2023-02-23 米国国立標準技術研究所(NIST)
A new and improved strategy for detecting cyberattacks on manufacturing systems, such as 3D printers, involves using AI to monitor a digital twin that mimics and is fed real-time data from the physical system.
Credit: N. Hanacek/NIST
◆より多くのロボットやその他の製造装置が遠隔操作されるようになると、悪意のあるサイバー攻撃の新たな入り口が生まれます。米国国立標準技術研究所(NIST)とミシガン大学の研究チームは、増大するサイバー脅威に対応するため、デジタルツイン技術と機械学習および人間の専門知識を組み合わせたサイバーセキュリティのフレームワークを考案し、サイバー攻撃の指標を示すことに成功しました。
◆IEEE Transactions on Automation Science and Engineeringに掲載された論文の中で、NISTとミシガン大学の研究者は、研究室にある3Dプリンターを狙ったサイバー攻撃を検知することで、この戦略の実現可能性を実証しています。また、このフレームワークは広範な製造技術に適用可能であるとも述べています。
◆サイバー攻撃は非常に巧妙であるため、他の日常的なシステムの異常と区別して検知することが困難です。例えば、センサーデータ、エラー信号、デジタルコマンドの発行や実行など、機械内で何が起きているかを示すオペレーションデータは、サイバー攻撃の検知をサポートすることができます。しかし、3DプリンターなどのOT(Operational Technology)機器からこの種のデータにほぼリアルタイムで直接アクセスすることは、工場現場でのプロセスのパフォーマンスと安全性を危険にさらす可能性があります。
◆デジタル・ツインは、ありふれたコンピュータ・モデルとは異なります。このモデルは、物理的なモデルと密接に連携しており、そこからデータを抽出し、ほぼリアルタイムで並行して実行します。そのため、現物を見ながら検査することができない場合、デジタルツインはその次善の策となります。
<関連情報>
- https://www.nist.gov/news-events/news/2023/02/how-digital-twins-could-protect-manufacturers-cyberattacks
- https://ieeexplore.ieee.org/document/10049398
デジタルツインベースのサイバー攻撃検知フレームワーク(サイバーフィジカル製造システム向け Digital Twin-Based Cyber-Attack Detection Framework for Cyber-Physical Manufacturing Systems
Efe C. Balta,Michael Pease,James Moyne,Kira Barton,Dawn M. Tilbury
IEEE Transactions on Automation Science and Engineering Published:2 February 2023
DOI:https://doi.org/10.1109/TASE.2023.3243147
Abstract
Smart manufacturing (SM) systems utilize run-time data to improve productivity via intelligent decision-making and analysis mechanisms on both machine and system levels. The increased adoption of cyber-physical systems in SM leads to the comprehensive framework of cyber-physical manufacturing systems (CPMS) where data-enabled decision-making mechanisms are coupled with cyber-physical resources on the plant floor. Due to their cyber-physical nature, CPMS are susceptible to cyber-attacks that may cause harm to the manufacturing system, products, or even the human workers involved in this context. Therefore, detecting cyber-attacks efficiently and timely is a crucial step toward implementing and securing high-performance CPMS in practice. This paper addresses two key challenges to CPMS cyber-attack detection. The first challenge is distinguishing expected anomalies in the system from cyber-attacks. The second challenge is the identification of cyber-attacks during the transient response of CPMS due to closed-loop controllers. Digital twin (DT) technology emerges as a promising solution for providing additional insights into the physical process (twin) by leveraging run-time data, models, and analytics. In this work, we propose a DT framework for detecting cyber-attacks in CPMS during controlled transient behavior as well as expected anomalies of the physical process. We present a DT framework and provide details on structuring the architecture to support cyber-attack detection. Additionally, we present an experimental case study on off-the-shelf 3D printers to detect cyber-attacks utilizing the proposed DT framework to illustrate the effectiveness of our proposed approach. Note to Practitioners —This work is motivated by developing a general-purpose and extensible digital twin-enabled cyber-attack detection framework for manufacturing systems. Existing works in the field consider specialized attack scenarios and models that may not be extensible in practical manufacturing scenarios. We utilize digital twin (DT) technology as a key enabler to develop a systematic and extensible framework where we identify the abnormality of a resource and detect if the abnormality is due to an attack or an expected anomaly. We provide several remarks on how our proposed framework can extend existing industrial control systems (ICS) and can accommodate further extensions. The presented DTs utilize data-driven machine learning models, physics-based models, and subject matter expert knowledge to perform detection and differentiation tasks in the context of expected anomalies and model-based controllers that control the manufacturing process between multiple setpoints. We utilize a model predictive controller on an off-the-shelf 3D printer to run the process, and stage anomalies and cyber-attacks that are successfully detected by the proposed framework.