The first stage of works to demolish the Redcar Blast Furnace on August 02, 2021 in Redcar, England. The Department of Energy is funding five projects to boost the security of the manufacturing supply chain that underpins the energy sector, including one that would detect or prevent manipulation of sensors and controllers for blast furnaces and other operational technology. (Photo by Ian Forsyth/Getty Images)

The Department of Energy is giving out a million dollars to research organizations to work on different ways to enhance the cybersecurity infrastructure and efficiency of advanced manufacturing supply chains.

The money will go towards five research projects headed up by four universities – Texas Tech University, Indiana University, Perdue University and the University of California Irvine – as well as two companies, GE Research and Omnigence. The Department of Energy and the Cybersecurity Manufacturing Innovation Institute identified five technical areas of the manufacturing supply chain that could be revamped with newer, more efficient and secure processes or technologies.

GE Research will focus on designing, implementing and demonstrating new, secure automation components for manufacturing systems. Indiana University will develop an energy management framework for industrial IoT devices that includes cybersecurity data. Purdue University will work to construct a secure, scalable, data-hub for manufacturing data. Texas Tech University will craft a framework to assess baseline cybersecurity requirements for automated manufacturing in the chemical conversion process and the University of California Irvine and Omnigence will evaluate the security processes around semiconductor chips, where global shortages have slowed down the production of new computers, automobiles and countless other products that require computer processing.

“The selected projects will work to not only increase the efficiency of the advanced manufacturing technologies that make our clean energy future possible, but will also directly address existing challenges that make them expensive and difficult to secure,” the department noted in its announcement.

A spokesperson for the Department of Energy told SC Media that the $1 million is not split evenly, with each project receiving between $130,000 and $250,000 in federal funds on top of cost sharing from the individual recipients that bump up the total funding anywhere from $156,000 to $416,000 per project.

“The projects will result in frameworks, specifications, models or approaches applied to real-world manufacturing scenarios,” the spokesperson said in an email. “In addition to these working outputs, a final report will be completed. CyManII is separately conducting a roadmapping effort with input from industry and other relevant stakeholders to further define future areas of research need and opportunity.”

Doctor Anath Grama, a professor of computer science at Purdue University and a member of the leadership board at The Center for Education and Research in Information Assurance, is a principal investigator for the university’s data hub project. He told SC Media their work is focused on two major goals: securing automation and securing supply chains within the manufacturing sector. Most manufacturing facilities are stuffed with operational technology and “complex, computer-controlled machines” that are vulnerable to cyber attacks. For instance, if an attacker can compromise or just disrupt a sensor or controller used to measure heat in a blast furnace, “really bad things could happen.”

But these devices also pump out a lot of data or telemetry that, if captured and categorized, could build a data infrastructure that can help IT defenders check software code or communication interfaces, trace the provenance of processes or technology to identify points of failure or compromise or optimize settings for security, performance, energy efficiency and other goals.  

The center already has basic prototypes, which Grama described as an “extensive data ingestion infrastructure, data storage infrastructure and a relatively simple front end that will let you do analytics,” in place, and they expect to have a more robust prototype of the data hub finished in approximately ten months.

“Once you collect all this data, you have the potential for solving all of these problems,” said Grama. “The effort itself scales all the way from small individual sensors and controllers all the way to global supply chains.”

Jie Chen, a professor of mechanical and energy engineering at Indiana University–Purdue University Indianapolis and director of the DOE Industrial Assessment Center, told SC Media their project will last about six months, and is designed to “develop an IOT-based energy management system with cybersecurity protection.”

“We want to save energy and be more energy efficient. On the other hand, when we do this kind of things then we need to have a system which uses advanced technology, like industrial [IOT] technology. And when you implement that, there is going to be cloud computing, internet, data communications and those kinds of things that need to be cyber secured,” he explained.

The work continues the federal government’s efforts to revisit global supply chain processes that were historically built for speedy product and timely delivery of products rather than security. The manufacturing sector in particular is routinely listed by threat intelligence firms as the industry most vulnerable to ransomware and a series of high-profile ransomware attacks on critical infrastructure entities like oil and gas firm Colonial Pipeline, food supplier JBS and others have laid bare just how easily a well-timed hack can disrupt the movement or availability of essential goods and services.