New institute aims to secure automation & supply chain, deliver needed workforce development
Mark 2020 as the year the U.S. government chose to stand up a Manufacturing Innovation Institute focused solely on cybersecurity. Specifically, the Department of Energy (DoE) funded the Cybersecurity Manufacturing Innovation Institute (CyManII) because “the pathway toward energy efficiency in manufacturing is via digitization—and as you digitize the manufacturing floor and digitize the supply chain, you exponentially increase your cyberattack surfaces and the threat landscape,” CyManII CEO Howard Grimes said. “Thus, to advance U.S. manufacturers and make them more energy efficient—saving them money—we must do so in a cybersecure manner.”
CyManII is the DoE’s sixth Manufacturing USA institute. The public-private partnership among universities, national labs and industry aims to secure automation and the supply chain and to deliver the next generation of workforce development that supports the institute’s activities.
Recent Smart Manufacturing reporting pointed to the need for security being treated with the same urgency as safety in manufacturing.
When asked about this assertion, Grimes said that element certainly exists. “But,” he added, “what’s flawed in that approach, is that it leaves cybersecurity as an economic black hole for companies. In other words, you just spend money to protect yourself and avoid hacking at all prices.”
CyManII devised “a technical innovation approach that marries energy efficiency realizations on the factory floor and in the supply chain to an investment in a new approach to cybersecurity,” he said. “And we call that end point an ‘energy ROI.’” The institute is not in business to simply secure manufacturing. It is also aiming to create that safety environment—but couch it in terms of a value proposition that industry understands (i.e., a savings of energy), which translates to a financial savings.
CyManII outlined a series of innovations (www.cymanii.org) that its leaders believe will save a quad of energy in five years.
“The United States uses 100 quads annually,” Grimes said. “Over a quarter of those are used by manufacturing. Saving a quad of energy equates to over $20 billion in return on investment.”
That goal involves baking security into the design of manufacturing systems.
“The present state of cybersecurity is predicated on how to keep bad actors out of your IT and OT networks. It’s essentially a ‘perimeter defense strategy.’ Once you get past the perimeter, you’re in and you’re hacked. There are any number of attacks that can penetrate that perimeter defense network. The institute’s goal is to go back to fundamental physics and mathematics of engineering systems and systems of systems that are the modern world of advanced manufacturing,” Grimes said.
“While we do that, we will then build the ‘secure manufacturing architecture,’ or SMA. SMA is an architecture that operates from individual components like sensors to connected components like control loops to systems-of-systems—for example, the entire manufacturing plant. SMA will secure not only cyberlinks and devices but also the cyber and physical control loops, including energy provisioning and consumption. SMA is secure by design. This is kind of a holy grail of cybersecurity.”
To get there, DoE is investing $70 million. “And with that kind of investment, we can finally get to the holy grail of cybersecurity, which is to design systems of systems that are secure by design,” he said.
The institute, which began operations on Sept. 1, is led by Grimes at the University of Texas at San Antonio (UTSA). It has 59 proposed members, including more than two dozen universities, three national labs—Idaho, Oak Ridge and Sandia—and manufacturers, such as Cisco, General Electric and Dragos.
One of CyManII’s first deliverables to the DoE—in April or May—will be what Grimes calls “a massive industry roadmap” that will peg key problems and point to needed technical innovation.
Each Manufacturing USA Institute is given five years to become self sustaining. CyManII is no exception. But its plan to do so is extraordinary.
CyManII will set up a benefit, or “B,” corporation that will offer three services: “science as a service,” “EDU as a service” and “secure as a service.”
“In essence, they distill down to, science as a discovery-based process,” Grimes said. “So, we will go out to companies and assess their current energy efficiency or lack thereof. We will show them how introducing technical innovations can produce energy ROI. Once we introduce those sensors running on those networks and secure by design, EDU will go in and educate them on how to optimize the performance of those devices. And then, at subsequent intervals, they might want to check if they are still meeting baseline energy efficiencies and if there are other things they can do to make themselves even more secure. That will be called ‘secure as a service’.”
CyManII plans to pilot curriculum for the “B corp” in a few months—and to begin rolling out its “EDU as a service” platform in the fall.
In addition to Grimes, the institute will be led by: Carnegie Mellon’s Greg Shannon, as chief scientist; Oak Ridge National Laboratory’s Tom Kurfess, as chief manufacturing officer; Idaho National Laboratory’s Wayne Austad, as chief R&D officer; UTSA’s Jaclyn Shaw, as chief operations officer; and Oak Ridge National Laboratory’s Curtis Taylor, as chief integration officer.
On the technical side, it is involving Dongyan Xu from Purdue University, David Nicol from the University of Illinois, Paris Stringfellow from Clemson University, Gabriela Ciocarlie from Elpha Secure, Krystel Castillo from UTSA and Paulo Costa from George Mason University.
“One of the reasons we won [DoE’s call for proposals] is we put together a fantastic team,” Grimes said.
After all, the best and the brightest are needed to achieve the institute’s fundamental goal, which is “to secure U.S. manufacturers for decades to come in a way that leads to their ability to dominate the global manufacturing space.”