Responsive Additive Manufacture to Overcome Natural and Attack-based disruption (RAMONA)
Lead Research Organisation:
University of Warwick
Department Name: WMG
Abstract
Disruption resilient manufacturing is becoming increasingly important, with the current COVID-19 pandemic bringing this to the fore. Whilst COVID-19 was a natural disaster, the increasing digitisation of supply chains and manufacturing processes means further widespread challenges with respect to malicious activity and cyber attacks that can cause significant disruption. Whilst the news suggests many of these take place on digital platforms or within financial or health institutions, there is growing evidence that cyber-physical systems, such as manufacturing, are becoming more regularly targeted and therefore subject to disruption. For instance, a recent Cisco (2017) report found that 28% of manufacturers across 13 countries suffered cyber-attacks that resulted in revenue loss, with this set to increase as digitisation of the manufacturing industry increases. Therefore, it is crucial to identify methods of both securing against and reconfiguring if needed the point of production within the supply network should a string within the supply network become compromised.
This research focuses specifically on additive manufacturing supply chains as part of a responsive manufacturing system, to address the significant security challenges within manufacturing supply chains to ensure greater levels of supply chain resilience for both UK and global manufacturing. In particular, this would address the call from Additive Manufacturing UKs (2017) UK National Strategy Report for AM, where they highlighted a critical challenge is to address security related challenges in AM production, with the importance of this increasing if production is to be distributed and responsive to emergent changes within the system, such as an adversary infiltrating elements of the supply chain.
To support such rapid reconfiguration of the manufacturing system across the supply network, our vision is to create a practicable methodology for manufacturing systems that can detect a threat and reconfigure themselves rapidly in the presence of an adversary. The work packages developed as part of this research further address the critical challenges outlined above and underpin our vision through the development of 'double lock' system, of physical hash on the product and digital hash on component files secured against a distributed ledger technology, that can be scaled across and tailored to different SC configurations, allowing manufacturing to be responsive to disruption and enable greater resilience and agility in UK manufacturing SCs. This proposal also considers both the current state of the art in academic research, and the fundamental needs and applied research from industry. This research is transformative as it meets the twin hurdle of academic rigour and industrial relevance.
To create tools and techniques for resilient additive manufacturing this research will address the following challenges:
- How to develop effective techniques to detect disruption;
- How to effectively and accurately analyse the disruption; and
- How to respond to disruption through reconfigured manufacture.
This research focuses specifically on additive manufacturing supply chains as part of a responsive manufacturing system, to address the significant security challenges within manufacturing supply chains to ensure greater levels of supply chain resilience for both UK and global manufacturing. In particular, this would address the call from Additive Manufacturing UKs (2017) UK National Strategy Report for AM, where they highlighted a critical challenge is to address security related challenges in AM production, with the importance of this increasing if production is to be distributed and responsive to emergent changes within the system, such as an adversary infiltrating elements of the supply chain.
To support such rapid reconfiguration of the manufacturing system across the supply network, our vision is to create a practicable methodology for manufacturing systems that can detect a threat and reconfigure themselves rapidly in the presence of an adversary. The work packages developed as part of this research further address the critical challenges outlined above and underpin our vision through the development of 'double lock' system, of physical hash on the product and digital hash on component files secured against a distributed ledger technology, that can be scaled across and tailored to different SC configurations, allowing manufacturing to be responsive to disruption and enable greater resilience and agility in UK manufacturing SCs. This proposal also considers both the current state of the art in academic research, and the fundamental needs and applied research from industry. This research is transformative as it meets the twin hurdle of academic rigour and industrial relevance.
To create tools and techniques for resilient additive manufacturing this research will address the following challenges:
- How to develop effective techniques to detect disruption;
- How to effectively and accurately analyse the disruption; and
- How to respond to disruption through reconfigured manufacture.
Organisations
- University of Warwick (Lead Research Organisation)
- Progressive Technology (Project Partner)
- Aerospace Wales Forum Limited (Project Partner)
- 4Cybersec Ltd (Project Partner)
- Design Q Limited (Project Partner)
- Thales (United Kingdom) (Project Partner)
- University of Nottingham (Project Partner)
- Create Education Ltd (Project Partner)
- Aston University (Project Partner)
- Royal Berkshire NHS Foundation Trust (Project Partner)
Publications
Cox J
(2023)
Ensuring supply chain integrity for material extrusion 3D printed polymer parts
in Additive Manufacturing
| Title | A threat impact visualiser and risk analyser |
| Description | Threat impact/cost visualizer and risk exposure analyzer is a comprehensive approach that involves the following steps to identify, analyse and assess threats related to additive manufacturing. 1. Threat information collection: We collect the threat feeds from MITRE/CTI. This repository contains the MITRE ATT&CK® and CAPECâ„¢ datasets expressed in STIX 2.0. MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Given AM is a subset of ICS, many of the concepts in the ATT&CK framework are relevant and could be utilized by AM manufacturing organizations. 2. Threat analysis: The first step is to identify the potential attack vectors and threats related to additive manufacturing. This is done by researching and analyzing past attacks, vulnerabilities, and exploits that have affected the industry, as well as studying the tactics, techniques, and procedures (TTPs) of threat actors that have targeted the industry. This involves creating a taxonomy of the possible attack goals, attack targets and attack methods in AM supply chain. The system analyses the correlation between attack targets and attack methods. This helps in identifying the which attack targets can be achieved by a specific attack method. 3. Threat Impact: Threat impact can be assessed by analysing the correlation between attack targets and attack methods. This helps in identifying the which attack targets can be achieved by a specific attack method. For example, an attacker who wants to theft intellectual property might use a social engineering attack to trick an employee into revealing their login credentials. This step involves developing a visual representation of the potential impact of each threat. 4. Threat Likelihood: Threat likelihood refers to the probability or chance that a particular threat or risk associated with the attack methods will occur. This could include the likelihood of producing illegal or dangerous items, the likelihood of intellectual property theft, or the likelihood of producing defective products that could harm users. Likelihood can be estimated by two parameters: threat frequency and timeliness. 5. Risk analysis: Based on the threat impact Impact and threat likelihood, the system estimated the risk score corresponding to threats. The risk matrix then categorizes risks into different risk levels based on their scores, such as unknown, low risk, moderate risk, high risk, and extreme risk. 6. Experimental Results including List of Malware, Attacker Group, and Mitigations: The final step is to evaluate the effectiveness of the mitigation measures using experimental results. This involves identifying the malware used by attackers, the attacker groups involved, and the mitigations implemented to prevent or minimise the impact of the attack. |
| Type Of Material | Technology assay or reagent |
| Year Produced | 2022 |
| Provided To Others? | No |
| Impact | N/A at present |
| Title | Ensuring Supply Chain Integrity for 3D Printed Polymer Parts |
| Description | Data for thermal imaging of 3D Printing Material Extrusion for varying extrusion parameters for deposition of PLA. DSC data for 3D Printed PLA. |
| Type Of Material | Database/Collection of data |
| Year Produced | 2023 |
| Provided To Others? | Yes |
| Impact | N/A to date. |
| URL | https://data.mendeley.com/datasets/sb4gb5z4kd/1 |