1. Cybersecurity and Machine Tools
Doc. No F-0006
Cybersecurity and Machine Tools
Bill Barkman
Recommendations on Research Needs in Machining and Machine Tools
Kevin Lamb 03/22/2018
Y/PM
Approved for Public Release
Internal Use Only

2. Cybersecurity “Hot” Topics
Stuxnet
Wannacry
Flaws in design of semiconductor chips

3. What Does This Have To Do With Machine Tools?
Machine tools often exist in a networked environment that provides a link from the internet to the shop floor control system.
When the Windows operating system is used as a “front end” for machine tool controls ( the so called “Operational Technology (OT) side”) it rarely receives the cybersecurity patches that are associated with the “Information Technology (IT) side”.
“Non-Windows” controls can also have unrecognized vulnerabilities – “zero-days”

4. What Are The Risks To Machine Tool Users???
Information Loss – Exfiltration
File Corruption – incorrect offsets or tool path errors (perhaps subtle)
Firmware Corruption
Production of faulty products that may not be recognized until they are “in the field.”

5. Example Attack Scenarios
Modified In-tol/Out-tol settings during part program preparation
Exfiltrating or modifying information on shop floor host
Exfiltrating or modifying information on control system
Modifying software or firmware, at the vendor factory, to introduce malware

6. What Are “Popular” Solutions?
Establish a NIST SP “compliant” environment.
Compliance is an “illusion” and “reality” is that we have a dynamic threat environment.
An unfunded mandate.
Encryption is useful and a “two-edged” sword.
These approaches can be challenging for many small to medium size manufacturing enterprises

7. What’s Really Needed?
A secure, robust network environment for CNC machine tools.
Network segmentation, effective password management, personnel training, intrusion/anomaly detection, etc.
Embedded functionality that doesn’t place the full cybersecurity burden on manufacturers.
Especially the small to medium size companies that have limited resources.
Ability to “patch” software issues without disrupting control system functionality.
“IT” vs “OT”
Secure collaboration environments for interacting with partners in a supply chain.
Network Monitoring to recognize problems “sooner than later.”
Acknowledgement that cybersecurity is a major national security issue.

8. Research Opportunities
Establish cybersecurity approaches that don’t place the full burden of “compliance” on machine tool users (enable CNC “safe” operation in a challenging cybersecurity environment).
Address exfiltration of information
Address corruption of information
Address Artificial Intelligence tools for detecting “problems.”

9. Network Monitoring/Anomaly Detection
Detect issues within local networks
Automatic, anonymous data sharing of detected issues across industrial base
Sharing threat information and “solutions” across supply chains

10. Exfiltration
Systems that recognize attempts to extract information and quarantine the process, even if it is “embedded at the factory.”
Develop “fail safe” techniques for removing information when needed.

11. Corruption
At shop host or in CNC memory: compare with “master record.”
Consider “hashing” to avoid embedded malware issues.
At part program execution.
Consider buffer/cache options.

12. Build Cybersecurity Into Control
Embed typical IT cybersecurity tools/protocols
Incorporate ability to easily upgrade control software
Defeat embedded malware with inherent design features
Base control design on the assumption that it is operating in a “hostile” environment.
Assume undetected malware is embedded in the control

13. Artificial Intelligence Tools
Recognize inappropriate behavior
Incorporate “boot” routines that compare actual machine performance with desired performance
Quasi-static displacements
Dynamic performance monitoring

14. Questions