Defending against product-oriented cyber-physical attacks on machining systems

Mohammed S. Shafae, Lee J. Wells, Gregory T. Purdy

Research output: Contribution to journalArticlepeer-review

7 Scopus citations


Industry 4.0 and its related technologies (e.g., embedded sensing, internet-of-things, and cyber-physical systems) are promising a paradigm shift in manufacturing automation. However, with a continual increase in device interconnectivity, securing these systems becomes crucial. As these systems evolve, opportunities for cyberattacks extend to include attacks that can physically alter parts (Product-Oriented C2P attacks). Fortunately, since these cyber-physical attacks affect the physical world, there exists potential to detect an attack through its physical manifestation. Typically, in manufacturing, quality control (QC) systems are used to detect quality losses or deviations from nominal. This paper proposes that QC tools can be adapted to act as physical detection layers as part of a defense-in-depth strategy (common IT security strategy) that increases the difficulty/cost required for a successful attack. However, effectively designing physical detection layers requires understanding the extent to which attacks can (and cannot) be designed to avoid detection. In response, this paper proposes a machining specific attack design scheme and an attack design designation system (ADDS) that provides the structure to populate a wide variety of potential attacks. To illustrate the importance of applying a defense-in-depth strategy for machining, a case study is conducted with several realistic attacks against an example machining process that collects in-situ process data. Within this case study, the proposed ADDS is employed to systematically describe how these attacks could be designed to avoid detection. Finally, through this exploration, this paper shows how employing process-domain knowledge to understand the effects of Product-Oriented attacks on process physics can further aid in detection layer designs.

Original languageEnglish (US)
Pages (from-to)3829-3850
Number of pages22
JournalInternational Journal of Advanced Manufacturing Technology
Issue number9
StatePublished - Dec 1 2019


  • Cyber-physical manufacturing systems
  • Cyberattacks
  • Machining
  • Process monitoring
  • Quality control

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Software
  • Mechanical Engineering
  • Computer Science Applications
  • Industrial and Manufacturing Engineering


Dive into the research topics of 'Defending against product-oriented cyber-physical attacks on machining systems'. Together they form a unique fingerprint.

Cite this