Secure. Together.
That is the philosophy of CyManII (pronounced sī-man-ē), the Cybersecurity Manufacturing Innovation Institute. CyManII is an inclusive national research Institute comprised of members from: a) major leading research universities in cybersecurity, smart, and energy efficient manufacturing; b) Department of Energy (DoE) National Laboratories with deep expertise in operational technology (OT) and industrial control systems (ICS) cybersecurity and resilient and secure supply chains; and c) leading manufacturers providing deep knowledge of supply chain logistics, factory automation, and production issues.
CyManII was launched in 2020 by the DoE as part of the greater Manufacturing USA Network and as a Clean Energy Manufacturing Institute to work across the manufacturing industry, research and academic institutions, and federal government agencies to develop technologies that enable the security and growth of the U.S. manufacturing sector. To be globally competitive, it is essential that the U.S. takes the lead in designing and building secure architectures, and CyManII is focused on securing U.S. manufacturing from design to production, including the design pipeline and the supply chain.
CyManII’s research focuses on understanding evolving cybersecurity threats and ways to achieve greater energy efficiency in manufacturing industries. It is also developing new cybersecurity technologies and methods, and sharing that information and knowledge with the broader U.S. manufacturing community.
As a collaborative institute, CyManII has a partnership ecosystem comprised of more than 50 members, including three DOE labs (Idaho National Laboratory, Oak Ridge National Laboratory, and Sandia National Laboratories) and four Manufacturing Innovation Institutes, as well as a host of powerhouse universities, industry leaders, and nonprofits.
To understand CyManII’s role in implementing a national vision for manufacturing cybersecurity, Smart Manufacturing talked with CEO Howard Grimes, who shared insights into how his team uses pilot programs and industry use cases to make better use of tools and architectures to help secure U.S. manufacturing from threats at home and abroad.
At the outset, it is clear work is needed to educate manufacturers on the value of cybersecurity investments, and, importantly, the true cost of not investing.
“Manufacturers see cybersecurity as a cost inhibitor,” Grimes said, adding that it’s a challenge to get manufacturers to understand the potential ROI of investing in cybersecurity. “Data shows that the chance of a cyberattack on a manufacturer is not a matter of if, but when.”
According to a press statement by CyManII, U.S. manufacturers are top targets for cyber criminals and nation-state adversaries, impacting the production of energy technologies such as electric vehicles, solar panels, and wind turbines. Integration across the supply chain and an increased use of automation applied in manufacturing processes can make industrial infrastructures vulnerable to cyberattacks.
Noting that many small- and mid-sized manufacturers (SMMs) are working with low profit margins, skeleton staff, and demanding customers, Grimes said such organizations may not have the resources to address cybersecurity within their organization. “From a practical standpoint, the costs associated with a cyber breach far outweigh the cost to invest in cybersecurity initiatives, but manufacturers are willing to take the risk on the chance that they will not be affected.”
But that needs to shift, affirmed Grimes, who is also an accomplished research scientist and author, with 25 years of experience directing complex university and National Laboratory research programs, as well as entrepreneurial start-up initiatives.
“We need to change the mindset of manufacturers from cybersecurity being a cost center to a productivity center,” Grimes added. To this point, CyManII is developing systems that will provide manufacturers with ROI data by connecting energy savings to cybersecurity investments as a measurable benefit to risk mitigation. Grimes said the approach will use cybersecurity to save energy, thus enable manufacturers to lower costs and increase profits. “We are currently working with select manufacturers in pilot programs that will show the benefits and impact of the CyManII solution,” he added.
“As U.S. manufacturers increasingly deploy automation tools in their daily work, those technologies must be embedded with powerful cybersecurity protections,” Grimes said.
Cybersecurity solutions often work as a sort of spackle, he explained, applied vertically within systems to patch problems as they arise. Conversely, Grimes said, “CyManII’s secure defensive architectures are applied horizontally across entire processes and supply chain networks to eliminate holes and vulnerabilities.” This holistic approach is also carried over into the approach to cybersecurity training.
“Most training contains basic cyber hygiene and typically presents the learner with a general understanding of basic IT cybersecurity,” Grimes pointed out. “Unlike other programs, CyManII’s education curriculum is the only one that focuses on the operational technology in various industrial control systems and critical infrastructures and goes beyond just IT systems.”
