Using “Wargaming” to Evaluate Manufacturing Cyberthreats and Ensure Supply-Chain Cybersecurity
Authors: Bill Barkman, Rich Taylor, & Dennis Miller
Small to medium-sized manufacturing (SMM) companies are the backbone of the U.S. industrial base. However, they do not have the financial or technical resources needed to protect themselves from cyberthreats such as computer hacking, embedded malicious software, and “internet of things” sensors sending sensitive information to foreign counties. These cyberthreats can cause huge damage to the U.S. economy and national security. With relatively limited investment, cybercriminals can disrupt critical supply chains, damage key sectors, and delete or corrupt important information resources.
The Biden-Harris administration should address these threats through a government-industry partnership that uses “wargaming” analyses — i.e., virtual techniques to model and assess threats — to evaluate manufacturing cyberthreats and test strategies for ensuring supply-chain cybersecurity. As part of this partnership, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) should implement a pilot program to spread robust and scalable cybersecurity best practices throughout manufacturing-based supply chains. Coordinating the resources and expertise of other federal agencies — including the Nuclear Security Enterprise (NSE), the Department of Defense (DOD) Digital Manufacturing Institute (MxD), the National Institutes of Standards and Technology (NIST) Manufacturing Extension Partnership (MEP), and the DOD Cybersecurity Maturity Model Certification (CMMC) program — with the resources and expertise of external entities (e.g., academic institutions) will enable the administration to become more proactive in anticipating and neutralizing cyberthreats, thus enhancing the stability and security of U.S. manufacturing supply chains.
About the Authors
William (Bill) Barkman possesses extensive experience in the precision manufacturing operations required to produce nuclear weapons components. He serves as a program manager for precision-manufacturing activities and is frequently involved in technical consultations with the National Nuclear Security Administration (NNSA) weapons-design laboratories. Bill has been responsible for the development of machining and inspection systems capable of automated operations in rigorous manufacturing environments. He has experience with “non-conventional” metal removal processes such as diamond turning and ceramic grinding, as well as extensive experience in the development and execution of collaborative partnership activities (e.g., NNSA Thrust Areas for Agile Machining and Inspection, Digital Radiography, and Noncontact Inspection; manufacturing and cybersecurity research projects with academia; the public/private Cost Effective Machining of Ceramics program; and the Supply Chain Cybersecurity Initiative). Bill holds seven manufacturing-related patents and has authored over 45 technical publications, including a book titled In-process Quality Control for Manufacturing (Marcel Dekker, Inc., 1989). He produced a short course on manufacturing variability.
Rich Taylor is an R&D Manager for the Weapons Research Services, Secure Networks and Assurance group (WRS-SNA) at Los Alamos National Laboratory (LANL), as well as Director for the LANL Nuclear Weapons Cyber Assurance Laboratory (NWCAL). The WRS-SNA group combines related disciplines in IT operations, network security, and software engineering with a goal of encouraging a security-focused development operations culture to support programs across the LANL weapons-production organization. The NWCAL is a new, pioneering initiative at LANL responding to threats to the laboratory’s national-security mission and weapons programs. NWCAL mitigates mission risk by providing cyber-physical and technical software assurance. Leveraging this capability in supply-chain risk assessments helps bolster understanding of both cyber and physical risks to our nation’s critical supply chains. Rich has been involved in cybersecurity since 2001. Much of his earlier work focused on vulnerabilities of specialized information systems such as banking networks, VoIP systems, and other proprietary systems. His later work focused on supply-chain vulnerabilities with an emphasis on small- to medium-sized manufacturers. Rich currently focuses on cybersecurity vulnerabilities in nuclear weapons production, including the supply chain, cyber-physical systems on manufacturing floors, and critical data associated with weapons production. Rich also serves as the Operational Technology co-chair of the Nuclear Enterprise Assurance Digital Systems Assurance Working Group (NDSAWG).
Dennis Miller is senior technical advisor for manufacturing and manufacturing-related activities (e.g., technology development, cybersecurity, and engineering services) conducted by the Y-12 National Security Complex in Oak Ridge, TN. In this role, Dennis leads national security-significant programs for government and industry. He leverages both the Pantex nuclear weapons assembly plant in Amarillo, TX and Y-12’s core capabilities to address customers’ needs, proposing solutions for difficult technical national-security challenges. Miller leads key initiatives to ensure the cybersecurity of the manufacturing industrial base: the supply chain of small- to medium-sized manufacturers critical to the nation’s economy and national defense.