LG2 Reflective Statement – Professional Networking

As with previous work, this report required reaching out and networking with industry experts. However I found for this work when discussing new topics with professionals working in that industry, it required plenty of background research and understanding the basics beforehand. After weeks of reading up on cybersecurity fundamentals and information systems, I started to contact a selection of relevant individuals. I had less success than my networking attempts during LG1, with many individuals not having the time to speak with me. I was able to bounce ideas and discussion points off a colleague at work, Mark Muller who is a contracted web-developer and graphic designer. Whilst not directly in the field of cyber-security, Mark is well educated in the filed due to his work building websites, applications and databases for a variety of clients. Mark has also invested in several crypto-currencies and was an advocate for the use of blockchain networks in manufacturing when I discussed the prospect with him.

I also had a useful correspondence with Tim Rose, VP of business development at Identify3D. He was happy to answer my questions, comment on drafts of my report and sent a selection of articles and research topics to consider, even including a pre-release copy of a report his company had written in collaboration with the National Centre for Manufacturing Sciences in USA, which happened to focus on the exact same topic as my own report. Tim was kind enough to send several emails over many weeks and was a vital contact during this module.

LG2 Reflective Statement – Practical Case Study

This module involved researching, planning and carrying out a practical experiment testing the strength of modified 3D printed components. Whilst in practice, designing, slicing and printing files was not new to me, understanding the core code  beneath the surface of this process was new ground. I felt the experiment, whilst small in scale considering resources available was valid and a success, however was not without some errors on my part. Creating more samples and using approved part geometry would’ve enhanced the credibility of the experiment. I also feel if the experiment was conducted in isolation and not as part of a broader research topic, more of my final report could’ve been spent discussing the results and the repercussions of this topic.

LG2 Reflective Statement – Literature Review and Research Methods

Following advice from my sister, who recently completed an Msc course, I changed my approach during the early stage of this module, to ensure my research was kept focused and the time was better spent finding relevant sources and quotes.

I created a hard copy research folder, with the learning goal objectives and learning outcomes printed as the front cover. This encouraged me to refer back to these objectives far more frequently, keeping my report’s progress on track. Every article, paper or draft of my report validity and usefulness could quickly be evaluate it’s against the aims of my report.

Another change made to my research techniques, was to highlight useful quotes and significant pieces of information whilst first reading the document. Whilst a fairly minor change to my working habits, it made collating the information far quicker when writing early drafts of the report. With a selection of checked, highlighted and sorted quotes and facts to hand, writing the report was a far quicker process and I was confident that every source was of benefit.

LG2 Reflective Statement – Summary

Unlike my research for the the LG1 module, the content of this goal was completely new territory to me. Cybersecurity, information systems and network structures were just some of the topics which I explored during the research for this report. The practical case study of 3D printing components for tensile testing involved looking deeper into the workings of the printing G-Code then I had covered in previous work.

What is Blockchain and Why is it Useful?

As the term ‘Blockchain’ appeared more and more frequently during my initial research, it seemed to be the logical next topic to explore, especially;

What is Blockchain?

 

To quote ‘s article on computerworld.com..

First and foremost, Blockchain is a public electronic ledger that can be openly shared among disparate users and that creates an unchangeable record of their transactions, each one time-stamped and linked to the previous one. Each digital record or transaction in the thread is called a block (hence the name), and it allows either an open or controlled set of users to participate in the electronic ledger. Each block is linked to a specific participant.

Why would it be useful?

Blockchain can only be updated by consensus between participants in the system, and when new data is entered, it can never be erased. The blockchain contains a true and verifiable record of each and every transaction ever made in the system.

This TED seminar entitled: How the blockchain will radically transform the economy, by Political Scientist, Entrepreneur and Activist, Bettina Warburg, served as a great introduction to the subject and the role it could in our modern lives.

Miss Warburg’s talk, explains why we stand to benefit from using Blockchain technology, however this and many other videos on the subject all focus on the financial / economic effects. This is evident in brief online searching, with the rise in popularity and media coverage of blockchain backed ‘cryptocurrencies’ such as Bitcoin, more viewers as switched onto and convinced of the potential financial gains to be made.

