This page contains a Flash digital edition of a book.
Outlook


Cybersecurity for Advanced Manufacturing


Yesterday’s manufacturers operated fac- tories using “visual flight rules” (VFR)— they read blueprints, manually con- trolled machines, and directly inspected each operation. Today’s industrialists pilot advanced enterprises using “instru- ment flight rules” (IFR)—they rely on factory processes where digits go in and parts come out, with technicians operat- ing automated machine controllers and sensors. A digital thread of information flows on implicitly trusted networks to connect every level of the enterprise— from the shop floor to the global supply chain. But, as with instrument flying, if that digital thread is compromised the enterprise may crash. Our national and economic security


depends on critical manufacturing in- frastructure capabilities that are resilient in the face of cyber threats, especially in Aerospace and Defense. Tere is ample cause for concern. Symantec reports that manufacturing was the most targeted sector in 2012, accounting for 24% of all targeted attacks. Manufacturers must be equipped to prevent: theſt of technical data (for criminal or espionage purpos- es); alteration of data (thereby altering processes and products); and denial of control (damaging or shutting down op- erations, or holding them for ransom). Cyber spies, cyber criminals, cyber


terrorists, disgruntled insiders and hacktivists can attack in very sophisti- cated ways. For example, the Washing- ton Post (May 28, 2013) reported that an Advanced Persistent Treat (cyber espionage) exfiltrated technical design data on over two dozen US defense systems. Stuxnet, the worm that at- tacked the Iranian uranium refinement


capabilities, was a sophisticated attack against a cyber-physical system that caused physical damage. Treats like these are hard to detect and contain- ment/restoration can take months. Such sophisticated attacks are not yet commonplace, but this should not be cause for complacency. As Verizon puts it, “would you use a guided missile to attack a screen door that’s not locked”?


Cyber threats are hard to


detect and containment/restoration can take months.


So what needs to be done about the


unlocked screen doors in the critical manufacturing sector? First, we need to recognize the similarities and dif- ferences between the manufacturing operational technology (OT) culture and the information technology (IT) culture. Te OT community’s highest priorities are operational availability and throughput—anything that slows or stops operations is anathema. Unlike the IT community: • Operators run production machines as long as possible without rebooting, changing passwords or otherwise interfering with stable production processes.


• Factory technicians and vendors have administrator-level access to production machines.


• Security patches may not be available for weeks aſter a vulnerability appears. Machine downtime must be scheduled well in advance, and soſtware changes must be validated offline due to potential safety concerns.


Michael McGrath


VP for Systems and Operations Analysis Analytic Services Inc. (ANSER) Arlington, VA


• Supply chains are interconnected to such an extent that your suppliers’ vulnerabilities can become your vulnerabilities. Nonetheless, lessons learned in the


IT world can apply directly to networked transactions within the supply chain, and can be adapted to machines on the factory floor. Tis requires a mechanism that will help IT and OT practitioners collaboratively define needs, adopt known solutions and best practices, and develop new solutions to fill gaps. Tis mechanism must also meet the business needs of the manufacturing sector. Te NIST-led Cybersecurity Frame-


work initiative is developing such a mechanism. Launched by the Presi- dent’s February 2013 Executive Order on Improving Critical Infrastructure Cybersecurity, the initiative is sup- ported by multiple industry sectors. Tis framework will provide for voluntary participation in implementing practices and standards. It will give manufacturing companies and their partners a shared basis for achieving a level of cybersecuri- ty maturity commensurate with both the cyber risks and business needs applicable to their sector. It remains to be seen how DoD will address levels of compliance in future contract requirements—or invest in programs to strengthen the cyberse- curity of the Defense Industrial Base. Now is the time for A&D firms to engage in the collaboration forums and become part of the solution.✈


McGrath previously served as the Deputy Assistant Secretary of the Navy for Research, Development, Test and Evaluation.


