and provide mechanisms to enable the exchange of this information.
WHAT IS THE TECHNICAL IDEA?
The new technical idea is to develop the measurement science basis for the definition of the information entities and exchange mechanisms necessary to support traceability in the agri-food manufacturing sector. This includes both the information and management infrastructure necessary to enable agri-food manufacturing traceability system development and deployment, and the information, policies, and guidelines necessary for supply chain partners to demonstrate compliance with business-specific cybersecurity requirements.
WHAT IS THE RESEARCH PLAN?
The project will pursue its two research thrusts in parallel, incorporating results from one into the other where appropriate. The combined elements of research for the two research thrusts are as follows. Investigate traceability and cybersecurity requirements in the agri-food manufacturing domains working with industry partners and organizations such as AgGateway and identify key standards to extend to address those requirements. Develop a canonical model for Critical Tracking Events (CTEs) and associated Key Data Elements to support traceability of grain. Develop, test, and deploy enhancements to standards such as AgXML and OAGIS for message exchanges to support traceability and security configuration checklist compliance. Develop mappings from the canonical model for CTEs to related content in standards. Pilot use of new sensor and communication technologies to gather data for traceability and conduct security assessments of network endpoints. Develop models and tools to reduce the cost of security profile development and checklist content authoring. A more detailed description of the two thrusts is provided below.
The integrity of traceability data requires a common understanding of the different key occurrences (termed Critical Tracking Events) for a product within agri-food supply chains and the key data associated with each of these occurrences (termed Key Data Elements). Then a means of ensuring that occurrences of these events are recognized and that the information associated with them is captured and kept is needed. This information will be stored in many different forms and systems, yet it must be collected and merged when tracing the source of a problem, or tracking down affected product. The traceability thrust will create a canonical model for Critical Tracking Events and Key Data Elements that will provide a format and technology independent representation to facilitate a common understanding and merging of traceability data through mapping to standards. We will work with industry on new pilots and technologies to collect the data and enhancements to standards to transfer the data. The project will leverage the canonical model and explore means of machine reasoning to detect problems and gain insight from the merged data.
Cybersecurity Assessment Thrust
Cybersecurity assessment and system configuration checking are essential for assuring trust in a supply chain. But today these are largely manual processes driven by documentary guidelines and spreadsheets. Today’s methods, although having achieved tangible results for enterprise IT environments, do not scale for IIoT with its explosion of hardware and OS types and wide variety of security configuration requirements. Digitizing security content and making it a first-class citizen in the digitization of manufacturing (alongside product design, logistics support, supply chain management, etc.) is needed. Through use of NIST’s Security Content Automation Protocol (SCAP) and IETF Security and Continuous Monitoring (SACM) standards, collaboration with ITL’s Open Security Control Assessment Language activity, and leveraging the Cybersecurity for Smart Manufacturing Systems (CSMS) project’s Cybersecurity Framework Manufacturing Profile, this thrust will develop digitized security profiles and configuration checklists to meet the security needs of the agri-food manufacturing sector. This thrust will also collaborate with the CSMS project to deliver tools and guidance for developing and deploying SCAP-encoded security checklists in manufacturing environments. Additionally, this project will support the Model Based Enterprise Program through leadership of the DoD ManTech Advanced Manufacturing Enterprise Cybersecurity Working Group.
Organizations and standards
SCT4Agri-Food project staff will participate in projects and subgroups in AgGateway. We will also look at standards from GS1, AgXML, Open Applications Group, and ISO. Finally, we will investigate efforts in other sectors that may provide synergy such as the Product Traceability Initiative, and the Provenance and Pedigree working group at OMG.