CyManII Roadmap calls upon US manufacturers to bake cybersecurity awareness into the industry

The Cybersecurity Manufacturing Innovation Institute (CyManII) unveiled on Thursday its broad vision for cybersecurity in U.S. manufacturing for the next five years, delivering awareness of the cyber risks associated with manufacturing processes. The CyManII Roadmap is targeted primarily at small and medium manufacturers (SMM), large manufacturers, and original equipment manufacturers (OEMs) that supply large production industries, with a focus on delivering a ‘robust and aggressive pathway to transform the industry by making U.S. manufacturers the most cybersecure in the world.’ 

The outline offers manufacturers insight into the national benefits of a dedicated effort to secure the U.S. manufacturing industry from cyber threats. The research path described in the Roadmap is essential as U.S. manufacturers of all sizes drive toward processes that are data-intensive, digitized, and utilize emergent applications of artificial intelligence (AI) and machine learning (ML) to drive productivity gains in the face of growing complexity. 

The CyManII leadership will use the Roadmap as a guide for its areas of research and foundational activities. CyManII will leverage the Roadmap to focus on its own organizing principles, and as a means to engage with, and receive feedback from, key stakeholders. The Roadmap will also inform and shape future Requests for Proposals managed by the Institute.

The CyManII Roadmap acknowledges the reality that the current state of cybersecurity is not sustainable. “CyManII’s vision is not anchored to the current world of insecure systems of software and hardware. Rather, CyManII will pursue ambitious and aggressive pathways to new systems of architectures that will exponentially increase our Nation’s ability to withstand the fiercest cyber-attacks,” it added. 

The core research vision is to focus on ensuring architectures, systems, and processes have security properties that are backed with uncontradicted evidence for those properties. The technologies to define and ensure such properties have been emerging from research labs and have been successfully applied in varied and complex systems (of systems) by large technology companies over the last decade. 

CyManII will amplify and accelerate these new design concepts and implement them with our industrial partners to assure U.S. manufacturing competitiveness and security. CyManII’s research vision is to incrementally build an expanding library of relevant security properties and situations (models of systems) that can be applied and ensured with non-contradictory evidence, and continually demonstrate/pilot with U.S. manufacturers and OEMs how to apply these methods and tools to securely incorporate decarbonization innovations in thousands of diverse systems. 

The value of these results is that the resulting systems will be greater resilience, having fewer scarce technical resources (experts) to provide that resilience bringing about efficiency and economy, and emerging more sustainable from both the technology and financial perspective, in response to changing threats and risks from cyber adversaries.

CyManII was launched by the U.S. Department of Energy to advance cybersecurity in energy-efficient manufacturing, with a focus on pursuing targeted research and development that understands and acts upon evolving cybersecurity threats to bring about greater energy efficiency in manufacturing industries. The move is done by developing new cybersecurity technologies and innovations and sharing information and knowledge with the broader community of U.S. manufacturers. 

The CyManII Roadmap calls upon the manufacturing sector to continue introducing technical and digital innovations creating a digital thread that crosscuts industries and interdependent supply chains of all sizes. While manufacturers may not be focused on the details of how to secure digitization and digital threads from cyber threats, they are highly focused on the cyber benefits that CyManII offers as they pursue their fundamental goals of productivity, quality, and profit. Furthermore, as several CyManII industry members have articulated – manufacturers want to purchase products to digitize their operations but are concerned about the cyber risks that are introduced.

The CyManII Roadmap delivers a transition pathway from the current state to the future state and will require that CyManII and manufacturing partners work closely together to build secure architectures specifically designed to work with legacy and new systems. Just as computers are periodically updated to ensure they are compatible with the latest technologies and protected against new cyber threats, manufacturing systems must be continuously upgraded to ensure maximal effectiveness, efficiency, and cybersecurity. This process helps protect a system from becoming outdated, outmoded, and a portal for a cyber attack or breach. 

Similarly, the secure digital thread can be used to ensure that aging or legacy systems remain compatible with digital and cybersecurity requirements while also continuing to meet manufacturing enterprise, supply chain, and ecosystem capabilities, according to the CyManII Roadmap. This transition pathway also requires increased awareness among manufacturers on approaches for addressing present and future cyber risks and a workforce that is upskilled and reskilled through CyManII’s training programs to help their employers transition to bring about more cyber security in operations, it added.

Currently, in most manufacturing enterprises, operations are mostly well integrated providing a foundation for integrating security throughout the enterprise. “However, security may be designed into specific machines or systems but not designed into system architectures. The holistic approach of CyManII is to integrate security and operations not just at the individual machines/processes level, but also through line and plant operations, and eventually enterprise, supply chain, and ecosystems using CyManII’s secure manufacturing architecture (SMA),” the document added. 

“CyManII’s approach to security is reminiscent of earlier industry-wide efforts to prioritize quality by integrating quality into products and processes, including designing products, production systems, and overall supply chains,” the CyManII Roadmap said. Digital manufacturing and Industrial Internet of Things (IIoT) technologies are being deployed across manufacturing, delivering productivity and other gains while also creating known and unknown attack vectors and growing cyber risk due to the increased connectivity and access such systems provide, it added.

The CyManII Roadmap said that as manufacturing supply chains and digital threads are built, manufacturers must also protect proprietary information that competitors and adversaries value. Furthermore, progression towards the future state and towards democratization of manufacturing is dependent on digital threads as the communication framework that enables a connected data flow and integrated view of an asset’s data throughout its life cycle. The jobs and industries of tomorrow depend on the successful implementation of digital threads across broad manufacturing sectors ranging from clean energy to iron/steel manufacturers. If these digital threads are not cyber secure, U.S. manufacturers will be compromised in multiple cyber-exploit scenarios, it added. 

Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA) announced the formation of a joint ransomware task force, plans for which were originally outlined in the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The Ransomware Task Force will work on uniting stakeholders across industry, government, and civil society to innovate new solutions, break down silos, and find effective new methods of countering the ransomware threat.

The ransomware task force was announced by Jen Easterly, CISA director, at an Institute for Security and Technology (IST) event. She also said that the task force would have its first official meeting within the next few months. Last month, Easterly announced the expansion of CISA’s Joint Cyber Defense Collaborative (JCDC) initiative to include the industrial control system (ICS) industry consisting of security vendors, integrators, and distributors.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.