A new US public-private partnership is introducing a cyber physical passport to help better protect manufacturing supply chains and it could play an important role in securing the COVID-19 vaccine 'cold chain' later this year.
The Cybersecurity Manufacturing Institute (CyManll) is a $111m, five-year partnership, led by the University of Texas at San Antonio with major funding, $70 million, from the US Department of Energy. The University of Texas will provide $10m in funding with the rest from other partners. The group is focused on developing both an integrated cybersecurity architecture and achieving significant energy efficiencies in manufacturing.
Howard Grimes, CEO of CyManll, said the public-private consortium is working on a “cyber physical passport [that] will enable cyber-physical identification, tracking, and verification of parts and products in a uniform, hierarchical fashion with a framework that is extensible to a variety of processes — mechanical, chemical, electromagnetic.
The cyber physical passport, the cornerstone of CyManll’s planned secured supply chain project, will be introduced in the fourth quarter of this year as part of the first version of a Secure Manufacturing Architecture (SMA), Grimes said. The passport will be designed to physically capture and digitize an encrypted structure for every part/product/embodied energy signature throughout the supply chain, he said. Such passports will enable per-product verification, validation, and intelligent efficiency.
Although by Q4 many residents of wealthy nations could already be vaccinated against COVID-19, nearly one fourth of the world’s population may not get the vaccine until 2022. Further complicating the successful roll out of the vaccine, IBM’s Security X Force uncovered a targeted phishing attack in the fall of 2020 targeting global organizations associated with the COVID-19 cold chain.
Manufacturers are a cybersecurity target
US manufacturers continue to be one of the top targets of cyber criminals and nation state adversaries, Grimes said. This impacts the production and use of energy technologies such as electric vehicles, solar panels and wind turbines as well as other sectors such as oil and gas, semiconductors, and forest products. The increasing integration of digitization and automation in manufacturing also has made manufacturing infrastructure vulnerable to cyber attacks.
The innovations that CyManll plans to introduce would have provided significant protection against the type of attack experienced by SolarWinds, Grimes said.
CyManll will focus on three high priority areas: securing automation, building a national program for education and workforce development, and securing the supply network. This transformation, the institute said, requires starting with what it calls ε-PURE, standing for for Energy Efficient, Pervasive, Unobtrusive, Resilient, and Economical secure manufacturing architecture.
CyManll aiming to detect 1 trillion cyber threats
By the end of its five-year planned life, CyManll anticipates $20bn in cumulative US energy savings via secure and intelligent energy efficiency, 1 trillion US cybersecurity vulnerability instances detected and mitigated via use of ε-PURE energy innovations, and 1 million trained cybersecurity workers in US manufacturing.
Another one of the institute’s major goals is to write a national manufacturing cybersecurity roadmap, Grimes said. The institute is interviewing representatives from more than 200 manufacturers and surveying more than 1,000 small and medium manufacturers and OEMs.
“Based on the progress made to date on this roadmap, US manufacturers need a ‘secure by design’ cybersecurity approach, an open architecture that can be adapted to the diversity of manufacturing operations, a workforce development program that takes cybersecurity innovation to the factory floor, and a new investment model for cybersecurity,” CyManll said in a press release.
The initial version of Secure Manufacturing Architecture (SMA) will build on current cybersecurity capabilities and practices for manufacturing systems and enhance them with cyber-physical security capabilities and energy-efficiency, Grimes said. The SMA will evolve in later versions into a unified identity-based architecture, across automation systems and the supply chain networks, enabled by the institute’s new techniques for cyber-physical product identification, production bookkeeping, and vulnerability discovery and mitigation, he said.
The planned result is that the SMA will be industry-accepted, identity-centric, and cyber-physical-energy holistic. SMA will include reference implementation templates for use cases in key manufacturing sectors with evidence of the security and energy-savings enabled., Grimes said.
The cyber physical passport will depend partly on sensors during production to ensure product quality and integrity, Grimes said. The information from these sensors such as every motion of a machine tool, the type of tooling used for machining, energy consumption signature, and all process parameters can be stored in the cyber physical passport. The cyber physical passport will capture and digitize information generated by production systems that will provide data on process capabilities, as well as product quality and integrity, he said.
When the product arrives at its destination, it can be considered born qualified and accepted based on its cyber physical passport. The receiver of the part also will know that the part is genuine (not counterfeit), was made to specifications, and that no tampering with the production process occurred.
The institute also plans to introduce a new business model for US manufacturers’ investment in cybersecurity, Grimes said. Instead of merely installing bolt-on peripheral protections, the SMA will be designed to enable reductions in energy costs that far exceed the cost of implementation. Later, the institute plans to implement a state-of-the-art cyber training program to enable the workforce to use and optimize SMA on the factory floor and in tier one and two supply chains.
“As US manufacturers increasingly deploy automation tools in their daily work, those technologies must be embedded with powerful cybersecurity protections,” Grimes said. “UTSA has assembled a team of best-in-class national laboratories, industry, nonprofit and academic organizations to cybersecure the US manufacturing enterprise. CyManll will transform US advanced manufacturing and make manufacturers more energy efficient, resilient and globally competitive against our nation’s adversaries.”