Virginia Tech Cyber-Physical Systems Security Manufacturing Group establishing Security Preparation and Response Plan

While working in additive manufacturing to develop airplane parts for GE Aviation, a young engineer named Tomilayo Komolafe quickly spotted cyber-physical vulnerabilities in the manufacturing process. That insight led him to pursue his Ph.D. in cyber-physical security systems under Dr. Jaime A. Camelio at Virginia Polytechnic Institute and State University in Blacksburg, Va. 

Camelio leads the Virginia Tech Cyber-Physical Systems Security Manufacturing Group, which along with its industry partners (MTConnect Institute, AMT, Western Michigan University, and the Commonwealth Center for Advanced Manufacturing) and government agencies is looking to safeguard the physical environment of the manufacturing process.
 

Camelio explains, “Every day, we rely on complex, safety-critical mechanical systems, such as next-generation composite aircraft, artificial heart valves, automated drug dispensary equipment, high-speed rail systems and gas turbines. These systems use physical parts that are precisely engineered for balance, strength, weight and safety. Malicious attacks on the manufacturing process can modify these precisely engineered components to change mechanical tolerances, causing problems ranging from excess shearing forces to increased humidity and creating significant safety or monetary issues.”

To make a manufacturing enterprise resilient (prepared for and in response) to unwanted cyber-physical events, the group has three main focus areas: 
 
  • Vulnerability assessment of the manufacturing enterprise,
  • Improving in-process monitoring in manufacturing systems, and
  • Augmenting current quality control tools in manufacturing to detect unwanted changes in part or production.

Concentrating on the third area, Komolafe is developing a monitoring system to detect deviations in each part as it is produced, and discern if the discrepancies are due to machine wear, variations inherent in manufacturing or an attack. This monitoring system is based on piezoelectric transducers, which effectively measure changes in a part’s stiffness, damping or mass and converts these changes to easily measurable electrical signals. Additive manufacturing is vulnerable to cyberattacks, which can alter the original design intent, creating a weaker product. A specific threat might be the potential for a cyberattack to change the design and manufacturing of an airplane wing component, so that the part no longer functions properly under certain loads in real-world usage. 

This month, the Virginia Tech Cyber-Physical Systems Security Manufacturing Group will launch a vulnerability database, located at www.cpssmfg.com, which allows industry stakeholders to upload and search information about potential “back door” vulnerabilities. Suppliers can find out if their machines need to be better engineered; operators can share weaknesses; researchers can bring about solutions; and all can help to prepare for and respond to cyber-physical attacks.