Manufacturing cybersecurity – assurance through research and education
24/05/2016

I did my first degree in computer science before coming to the UK to study a Master’s course in computer security and digital forensics. I didn’t just want to learn how to secure systems, I wanted to be able to figure out how and who was hacking. My interest in further working on protecting and improving cybersecurity systems is the reason that I decided to come to Cranfield to do my PhD.
There’s no such thing as absolute cybersecurity
The scariest thing about working in this area is that you work within the knowledge that there is no such thing as absolute security. No system is fool-proof, no platform is immune to the risks – whether it’s from competitor organisations, a disgruntled employee, terrorists, or script kids who just want to give it a go and see what they can do. The motivations vary but the risks are significant. There are couple of high profile examples – in 2014, an unnamed Germany steel mine was breached “by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage.” It was another example of a digital attack causing physical damage, following the Stuxnet virus that attacked Iran’s nuclear centrifuges.
So how is this related to our daily life? Consider the implications if there was an attack on the systems that control our water treatment network, the oil and gas industry, transportation or manufacturing infrastructure. Hacking on this kind of macro scale has the potential to cause a national and international emergency. People often worry about their personal data online or their bank accounts, as it is often followed by larger personal wealth loss.
Accepting cybersecurity as a priority
I don’t want to sound like an alarmist, but this is a realistic risk that we need to actively defend against. There is a definite need to engage proactive measures to prevent such risks. My research aims to find ways to enhance security in the light of the current demand for cybersecurity for industry 4.0, and offer solutions for companies, particularly where there is still a false sense of security. In some cases, it is believed that ‘closed’ systems aren’t vulnerable because they aren’t connected to the corporate enterprise networks or internet. But when these companies look at improving productivity and profitability by incorporating devices like routers and servers, often they aren’t aware of the risks introduced by the connection. For example, a breach could be caused by purchasing and installing vulnerable IP-enabled devices, or devices that were pre-configured with malicious software, in which case, the ‘hacking’ had happened long before the product even arrived at the company’s premises.
Can research actually help?
IoT technologies have prompted Industry 4.0, and security for smart manufacturing has attracted much attention by enterprises, organisations and researchers. Many whitepapers and reports show the significance of security with respects to enterprise systems, supply chains, connected devices, mobile devices, cloud services, and big data, etc. All of these seem dazzling to us, but provide essential clues for cybersecurity.
The security strength of an organisation depends on the degree to which organisations protect their weakest links in enterprise systems or manufacturing systems. In current security situation, people (users) could be the weakest link in an enterprise. One of my current research focuses is to develop a model for assessing manufacturing workforce cyber security capability. Essentially an evaluation method that would enable enterprise owners understand the capabilities of their workforce to preempt, detect, and respond appropriately to cyber incidents, determining the weakest link(s), specific capacity needs, and how to prioritise and engage cyber security capacity-building programmes in the manufacturing enterprise. While a testbed could provide demonstration platform for identifying and testing the cybersecurity potentials in emerging enterprise manufacturing, cyber security metrics could guide the process of identifying manufacturing infrastructure security postures and susceptibilities, and an adaptive risk management methodology for achieving manufacturing cyber security assurance.
Hence, in response to the demand for the security of smart manufacturing enabled by IoT technologies, my research will benefit the manufacturing community by: (i) improving awareness of the emerging cyber risks associated with industry 4.0 and disabusing those thoughts of being completely insulated from cyber risks; (ii) give understanding through experimental demonstrations of potential security critical control points of a manufacturing network; (iii) developing an approach to ascertaining the security capability level of both manufacturing-floor, and enterprise user workforces, thus to influence response directions for improving security; (iv) creating handy cybersecurity mixed metrics for gauging the overall security potentials of manufacturing enterprises, with appropriate risk management methodology for improving cybersecurity assurance.
What can be done to improve the awareness of cybersecurity?
The National Crime Agency’s Cyber Choices campaign aims to increase the number of young people using their coding skills positively. They point that hacking is not a victimless crime. It’s crucial that we continue to increase training and research opportunities in this area. Today, higher education is a major contributor to economic success, producing, changing and transferring cutting edge knowledge from research, and continues updating our education to match the pace of technology development. In order to respond to our continuous changing society, Cranfield manufacturing will start a new MSc Course in Cyber-Secure Manufacturing (http://www.cranfield.ac.uk/csm) in 2016/2017, to develop the next generation of manufacturing engineers who are able to protect manufacturing systems and machines against cyber threats. Correspondingly, the four core modules, as short courses, are also open to professionals in manufacturing and other engineering sectors. This is our bold step towards building security aptitude in the next generation of manufacturing and informatics graduates and experts, and also ensuring that such capacity is made available to a wider industrial and academic community.
Categories & Tags:
Leave a comment on this post:
You might also like…
Me, myself, and anxiety
Then and now I remember the moment very well – I was sat at a desk talking to my boss, pointing out the key elements of a strategic plan. I was in quite a stressful ...
“My Cranfield degree transformed me as a person”
Kalyani Hedge (Management MSc, 2021), is currently working as the Head of Supply Chain, Administration and Legal at Nandu Chemicals Private Limited. We caught up with Kalyani to find out more about her experiences ...
“Studying at Cranfield encouraged me to move out of my comfort zone”
For marketing professional Jim Davies, studying for a part-time MSc in Marketing and Leadership at Cranfield School of Management was the catalyst for making a bold career move after more than a decade spent ...
Commonwealth, Cranfield and my journey so far
I have worked in the water treatment plant of a hospital, as a biochemist, for over a decade, and therefore have first-hand experience of managing water quality and the challenges faced by a low-income ...
Cranfield University bursary opportunities – my experience
My name is Paula Gonzalez, and I am currently completing my Thermal Power MSc at Cranfield University. I began my studies in March 2021 - although my journey towards this goal started long before ...
The beautiful outdoors and how it welcomed me to the UK
Hiya! I am Arjun Yadav. Studying at Cranfield so far has been a pleasure, and I have been enjoying my time on campus as well as exploring England. I have taken a keen interest ...
You are really a genius am proud to see u moving forward. Congratulations my brother. Aliyu Ibrahim OR
Excellent piece of work