Aerospace & Defense Manufacturing 2013 39


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104  |  Page 105  |  Page 106  |  Page 107  |  Page 108  |  Page 109  |  Page 110  |  Page 111  |  Page 112  |  Page 113  |  Page 114  |  Page 115  |  Page 116  |  Page 117  |  Page 118  |  Page 119  |  Page 120  |  Page 121  |  Page 122  |  Page 123  |  Page 124  |  Page 125  |  Page 126  |  Page 127  |  Page 128  |  Page 129  |  Page 130  |  Page 131  |  Page 132  |  Page 133  |  Page 134  |  Page 135  |  Page 136  |  Page 137  |  Page 138  |  Page 139  |  Page 140  |  Page 141  |  Page 142  |  Page 143  |  Page 144  |  Page 145  |  Page 146  |  Page 147  |  Page 148  |  Page 149  |  Page 150  |  Page 151  |  Page 152  |  Page 153  |  Page 154  |  Page 155  |  Page 156  |  Page 157  |  Page 158  |  Page 159  |  Page 160  |  Page 161  |  Page 162  |  Page 163  |  Page 164  |  Page 165  |  Page 166  |  Page 167  |  Page 168  |  Page 169  |  Page 170  |  Page 171  |  Page 172  |  Page 173  |  Page 174  |  Page 175  |  Page 176  |  Page 177  |  Page 178  |  Page 179  |  Page 180  |  Page 181  |  Page 182  |  Page 183  |  Page 184  |  Page 185  |  Page 186  |  Page 187  |  Page 188  |  Page 189  |  Page 190  |  Page 191  |  Page 192  |  Page 193  |  Page 194  |  Page 195  |  Page 196  |  Page 197  |  Page 198  |  Page 199  |  Page 200  |  Page 201  |  Page 202  |  Page 203  |  Page 204  |  Page 205  |  Page 206  |  Page 207  |  Page 208  |  Page 209  |  Page 210  |  Page 211  |  Page 212  |  Page 213  |  Page 214  |  Page 215  |  Page 216  |  Page 217  |  Page 218  |  Page 219  |  Page 220  |  Page 221  |  Page 222  |  Page 223  |  Page 224  |  Page 225  |  Page 226  |  Page 227  |  Page 228  |  Page 229  |  Page 230  |  Page 231  |  Page 232  |  Page 233  |  Page 234  |  Page 235  |  Page 236  |  Page 237  |  Page 238  |  Page 239  |  Page 240  |  Page 241  |  Page 242  |  Page 243  |  Page 244  |  Page 245  |  Page 246  |  Page 247  |  Page 248  |  Page 249  |  Page 250  |  Page 251  |  Page 252  |  Page 253  |  Page 254  |  Page 255  |  Page 256  |  Page 257  |  Page 258  |  Page 259  |  Page 260  |  Page 261  |  Page 262  |  Page 263  |  Page 264  |  Page 265  |  Page 266  |  Page 267  |  Page 268  |  Page 269  |  Page 270  |  Page 271  |  Page 272  |  Page 273  |  Page 274  |  Page 275  |  Page 276  |  Page 277  |  Page 278  |  Page 279  |  Page 280  |  Page 281  |  Page 282  |  Page 283  |  Page 284  |  Page 285  |  Page 286  |  Page 287  |  Page 288  |  Page 289  |  Page 290  |  Page 291  |  Page 292  |  Page 293  |  Page 294  |  Page 295  |  Page 296  |  Page 297  |  Page 298  |  Page 299  |  Page 300  |  Page 301  |  Page 302  |  Page 303  |  Page 304  |  Page 305  |  Page 306  |  Page 307  |  Page 308  |  Page 309  |  Page 310  |  Page 311  |  Page 312  |  Page 313  |  Page 314  |  Page 315  |  Page 316  |  Page 317  |  Page 318  |  Page 319  |  Page 320  |  Page 321  |  Page 322  |  Page 323  |  Page 324  |  Page 325  |  Page 326  |  Page 327  |  Page 328