Paris Stringfellow shares insights into CyManII’s work to secure and sustain American manufacturing supply chains
The Cybersecurity Manufacturing Innovation Institute (CyManII) is an inclusive national research institute with major leading research universities in cybersecurity, smart and energy-efficient manufacturing, and deep expertise in research and development, supply chains, factory automation, and workforce development.
Led by The University of Texas at San Antonio, CyManII leverages the strongest Department of Energy (DOE) national laboratories in the area, with Oak Ridge National Laboratory leading the nation in advanced manufacturing, Idaho National Laboratory leading in cybersecurity of industrial control systems and physical infrastructure, and Sandia National Laboratory is a national leader in supply chain management.
Funded by the DOE, CyManII aggregates the most advanced research institutions in revolutionary manufacturing, securing automation and supply chains, workforce development, and cybersecurity. The research team leverages the expertise and infrastructure needed to ensure the digital transformation that will continue to propel the US in innovative research in manufacturing for decades.
“I never considered myself to be a cybersecurity person,” begins Paris Stringfellow, Director of Growth and Sustainability. “Then as I got into it, I realized that everyone comes from a different background, and now, I feel like I’ve found my people. My background is in industrial engineering, and I have a PhD in that discipline, which translates to extensive experience in the manufacturing sector.
“I ran a startup company straight from school that focused on human error in manufacturing. We centered on workplace safety and used data analytics to help manufacturers reduce workplace injuries. I did that for years until I sold the business when I had my first child, going on to branch out into nuclear engineering. I worked in main control room design for about five years, which really helped to cement my understanding of risk in industrial systems. It was from this sector that I ended up migrating back to the university world where I ran a risk engineering center, which connected me to my current role with CyManII.
“I supported what we call the capture team for the CyManII proposal and was one of a core group of individuals to help define and propose the institute. I’m an ex-researcher as well, and my role today really focuses on how we can sustain CyManII and how we can leverage the institute’s research to fundamentally shift how manufacturers think about and approach cybersecurity,” Paris explains.
“That involves translating research into technologies, products, and services that can find their way to the plant floor. So, what we call tech transfer. It’s all about keeping this research engine going and not letting it dissolve after the initial funding from our parent organization. I’m a geek, so if you put me in the room with our researchers, I’ll dive right in. I love the research element of my job, unpicking problem areas, and identifying the intersection between manufacturers’ understanding of their business needs and the possible solutions that can bridge that gap. I also enjoy working with our manufacturers to understand their perspectives and challenges.”
With a focus on the US, CyManII’s members include recognized leaders in smart manufacturing in connected environments and cybersecurity from academia, national laboratories, and industry. Collectively, they hold advanced capabilities in testing and evaluation of critical technologies and are the nation’s leaders in threat identification, cyber exploitation, and attack detection in manufacturing environments.
“Rethinking how manufacturers approach cybersecurity from the beginning is critical because we’ve been doing it wrong for quite some time. In effect, we’ve been “bolting on” cybersecurity, and after a while, that just creates a house of sticks that isn’t secure. We were funded by the US DOE in 2020 to conduct cutting-edge research into how to secure Industry 4.0 and IIoT. While we have a national footprint, the University of Texas San Antonio is our home. The DOE recognized a nucleus forming in South Texas and acknowledged that we had the right ingredients to move the institute forward,” she elaborates.
“The area has the right mix of manufacturing capacity, knowhow, and skilled and available workforce. Texas has one of the largest defense industrial base footprints in the country, as well as extensive general manufacturing operations, and San Antonio is no exception. Likewise, as a military city, its culture of safety and security is second nature. Then, of course, this area’s leadership in cybersecurity research is the final piece in the puzzle to effect transformative change.
“When we talk about smart manufacturing, it’s important to realize that everything is connected. Manufacturers are investing in sensors and various touchpoints to connect processes and enable production resilience, which in turn, necessitates enhanced capital investment in cybersecurity. For smaller enterprises, outsourcing cybersecurity is often the only viable option and consequently, many of the available solutions are discrete and localized. While this is okay for now, where we see things advancing is with embedded security. In effect, the next generation of cybersecurity solutions in the industrial space will be focused on secure, defensible architectures.”
To continue to operate the institute’s vital research work for the manufacturing sector, CyManII needs to be financially sustainable. In turn, this sustainability is intrinsically linked to wider connotations. “It’s important to remember that the DOE invested in the institute initially, and is, itself, in the business of helping manufacturers digitize in the pursuit of energy reduction and decarbonization. The organization realized that as we promote and support companies’ digitization efforts, we’re also seeing an increase in the vulnerability landscape. As such, collectively, we have a responsibility to not just support manufacturers in their digital transition, but also to support them in a secure transition. Therefore, cybersecurity is inherently connected to the sustainability journey of many manufacturers.
“Efficiency optimization measures, such as installing sensors, goes hand in hand with energy savings, for example. We’re also able to demonstrate how the avoidance of downtime due to cybersecurity breaches has a positive impact on ROI. This is critical for manufacturers, and we need to promote awareness of the benefits.
“We can’t get anywhere if people don’t understand risk. It’s our mission to demonstrate how one person’s vulnerability is everyone’s. In the supply chains of large Tier 1 suppliers, any security breach can have an impact throughout the chain. As we look at the future of supply chain risk management, we’ll also start to see provenance tracing and the ability to demonstrate not just the physical location of a product through its value chain but also its digital thread and the security thereof. Digital product assurance along the supply chain is going to be an increasing theme, especially in those high-risk, high-consequence manufacturing industries and within energy, utilities, and transportation,” she shares.
“We have partners in the industry, and we work with them to demonstrate innovations not just in the research lab, but on the plant floor too. That’s a unique part of our journey. Not many fundamental research organizations get to do that, but it takes our research from conception to demonstration in a very real way. The next step beyond research demonstration is to create a pipeline that allows that technology to be transferred into businesses. Recently in San Antonio, we’ve started a Secure Manufacturing Consortium and hope to become a recognized Tech Hub. The consortium is focused on creating the technology transfer pipeline to support small businesses in implementing cybersecurity technology into current service and product offerings.
“We also have a very strong workforce development outreach program, which is shaping up to become one of the leading manufacturing cybersecurity programs in the country. We’re hoping to scale this and roll it out not only within our region but also across the country. One of the most fundamental things employers can do is adopt good cyber hygiene and educate, train, and empower the workforce to have both awareness and control over their own cyber vulnerability. Cybersecurity is essential for business continuity now and in the future. If you’re not thinking about it, you’re not only behind the curve, but you’re also an easy target. We have a very strong relationship with the national Manufacturing Extension Partnership (MEP) which was introduced to enhance the competitiveness of American manufacturers by fostering technological innovation and workforce development. What we’ll likely be doing and as we shape this outreach is helping our small manufacturers to connect with us through our MEPs. I’m encouraged because in this region, in San Antonio, together with CyManII, we really have the ingredients to make this change and help secure one of our country’s critical infrastructures,” Paris concludes.