Jessi Baker’s startup company Provenance however seem to be exploring the benefits this technology could make to supply chains and product lifecycle applications.

As a platform, Blockchain can help aid data transparency along a supply chain, a trait which Miss Baker believes could be used to enhance retail experience, certifying a brand’s identify and core beliefs and give more power to consumers.

From my initial reading, I feel this technology and framework could be tailored to enhance the security in the digital manufacturing chain, when combined with the file integrity techniques currently championed by software companies like Identify3D.

Manufacturing organisations currently have plenty of options for securing and distributing their content to chosen vendors, but NDA’s and the threat of legal ramification are still relied on to ensure this data is not misused or shared without permission.

If a system existed, where encrypted digital manufacturing assets were distributed across a network, with access limited to select users and crucially the system would prevent unauthorised file use or modification, this could revolutionise the industry and simply thousands of workflows around the world.

Purpose of Information Security

Purpose of IS

The reason to implement information security procedures can be crudely broken down into six major topics, three for the data itself and another three for the users accessing the data.

  • Confidentiality – Preventing data being accessed or copied without approval.
  • Integrity – If data is manipulated, corrupted or overridden without permission.
  • Availability – Ensuring data cannot be erased or become inaccessible without permission.
  • Authentication – Confirming a user is who they claim to be.
  • Authorization – Confirming the user has permission to access the data.
  • Nonrepudiation – Preventing a user denying the performed their actions later on.

            (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf)

Information Security – Basics

Resource: Fundamentals of Information Security Systems: David Kim and Michael Solomom

What is Information Security? 

A collection of activities to protect IT systems and the data it.

 

Definitions:

  • Internet: Over 2 billion users worldwide, connected via the world wide web.
  • Cybersecurity: Role of a government to ensure national security.
  • Data / Information Security: Role of an organisation or individual to protect their data / assets.

 

Risks, Threats and Vulnerabilities:

  • Risk: Likelihood of something bad occurring & affecting a system or asset (Examples: Loosing data, Non-Compliance with laws, Loosing business).
  • Threat: Any action which could damage an asset, both synthetic and natural (Ie malicious exploits, flood damage, etc) Organisations should have a business continuity plan (BCP) and disaster recovery plan (DRP) in place in the event of a threat taking hold.
  • Vulnerabilities: A weakness in a system, allowing a threat to be realised. Often vulnerabilities result in legal action, hence software developers covering themselves with end-user agreements (EULA’s).

 

What is being protected?

  • Privacy Data of Individuals, (i.e. DoB, Address, Banking Details, Social Security, Utilities)
  • Corporate Intellectual Property (Trade secrets, product development, copyright/patents, reputation)
  • Online Transactions
  • Government (Security, Trade, Military Strategy)

 

What forms a ‘Network’?

  • Cabling
  • Physical Networks
  • Operating Systems
  • Specific Applications
  • Users / Staff

Cybersecurity in Digital Manufacturing – Initial Research

My second module explores the impact of cybersecurity in digital manufacturing chains. Finance, IT, Utilities and Defence sectors have all placed high priority and resources into protecting their digital assets for some time now, but it seems that only recently the manufacturing sector are taking appropriate action.

So where to start? Initially my research will explore cybersecurity in general, why it’s important, how it is implemented and the consequences of poor execution.

Next I intend to look into digital security concerns which are specific to the manufacturing sector, from protecting and tracing IP, motivations to ‘attack’ a manufacturing system and how these organisations should better protect themselves.

This will address current methodologies used as well as future innovations and software changes. I aim to speak with industry experts first hand to understand how seriously the industry and taking the threat of cyber-based attacks.

Following from this, I will look more specifically to additive manufacturing processes, the file formats and techniques currently used and to identify any weaknesses or possible ‘attack vectors’ in the AM workflow. All being well, I will carry out some first hand tests to investigate how a simple desktop 3D print system could be exploited.