Cyber-Physical Security Vulnerabilities Identification and Classification in Smart Manufacturing -- A Defense-in-Depth Driven Framework and Taxonomy

TL;DR

This paper introduces a comprehensive framework and taxonomy for identifying and classifying cyber-physical vulnerabilities in smart manufacturing, emphasizing a defense-in-depth approach that integrates physical, cyber, and human elements.

Contribution

It presents a novel manufacturing-specific vulnerability characterization and a structured taxonomy, addressing gaps in existing cybersecurity approaches for manufacturing environments.

Findings

Developed a cyber-physical defense-in-depth model for manufacturing.

Systematic identification and classification of vulnerabilities across multiple manufacturing domains.

Validated the framework through an illustrative smart manufacturing system.

Abstract

The increasing cybersecurity threats to critical manufacturing infrastructure necessitate proactive strategies for vulnerability identification, classification, and assessment. Traditional approaches, which define vulnerabilities as weaknesses in computational logic or information systems, often overlook the physical and cyber-physical dimensions critical to manufacturing systems, comprising intertwined cyber, physical, and human elements. As a result, existing solutions fall short in addressing the complex, domain-specific vulnerabilities of manufacturing environments. To bridge this gap, this work redefines vulnerabilities in the manufacturing context by introducing a novel characterization based on the duality between vulnerabilities and defenses. Vulnerabilities are conceptualized as exploitable gaps within various defense layers, enabling a structured investigation of manufacturing systems. This paper presents a manufacturing-specific cyber-physical defense-in-depth model, highlighting how security-aware personnel, post-production inspection systems, and process monitoring approaches can complement traditional cyber defenses to enhance system resilience. Leveraging this model, we systematically identify and classify vulnerabilities across the manufacturing cyberspace, human element, post-production inspection systems, production process monitoring, and organizational policies and procedures. This comprehensive classification introduces the first taxonomy of cyber-physical vulnerabilities in smart manufacturing systems, providing practitioners with a structured framework for addressing vulnerabilities at both the system and process levels. Finally, the effectiveness of the proposed model and framework is demonstrated through an illustrative smart manufacturing system and its corresponding threat model.