Tufts Tackles Thorny Issues Surrounding Cybersecurity
Hackers are one of the biggest threats to digital factories and Industry 4.0 initiatives. If conveyors, fastening tools, robots and other equipment are not secure, state-of-the-art production technology can be rendered useless.
To address this issue and develop safeguards and policies, a cross-disciplinary team of faculty and students at Tufts University are studying the growing field of cybersecurity. Professors within the school of engineering are leading the charge, along with their colleagues from the school of law and the school of arts and sciences.
“At Tufts University, cybersecurity is viewed from a variety of different lenses,” says Karen Panetta, Ph.D., dean for graduate education at the school of engineering. “It includes using computer science and engineering to provide new algorithms and methodologies to better ensure privacy and security.
“Ultimately, we strive to better understand how cyberattackers think and operate, and the motivations behind their attacks,” explains Panetta, who is also an IEEE Fellow. “We can then develop the technology to help anticipate and deter their next moves.”
Cybersecurity is a growing field of research and will continue to become more important for manufacturers as cyberthreats become more sophisticated and malicious.
“A prominent concern [in manufacturing today is] how to ensure the safety of human operators, but what about protecting robots from the humans?” asks Panetta. “Malicious attacks on robots and other automated systems via cyberattacks could ultimately result in costly damage to equipment and facilities, and impact human safety.
“Without robust cybersecurity protocols in place, someone can illegally access [an assembly line] and hijack control of the system, allowing them to remotely operate [robots and] do whatever they choose,” warns Panetta.
In many cybersecurity attacks, perpetrators are trying to gain access to privileged information, such as credit card numbers or bank account information to steal money. But, a new class of criminal is intent on hijacking production systems to steal sensitive information or cause damage that will impair operations.
“Imagine having the ability to remotely increase the speed of motors, alter the force of robots or increase oven temperatures excessively,” says Panetta. “[This type of scenario] could result in overheated or damaged equipment, or worse, cause serious injury to operators.”
According to Panetta, one way to mitigate this is to ensure that there are hardware locks in place in every major system component to prevent any software-controlled wireless systems from ever exceeding safety limits. For instance, robots should have constraints on their actuators to ensure that they never extend beyond set work envelope limits.
“However, these tactics don’t prevent cyberattacks,” Panetta points out. “They are reactive safety protocols that can be deployed after the fact. The real impact that robust cybersecurity brings into manufacturing environments is the ability to proactively monitor and provide early detection of cyberattacks, so that the breach can be terminated before any damage is done.
“In addition, if the security system can gather information about the attacker and their methods, it can help law enforcement officials locate and prosecute perpetrators,” claims Panetta.
“One misconception about cybersecurity in factories is that having robust security on the system controller means the entire system and everything it controls is safe,” adds Panetta. “Attackers can find many alternative paths into systems, at any level or wireless device. Since manufacturing systems include components and systems from multiple vendors, attackers look for the smallest gap in security among these many components to gain access.
“The integration of all these different components and systems creates the greatest challenge for cybersecurity,” says Panetta. “Custom systems may require more customized protections that look at the entire system architecture, rather than just the expected entry point of control and its boundary interfaces.”