This is an important point. According to a recent Deloitte survey, many manufacturers experience an increase in cyber-related incidents associated with control systems used to manage industrial operations. Ranging from programmable logic controllers and distributed control systems to embedded systems and industrial IoT devices, these systems collectively make up the OT that enables facilities to operate.
While 90 percent of manufacturers surveyed reported capabilities to detect cyber events, very few have extended monitoring into their OT environments. And fewer than half of manufacturers surveyed said they performed cybersecurity assessments within the past six months.
A focus for CyManII is to research, develop, and implement a national vision for manufacturing cybersecurity and energy efficient manufacturing and supply chains that secure and sustain American leadership in global manufacturing competitiveness.
“R&D innovation alone does not automatically translate into national impact,” Grimes cautioned. “To significantly impact industry R&D needs simultaneous alignment to the transformational challenges, such as decarbonization and cyber-physical unification, and agility to rapidly refine innovations to meet industry deployment needs,” he added.
Grimes said this is the time for a revolution in intelligent manufacturing to enable a dramatic increase in overall equipment energy efficiency that reduces cost and maximizes innovation. “The unique combination of our expertise in energy efficiency, cybersecurity, and advanced manufacturing empowers our team to take this approach in collaboration with our nationally recognized partner organizations,” he asserted.
In May 2022, CyManII released its first public roadmap, a detailed five-year plan for its activities, priorities, and initiatives. The research path described in the roadmap is “essential as U.S. manufacturers of all sizes drive toward processes that are data intensive, digitized, and utilize emergent applications of artificial intelligence and machine learning to drive productivity gains in the face of growing complexity.”
In a press statement, Principal Deputy Assistant Secretary for Energy Efficiency and Renewable Energy Kelly Speakes-Backman said, “CyManII is charting an aggressive course to a more secure and prosperous manufacturing industry. The initiatives detailed in this roadmap will ensure that our protective measures keep pace with advancements in automation, digitization, and a range of advanced manufacturing technologies, protecting our domestic manufacturing and our economy.”
Among the projects Grimes and his team have undertaken, there are several standouts and lessons learned. For example, CyManII worked to develop techniques to calculate the embodied energy of a process, as well as energy losses, during a cyberattack. The insights gathered will be used to quantify cyber ROI as a driver to increase security investments by SMMs, Grimes said, adding that a similar technique was used with a company with investments in upstream and downstream energy, water desalination, and power plants that a discovery that protecting boiler and heating activities was “by far the best security spend for business continuity.”
CyManII also collaborated on a project to demonstrate the ability to verify G-code integrity as an additional check before part production, in combination with the CyManII Attack-Defense Annex (CADA), to increase the defensive cyber posture of a subtractive CNC process in the lab. G-code is a programming language that tells the CNC machine how to move and what to do.
There are many efforts planned to improve the competitiveness of American manufacturing, according to Grimes.
“We have several initiatives in the works. We’re working with the DoE to release several RFPs focused on research projects to investigate energy efficient cyber solutions,” Grimes said. “Most exciting will be the opening of the Cyber for Manufacturing Hub in Port San Antonio (Texas) this April. The space will provide member organizations opportunities to partner with us by housing a variety of manufacturing technologies and offering hands-on skills development and training.”
CyManII will also be taking the show on the road, literally, with the rollout of the Mobile Training Vehicle (MTV) later this year. The immersive mobile demo unit will provide a host of experiential learning scenarios and be taken to SMM locations across the country.
Over the next few years, CyManII plans to develop a robust network of members to help implement solutions and strategies. It also is developing and deploying state-of-the-art cybersecurity training materials across the breadth of manufacturing. Dubbed CyManII Sealed training, the course is already in use through Cyber Range, CyManII’s proprietary training curriculum, as well as via industry developed curriculum such as Tooling U-SME.
With all these irons in the fire, Grimes said he believes CyManII is on the path toward establishing expectations for quality security that will be followed and highly respected by OEMs, SMMs, OTs, and integrators to help them achieve secure energy savings by overcoming common barriers. And in the process, he hopes to help re-establish the United States as a proactive global innovator for manufacturing, cybersecurity, and energy efficiency.
Connect With Us
