Don't Mess with My Parts
Virginia Tech Cyber-Physical Systems Security Manufacturing Group Establishing Security Preparation and Response Plan
“Every day, we rely on complex, safety-critical mechanical systems, such as next-generation composite aircraft, artificial heart valves, automated drug dispensary equipment, high-speed rail systems, and gas turbines. Malicious attacks on manufacturing these items could create significant safety issues.”
Dr. Jaime A. Camelio Rolls-Royce Commonwealth Professor for Advanced Manufacturing Virginia Polytechnic Institute and State University, Blacksburg, Virginia
While working in additive manufacturing to develop airplane parts for GE Aviation, a young engineer named Tomilayo Komolafe quickly spotted cyber-physical vulnerabilities in the manufacturing process. That insight led him to pursue his Ph.D. in cyber-physical security systems directed by Dr. Jaime A. Camelio at the Virginia Polytechnic Institute and State University, Blacksburg, Virginia.
Camelio leads the Virginia Tech Cyber-Physical Systems Security Manufacturing Group, which along with its industry partners (MT Connect Institute, AMT, Western Michigan University, and the Commonwealth Center for Advanced Manufacturing) and alliance with government agencies is looking to safeguard the physical environment of the manufacturing process.
Camelio explains, “Every day, we rely on complex, safety-critical mechanical systems, such as next-generation composite aircraft, artificial heart valves, automated drug dispensary equipment, high-speed rail systems, and gas turbines. These systems use physical parts that are precisely engineered for balance, strength, weight, and safety. Malicious attacks on the manufacturing process can modify these precisely engineered components to change mechanical tolerances, causing problems ranging from excess shearing forces to increased humidity and creating significant safety or monetary issues.”
To make a manufacturing enterprise resilient (prepared for and in response) to unwanted cyber-physical events, the group has three main focus areas:
- Vulnerability assessment of the manufacturing enterprise
- Improving in-process monitoring in manufacturing systems
- Augmenting current quality control tools in manufacturing to detect unwanted changes in part or production
Concentrating on the third area, Komolafe is developing a monitoring system to detect deviations in each part as it is produced, and discern if the discrepancies are due to machine wear, variations inherent in manufacturing, or an attack. This monitoring system is based on piezoelectric transducers, which effectively measure changes in a part’s stiffness, damping, or mass and converts these changes to easily measurable electrical signals. Additive manufacturing is vulnerable to cyber-attacks, which can alter the original design intent creating a weaker product. A specific threat might be the potential for a cyber-attack to change the design and manufacturing of an airplane wing component, so that the part no longer functions properly under certain loads in real-world usage.
This month, the Virginia Tech Cyber-Physical Systems Security Manufacturing Group will launch a vulnerability database, located at www.cpssmfg.com, which allows industry stakeholders to upload and search information about potential “back door” vulnerabilities. Suppliers can find out if their machines need to be better engineered; operators can share weaknesses; researchers can bring about solutions; and all can help to prepare for and respond to cyber-physical attacks.
Also this month Camelio will discuss the results from an inter-disciplinary collaboration that examined the susceptibility of additive and subtractive manufacturing processes to cyberattacks that alter the design of parts and evade detection in Cyber-Physical System Security Challenges in Manufacturing Systems at the fifth annual [MC]2 Conference, presented by AMT — The Association For Manufacturing Technology and the MTConnect Institute, Dallas, Texas, April 19-21.
For hands-on training, the conference will be followed by a user group discussion and a half-day workshop offering technical training on MTConnect.
Register for the [MC]2 Conference and visit www.mc2conference.com to see the full agenda and more.