A cyber-physical attack taxonomy for production systems: a quality control perspective

With recent advancements in computer and network technologies, cyber-physical systems have become more susceptible to cyber-attacks, with production systems being no exception. Unlike traditional information technology systems, cyber-physical systems are not limited to attacks aimed solely at intellectual property theft, but include attacks that maliciously affect the physical world. In manufacturing, cyber-physical attacks can destroy equipment, force dimensional product changes, or alter a product’s mechanical characteristics. The manufacturing industry often relies on modern quality control (QC) systems to protect against quality losses, such as those that can occur from an attack. However, cyber-physical attacks can still be designed to avoid detection by traditional QC methods, which suggests a strong need for new and more robust QC tools. As a first step toward the development of new QC tools, an attack taxonomy to better understand the relationships between QC systems, manufacturing systems, and cyber-physical attacks is proposed in this paper. The proposed taxonomy is developed from a quality control perspective and accounts for the attacker’s view point through considering four attack design consideration layers, each of which is required to successfully implement an attack. In addition, a detailed example of the proposed taxonomy layers being applied to a realistic production system is included in this paper.