IN TODAY’S DAY AND AGE, successful cybersecurity attacks have arguably become more frequent than trips to the grocery store. Digital infiltrations of major corporations that once made headlines are now relegated to items on an ever-growing list, pushed to the sidebar of the inside page (if the newspaper is even printed with ink and paper at all). However, the normalization of these attacks must not be expanded to a false sense of harmlessness. Each cybersecurity attack, regardless of where it takes place, results in an increased risk to the safety and prosperity of consumers.
The adoption of Industry 4.0 technologies for smart manufacturing processes enables tremendous advantages for efficient production. Industrial IoT and Digital Twin applications illuminate manufacturing insights at an unparalleled scale, helping manufacturers understand their operations and decrease production costs. Yet these very same technologies provide ample access to critical equipment with the potential for catastrophic results. Whether we like it or not, manufacturing now thrives in the digital world, and we must develop the tools to protect our operations.
Consider components produced through a computer-numeric control (CNC) machining workflow. A designer generates the initial geometric representation using computer-aided design (CAD) software and saves it as a common STL or STEP file format. This model is imported by computer-aided manufacturing (CAM) software, where a second manufacturing engineer programs roughing, finishing and postprocessing toolpaths. The toolpath is subsequently translated to G-code through a postprocesser (itself programmed by yet another user in a disparate location) and saved on a local drive. The G-code file is often emailed to the production engineer, who saves it on the closest flash drive at hand, walks to the machine to plug it in and copies the G-code onto the controller.
There are countless opportunities for a malicious hacker to interact with these files at any stage of the process. Each software component, file transfer and workstation computer opens a new door to intelligent cyberattacks on manufacturing equipment. Simple, brute force attacks include a change in the postprocessor’s work piece coordinate (WPC / G54) location, leading to an incorrect origin and a catastrophic machine crash. In another attack, malware could be installed on the USB drive itself, leading to a different program running on the CNC machine controller. On one hand, these types of attacks are effective. Costly damage was inflicted on the manufacturer and the effects are clear. On the other hand, if attackers gain access to your CNC equipment, why would they give themselves away? Subtle attacks exist, such as changing machine parameters that store the center of rotation offset.
Clever attacks like this are difficult to detect while dramatically changing the performance of resulting components. A slight modification in the right place at the right time could cause critical equipment to fail long after the component leaves the production line. The SolarWinds attack was similar in that a malicious script lay dormant for weeks before causing damage. Other attacks are known to run in a virtual machine on the host computer, limiting traceability after a system restart.
The manufacturing industry as a whole must adapt to protect against cybersecurity attacks. Critical components such as aerospace, automotive and medical parts are all produced with equipment that was designed for a paradigm without connectivity. Still, these machines are commonly used in fully networked environments. With so many entry points, it will take nothing short of full cooperation between machine tool manufacturers, CAD/CAM software providers and end-users to protect against attacks. Machine tool manufacturers must coordinate with security experts to harden (or yes, update) the underlying operating system and PLC software. Software providers must integrate with the machine controller to provide signed and secure information transfer pathways. Finally, end-users must change their workflows and adopt safe operational practices. (Remember that USB drive you found in the break room? Don’t use it!)
Only with careful coordination and thoughtful operational design can we successfully protect against manufacturing cybersecurity attacks. Make no mistake: It will be challenging, but also imperative for a secure manufacturing infrastructure.
SME recently announced its lineup of 2021 Geoffrey Boothroyd Outstanding Young Manufacturing Engineers. The 14 awardees were selected based on their diverse manufacturing backgrounds, technology advancements/improvements and state-of-the-art research. The 2021 award namesake, University of Massachusetts Professor Geoffrey Boothroyd, PhD, FSME, and president of Boothroyd Dewhurst Inc., was selected for his early-career development of the widely used design for manufacture and assembly (DFMA) methodology.
While membership in SME is not required for this recognition, each of the 2021 SME Geoffrey Boothroyd Outstanding Young Manufacturing Engineers are part of the SME community, having been members prior to their selection:
SME has highlighted the accomplishments of over 450 young manufacturing engineers—and the overall impact their work has made in manufacturing—for over four decades through this award. It is currently seeking nominations for the 2022 Outstanding Young Manufacturing Engineers Award by Aug. 1, 2021, at sme.org/oyme.
Connect With Us