As the factories for U.S. manufacturers are increasingly becoming digitized and connected, the surface for cyberattacks is broadening. To allow experimentation on cybersecurity technology for the factory floor, the Digital Manufacturing and Design Innovation Institute, Chicago, officially launched its “Cyber Hub for Manufacturing” earlier this month. DMDII reported that the U.S. Department of Defense contributed $750,000 in seed funding for the hub.
I spoke with Thomas McDermott, the institute’s executive director, about the priorities for the hub and how to best address the cybersecurity threats small and medium-sized manufacturers (SMMs) face. Those manufacturers are particularly vulnerable because their resources to address potentially sophisticated cyberattacks are not as plentiful as larger companies, according to DMDII.
“They don’t have sophisticated cybersecurity personnel, IT infrastructure or policies in place,” McDermott said.
He said the first priority is to build distinctive cybersecurity capability for the manufacturing space, which requires a team effort. “We are trying to recruit the appropriate leaders who have a real vision for cybersecurity and really understand the trade-offs working with cybersecurity in an operational technology world.”
Director of DOD Manufacturing Technology Tracy Frost announces funding for the Cyber Hub for Manufacturing at DMDII on March 12, 2018. Also pictured (left to right): Thomas McDermott, executive director of DMDII; Illinois Gov. Bruce Rauner; Chicago Mayor Rahm Emanuel; Rep. Mike Quigley; Ald. Walter Burnett; Sen. Dick Durbin; UI LABS CEO Caralynn Collens. Photo by Bryan Audia, UI LABS.
Effective cybersecurity also involves laying a foundation of unique assets to construct a real-world environment for testing and validating different solutions, he added. Another aspect of the hub focuses on identifying the tools needed by a broad cross-section of manufacturers, customizing the tools for the manufacturing environment and getting them to market.
The potential cybersecurity threats are varied, ranging from amateurs looking for a new mischievous challenge to criminal enterprises seeking to profit by holding data ransom and stealing intellectual property to state actors wanting to compromise national security. One scenario, McDermott said, could involve a hacker changing the way a mission-critical defense product is manufactured by instructing a machine tool to remove more material from a part feature than specified.
“Because there are interconnected systems, you don’t recognize it and all of the sudden the meantime between failure for the part changes,” he said. “Maybe it’s cut in half.”
Not only are there national security implications, but manufacturers face massive risks to their reputations when they ship defective parts.
Although some SMMs likely don’t consider cybersecurity to be something worth spending much time and money on, McDermott said customers are going to demand it.
“These are real threats; it’s not fantasy,” he said. “What’s not happening today and what we hope will change is to help those manufacturers realize they are targets and can do something that is cost-effective to mitigate those threats.”
Because cybersecurity is complex and not easily managed, organizations are often hard-pressed to adequately protect themselves without outside assistance. McDermott emphasized that DMDII has a mandate to try and solve problems that are too demanding for one company to solve on its own. “That’s literally what we exist to do.” As a result, the institute is bringing together its government, industrial and academic partners, along with others, to create a comprehensive program that addresses the threats and is customized for the needs of an end user, such as a small manufacturer.
“Manufacturing in the United States is an important part of our economy and deserves the same level of consideration and protection given toward insurance, financial services and health care as examples,” he said.