Cyber-physical attack vulnerabilities in manufacturing quality control tools

Abstract

With advances in computer and networking technologies, along with the increasing dependency on interconnected cyber-physical components, the threat of cyber-physical attacks against manufacturing is on the rise. As opposed to traditional cyber-attacks, cyber-physical attacks go beyond intellectual property theft and can affect the physical world. In manufacturing, such attacks can result in changed product designs, manipulated manufacturing equipment, and altered final products. For over a century, manufacturing systems have relied heavily on Quality Control (QC) systems to ensure stable processes and product integrity. However, previous research has suggested that current QC tools could be exploited by an adversary, making it difficult or even impossible to detect attacks. Unfortunately, there has been little to no effort to identify/understand opportunities where QC tools could be exploited, which is an essential step toward developing new cyber-security solutions for manufacturing. In response, this paper establishes a systematic approach to effectively categorize QC tool vulnerabilities. Furthermore, to highlight the importance of this research to the manufacturing community, the negative effects of exploiting QC tools by cyber-physical attacks are demonstrated in this paper. Finally, best practices and guidelines for better cyber-physical security in manufacturing are also presented.

Keywords:

• cyber-physical security
• manufacturing systems
• quality control
• quality control tool misuse
• quality control vulnerabilities
• statistical process control

Acknowledgments

The authors would like to thank Prof William H. Woodall, Dr Gregory Purdy, and Ms Romina Dastoorian for their comments on different versions of this manuscript.

Notes

1 When estimated values are used for the process’ mean and standard deviation, the traditional 3-sigma control limits for an X-bar control chart are evaluated from the equations: x̿ ± A₂R̅; where x̿ is the mean estimator, R̅ is the average range, and A2 is a constant that equals 0.577 when the number of observations per sample (n) is 5 (Montgomery 2009).

2 When estimated values are used for the process’ mean and standard deviation, the centerline for an R chart equals to $\overline{R}$ and its upper and lower control limits are evaluated from the equations: UCL = D₄$\overline{R}$ and LCL = D₃$\overline{R}$, respectively; where $\overline{R}$ is the average range and both D₄ and D₃ are constants that are equal to 2.114 and 0, respectively, when the number of observations per sample (n) is 5 (Montgomery 2009).

3 When estimated values are used for the process’ mean, the traditional 3-sigma control limits for an I chart are evaluated from the equations: x̅ ± 3$\overline{MR}$/d₂; where x̅ is the mean estimator, $\overline{MR}$ is the moving range, and d₂ is a constant that equals 1.128 when the number of observations per sample (n) is 2 (Montgomery 2009).

4 A₂ is a constant that depends on the value of n.

Additional information

Funding

This research work was funded by the National Science Foundation (NSF) grant CMMI-1436365 and supported by Virginia Tech’s Cyber-Physical Security Systems Manufacturing (CPSSMFG) Group. However, any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.

Notes on contributors

Ahmad E. Elhabashy

Ahmad E. Elhabashy has received his PhD degree in Industrial and Systems Engineering from Virginia Tech in 2018 and both his BSc and MSc degrees in Production Engineering from Alexandria University, Egypt, in 2009 and 2012, respectively. Ahmad is currently working at the Production Engineering Department at Alexandria University. His research interests include quality control, production planning and control, modelling of industrial systems, and optimization, particularly in manufacturing context.

Lee J. Wells

Lee J. Wells received the BS and the MS degrees in Mechanical Engineering from Michigan Technological University, Houghton, Michigan in 2005 and 2008, respectively, and the PhD degree in Industrial and Systems Engineering from Virginia Tech, Blacksburg, Virginia in 2013. He is currently an Assistant Professor in the Department of Industrial and Entrepreneurial Engineering & Engineering Management, Western Michigan University, Kalamazoo, Michigan. His research interests include cyber-physical security for advanced manufacturing, quality control for data-rich manufacturing environments, and statistical process control.

Jaime A. Camelio

Jaime A. Camelio is the Rolls-Royce Commonwealth Professor for Advanced Manufacturing at the Grado Department of Industrial and Systems Engineering at Virginia Tech. He leads the Virginia Tech Cyber-Physical Systems Security Manufacturing Group, which along with its industry partners and alliance with government agencies, is looking to improve the resiliency of the critical infrastructure of the United States, specifically the manufacturing-related segments. Dr Camelio holds a PhD in Mechanical Engineering and a MSc in Industrial Engineering from the University of Michigan and a BSc and an MSc degree in Mechanical Engineering from the Universidad Catolica de Chile. His research interests are in assembly systems, intelligent manufacturing, process monitoring and control, and cyber-physical security in manufacturing. He has authored or co-authored more than 70 technical papers and holds one patent.