Session: 17-01-01: Research Posters

Paper Number: 150368

150368 - A Cyber-Security Case Study: Balancing Openness and Protection for a Manufacturing Research Environment 

Strategic industrial sectors across the world face a diverse and evolving range of challenges, primarily focussed on increased responsiveness, productivity, and competitiveness in the global market. As a result, we have seen the rise of a variety of industrial digitalisation technologies (IDTs) to optimise and streamline the production lifecycle. Examples of these IDTs include: internet of things, edge computing, digital product passports, the application of machine learning on the shop floor, model-based systems approaches, intelligent optimisation and data analytics during the design and engineering stages, and in general, both increased shop floor integration and increased integration between the shop floor and the higher-level systems such as planning and scheduling.

 

However, along with the well-publicised opportunities, implementing these IDTs presents a number of challenges for the sector. One particular challenge is that of protecting against cyber-attacks. Such attacks have become more common in recent years, not only against the manufacturing organisations themselves, but also against the supply chain and against educational and research organisations such as universities. Each of these groups face the need to secure their infrastructure, all working towards the same end goal of security, but each with their own unique set of challenges around that goal. Research universities, for example, face the unique challenge of needing to balance openness and security. Their network infrastructure must support a large body of users over which relatively little control can be exerted (i.e., students), whilst at the same time protecting both their own data and functionality, and their partners' proprietary intellectual property.

 

This poster describes the process by which the University of Nottingham, UK, is approaching the cyber security for Omnifactory, a national testbed demonstrator for digital- and informatics-enabled smart manufacturing technologies.

 

At the start of this process, the options in terms of approach and standards for cyber-security were evaluated. Although Information Technology (IT) and Operational Technology (OT) are still quite divided in terms of implementation and management in most organisations, this separation is becoming narrower and more of a grey area in many large manufacturers. At the same time, although IT security is very mature, OT security is comparatively less so, and this is exacerbated by rapid changes in the requirements and capabilities of OT.

 

Requirements from the aerospace industry were surveyed, and major partners and stakeholders from this sector were included in the process. Information security requirements published by such organisations generally focus on IT rather than OT, and also generally focus on supplier IT infrastructure in terms of managing customer data, rather than the supplier's OT infrastructure. Consequently, many of these requirements are not applicable to a research partner who supplies knowledge rather than parts. There is naturally very little public information on manufacturers' own internal cyber security approaches.

 

With this in mind, a holistic approach that combines the IT security of the University's common infrastructure, and OT security of the dedicated manufacturing research infrastructure, was chosen. Three major standards are addressed: ISO/IEC 27001, Cyber Essentials, and IEC 62443. This poster focusses primarily on the process to implement IEC 62443 in the manufacturing research infrastructure within a University environment. The lifecycle approach is summarised, along with the initial and detailed risk assessments used to determine a target security level. Next steps on the process are presented, along with overall conclusions.

Presenting Author: David Sanderson University of Nottingham

Presenting Author Biography: Dr David Sanderson is a Principal Research Fellow with a background in systems engineering specialising in the integration of adaptive systems for complex applications. Having gained his Masters in Information Systems Engineering and PhD in Intelligent Systems and Networks, both from Imperial College London, UK, he is currently part of the Institute for Advanced Manufacturing at the University of Nottingham, UK. He is a member of the IEEE (Institute of Electrical and Electronics Engineers) and the Society for the Study of Artificial Intelligence and the Simulation of Behaviour. His work in Nottingham addresses intelligent integration, control, and reconfiguration in manufacturing, with previous low-TRL projects focussing on behavioural modelling and context awareness. Current projects focus on the mid-TRL integration of production systems for high-value, high-complexity, low- or variable-volume products in the aerospace domain that require solutions not addressed by conventional off-the-shelf MES and shop-floor control systems.

Authors:

David Sanderson University of Nottingham
Jack Chaplin University of Nottingham
Svetan Ratchev University of Nottingham