As the information age progresses, cyber-attacks have become increasingly malicious while decreasing in visibility. At the same time, advanced manufacturing systems rely heavily on new cyber-technologies, such as internet-based computer aided engineering support tools and networked manufacturing and inspection equipment. While the resulting data connectivity has accelerated the product/process design-cycle and allowed for extensive analytical capabilities, it has also resulted in an increase of digital entry points into a manufacturing system. Therefore, it is no longer a question of if, but rather when, our manufacturing infrastructure will become the victim of cyber-attacks. For over a century manufacturing has relied heavily upon the use of quality control (QC) systems to detect quality losses and ensure the production of high-quality parts. However, current QC approaches are not designed to detect the effects of a cyber-attack. An undetectable change in a manufacturing system can adversely affect a product's design intent, performance, quality, or perceived quality. The results could be financially devastating by delaying a product's launch, ruining equipment, increasing warranty costs, or losing customer trust. More importantly, attacks pose a risk to human safety as operators and consumers could be using faulty equipment and products. QC systems are based upon assumptions that may no longer be valid under the presence of an attack. In essence, these assumptions become vulnerabilities that can be used to make an attack undetectable.
The goal of this Grant Opportunity for Academic Liaison with Industry (GOALI) research project is to identify vulnerabilities that exist in current QC systems and to develop new tools that significantly reduce or eliminate these vulnerabilities. The focus of this research is to approach the quality monitoring-detection-diagnosis cycle as an integrated cyber-physical security problem. A hybrid information technology (IT) and quality control system capable of detecting and compensating for quality losses caused by either physical or cyber process shifts will be investigated. The work focuses on statistical process control (SPC). For this endeavor, vulnerabilities will be identified across the three distinct phases of SPC, using a vulnerability identification study approach that takes the perspective of an attacker to understand what information could be used to identify and exploit vulnerabilities. Once these vulnerabilities are identified, new hybrid IT/QC tools will be created to supplement and/or replace currently used SPC approaches to significantly reduce or eliminate their weaknesses to cyber-attacks. Furthermore, these new tools will be developed considering multiple vulnerability levels, based on the type of information used to exploit the system.
