Narcisa Pinzariu tells James Crossling about job interviews, inspiring female engineers, and why cyber security must keep pace with digital transformation.

Article feature in the latest issue of the AMRC Journal.

As recently as ten years ago, shop floor security meant setting the alarm on your way out and locking the door behind you. If you kept prying eyes away from your factory - your products, processes and intellectual property were safe.

Not today.

The manufacturing sector’s digital transformation has been underpinned by the convergence of operational technology (OT) and information technology (IT) allowing them to integrate, communicate and interoperate. Efficiency, productivity and safety standards have all been raised, but so have the cyber stakes. Shop floor security has taken on a completely new meaning.

“The advent of Industry 4.0 has led to a prodigious increase of digital systems and hardware in global manufacturing; but the potential for harm, either malicious or accidental, is equally on the rise,” said Narcisa Pinzariu, technical lead for computer vision at the University of Sheffield Advanced Manufacturing Research Centre (AMRC).

“It’s not just a bug in the system that slows down your emails, cyber issues can compromise operations and jeopardise safety.”

In March 2022, automotive superpower Toyota suspended operations on 28 production lines across 14 plants for at least a day after a cyber-attack in its supply chain, halting the production of 13,000 vehicles.

In the UK alone, the cost of cybercrime is estimated at £27bn a year; £9.2bn of that relates to intellectual property theft. As the digital transformation of the shop floor gathers pace, so the vulnerabilities inevitably multiply - manufacturers face the twin peril of either being left behind if they do not embrace Industry 4.0 or opening themselves up to cyber-attacks if they cannot do it safely.

It was with this risk in mind that Narcisa led the creation of the Cyber Security Risk Assessment for Advanced Manufacturing report for the High Value Manufacturing (HVM) Catapult, the first step-by-step guide of its kind that allows manufacturers - of any size - to complete a cyber security risk assessment of their operations.

“It is a starting point for manufacturers,” said Narcisa.

“In sectors like aerospace and rail, there are strict guidelines in place when it comes to cyber security. That is not there for the wider manufacturing industry, so we decided to create them ourselves by building our own framework using current standards, practical guides and technical documentation.”

The risk assessment has been written as a checklist, designed so any engineer can assess their own operations, identify threats and vulnerabilities, and put a plan in place for additional security controls.

Narcisa said: “We can’t provide a custom solution for every organisation; but this framework is that first step to understanding the cyber security risks and vulnerable points in any environment, whether it is a global corporation with thousands of employees, or a two-man operation.”

With support from colleagues at other HVM Catapult centres, the cyber security report was written by engineers based at the AMRC’s flagship Factory 2050 facility where, since 2017, the team there has built a formidable reputation in helping manufacturers incorporate digital technologies onto their shop floors and unlock the potential of Industry 4.0.

The paper has been the launch pad for greater emphasis on the topic at Factory 2050 with a new cyber security cell being established, driven forward by two full-time members of staff now dedicated solely to cyber security. Narcisa says the benefits of digitalisation are well known, but the impact that has on the threat landscape is less apparent.

She said: “We are really used to telling manufacturers about the advantages of connectivity such as increased productivity, faster remediation of quality defects, better collaboration; but we also know that potential vulnerabilities multiply.

“We have a duty to help manufacturers understand the risks when you go through a digital transformation but do not have the right procedures in place, whether that is unauthorised access, intellectual property theft or operational disruption.”

A combination of cyber security threats will be demonstrated in the cyber security cell at Factory 2050.

“We want to show our partners the importance of cyber security and at the same time debunk some of the misconceptions. The most common one is ‘We are a small company, why would anyone want to attack us?’, but you cannot think like that - with the move towards smart factories and digital manufacturing, every aspect of production has become a valuable secret that could be stolen,” said Narcisa.

“Often, it is not until we speak to manufacturers that they realise the need for cyber security; before that conversation they had not even considered it applied to them.”

Writing a cyber security risk assessment was perhaps not what Narcisa had in mind when she moved to the UK from Galati in Romania in 2012 to study chemical engineering at the University of Sheffield. After graduating with a master’s degree in 2017, she started as a project engineer at Factory 2050, her first full-time job.

“At the interview, they told me I would be working specifically on turbine blades. With no knowledge at all in this field I thought they meant wind turbines– I even told my mum all about how I would be working on these huge wind turbine blades.

“Then, on my first day, I was shown one of the jet engine blades I would be working on, and I remember thinking ‘this is so small’.”

Now familiarised with every dimension of turbine blade through a series of projects with a leading aero-engine manufacturer, Narcisa exemplifies how talented engineers rise fast at the University of Sheffield AMRC, now leading the computer vision team alongside studying for a PhD in anomaly detection using X-ray diffraction.

“There are five people in my team who focus on research involving visual components with the use of artificial intelligence (AI), mainly for the aerospace industry. One project is looking at the automation of visual inspection of aerospace components and defect detection using machine learning. Another is looking at automating the measuring process of an aerospace component using 3D scanning.”

In a manufacturing sector dominated by men, Narcisa is also one of the AMRC’s trailblazing female engineers, dedicating a significant amount of her time to STEM and outreach activities to encourage young women into the industry. 

She said: “My biggest inspiration is Elisa Leonida Zamfirescu. She was the first Romanian woman to graduate with a degree in engineering and one of the first female engineers in the world. Elisa was born in Galati as well and overcame so much adversity. She paved the way for myself and other women to pursue their dreams and I have taken that motivation into my career, knowing that the only way to achieve what I want is through hard work and dedication.”

That passion is now being applied to helping to build the AMRC’s cyber security capabilities.

“Manufacturers are digitising, some faster than others, and their cyber security needs to keep pace,” said Narcisa. “There are occasions when manufacturers plug in a new piece of equipment, connect it to their operating systems and expect it to be secure. That is a very dangerous mindset and opens you up to all kinds of risks.

“You could buy a new industrial robot, for example, be told that it is protected with a password and conclude that if you keep that password secure, the robot is secure. But what if the robotics company you bought it from has given all its robots exactly the same password? It is so dangerous: anyone could access your robot, compromise your operations and potentially steal your data.

“Manufacturers need to be aware of threats like this and that is why the Cyber Security Risk Assessment for Advanced Manufacturing is so valuable.”

From artificial intelligence with aerospace giants to helping HVM Catapult accelerate cyber security. Elisa Leonida Zamfirescu would be proud.