Secure Cyber-Physical Manufacturing Systems (Secure-CyPhyMan): Advanced Methods for Manufacturing Cybersecurity Threat Characterization, Risk Modeling and Assessment, and Resilient Attack Detection and Prevention

Abstract

The integration of Information Technology (IT) and Operational Technology (OT) in the manufacturing industry has significantly transformed production processes, resulting in interconnected and data-driven smart manufacturing systems. While enhancing operational efficiency and system visibility, this convergence has also introduced and expanded the cyberattack surface, making physical manufacturing operations vulnerable to significant cyber threats. Addressing the pressing need for robust cybersecurity measures in manufacturing, this dissertation presents three significant scientific advancements: systematically characterizing and classifying manufacturing-specific cyber threats, establishing a cybersecurity risk assessment framework for discrete manufacturing systems, and developing physics-informed detective and preventive defense mechanisms. First, this dissertation introduces a consistent and structured classification scheme to systematically characterize and categorize manufacturing-specific cyberattack attributes. It analyzes and synthesizes existing manufacturing cyberattack taxonomies, compiles them into a unified meta-taxonomy, proposes several use cases on how taxonomies can be leveraged for assessing security threats and their associated risks and identifies the gaps in existing taxonomical classifications. Building upon this foundation, a more comprehensive taxonomy encompassing a broader range of attack attributes is introduced. The proposed taxonomy categorizes attack methods/vectors and targets/locations and incorporates operational and system-level attack impacts. This study also presents a classification structure for countermeasures, provides examples of potential countermeasures, and explains how they fit into the proposed taxonomical classification. Finally, the implementation of the proposed taxonomy is illustrated using two realistic scenarios of attacks on typical smart manufacturing systems, as well as several real-world cyber-physical attack incidents and academic case studies. The developed manufacturing attack taxonomy offers a holistic view of the attack chain in manufacturing systems, starting from the attack launch to the possible damages and system behavior changes. Furthermore, it guides the design and development of appropriate protective and detective countermeasures by leveraging the attack realization through observed system deviations. Second, this dissertation introduces the first taxonomy-driven graph-theoretic model and framework to formally represent this unique cybersecurity threat landscape and identify vulnerable manufacturing assets requiring prioritized control. The proposed framework characterizes threat actors' techniques, tactics, and procedures using taxonomical classifications of manufacturing-specific threat attributes and integrates these attributes into cybersecurity risk modeling. This facilitates systematic generation of comprehensive and generalizable cyber-physical attack graphs for discrete manufacturing systems. Using attack graph formalism, the proposed framework enables concurrent modeling and analysis of a wide variety of cybersecurity threats comprising varying attack vectors, locations, vulnerabilities, and consequences. The risk model captures the cascading attack impact of varying attack methods through different cyber and physical entities in manufacturing systems, leading to specific consequences. Then, the constructed cyber-physical attack graphs are analyzed to comprehend threat propagation through the discrete manufacturing value chain and identify potential attack paths. Next, a quantitative risk assessment approach is presented to evaluate the cybersecurity risk associated with potential attack paths. It also identifies the attack path with the maximum likelihood of success, pointing out critical manufacturing assets requiring prioritized control. The proposed risk modeling and assessment framework has been demonstrated using an illustrative example. Third, this dissertation introduces a novel anomaly detection method connecting product design, process design, and in situ monitoring of process power consumption to identify the physical manifestations of cyber-physical attacks. The proposed approach can verify the geometric integrity of a machined part by observing cutting power signals during machining. Process and product knowledge is utilized to segment the power signal into the cutting cycles corresponding to specific geometrical features and extract process-related information accordingly. The extracted information is used to construct quality control charts for detecting geometric integrity deviations of machined parts. The proposed method is demonstrated using a case study of cyber-physical attacks on machining processes aiming to tamper with different product's dimensional and geometrical features. In addition to the detective defense, this dissertation presents a preventive defense measure for protecting proprietary manufacturing processes and product information and maintaining data integrity in metal AM processes. It investigates potential information leakage from raw melt pool image data sharing for collaborative model development for anomaly detection. In doing so, a proactive attack scheme is designed to discover the scan pattern from melt pool images in laser powder bed fusion AM processes with close to 100% accuracy. Next, this dissertation introduces two security-aware data-sharing strategies for melt pool data sharing with different privacy guarantees while ensuring the data utility for model development. This dissertation advances the state of knowledge in manufacturing cybersecurity by systematically characterizing manufacturing-specific cybersecurity threats, developing a risk modeling and assessment framework, and proposing novel detective and preventive defense mechanisms. The findings and methodologies presented herein are essential for manufacturing stakeholders to adopt proactive cybersecurity strategies, safeguard critical manufacturing infrastructure, and enhance the overall security posture of smart manufacturing systems.