Publications
Framework for Identifying Cybersecurity Risks in Manufacturing
Hutchins, Margot J.; Bhinge, Raunak; Micali, Maxwell K.; Robinson, Stefanie L.; Sutherland, John W.; Dornfeld, David
Increasing connectivity, use of digital computation, and off-site data storage provide potential for dramatic improvements in manufacturing productivity, quality, and cost. However, there are also risks associated with the increased volume and pervasiveness of data that are generated and potentially accessible to competitors or adversaries. Enterprises have experienced cyber attacks that exfiltrate confidential and/or proprietary data, alter information to cause an unexpected or unwanted effect, and destroy capital assets. Manufacturers need tools to incorporate these risks into their existing risk management processes. This paper establishes a framework that considers the data flows within a manufacturing enterprise and throughout its supply chain. The framework provides several mechanisms for identifying generic and manufacturing-specific vulnerabilities and is illustrated with details pertinent to an automotive manufacturer. In addition to providing manufacturers with insights into their potential data risks, this framework addresses an outcome identified by the NIST Cybersecurity Framework.