Interview: How to tackle cybersecurity risks in the 3D printing industry
In the digitized world of additive manufacturing, storing and transferring huge streams of sensitive data has become commonplace. The data includes individual SMEs transmitting technical intellectual property documents between departments, but it also includes entire distributed manufacturing networks, such as the transfer of aerospace parts files from one country to another.
I sat down with Nikhil Gupta, professor at New York University Tandon School of Engineering, and Jing Zhang, professor of engineering at Purdue University Indianapolis, to better understand the current state of 3D printing cybersecurity, the main risks and what we could do as an industry to secure our 3D printing data.
With the continued industrialization of 3D printing, 3D printers and manufacturing facilities are increasingly connected to the IoT. As convenient as it may be, it gives rise to the threat of cybersecurity breaches, and 3D printing technology is poised to exceed the skills of its own security infrastructure.
In fact, according to this Deloitte study, up to 40% of advanced manufacturing companies have experienced a cybersecurity incident in the past year, due to the implementation of advanced production technologies. Of those affected, 38% had suffered damage of more than $ 1 million.
Ralph Resnick, Founding Director of America does, also attributes the growing risk to increased connectivity in the workshop. And yet, a recent America Makes survey found that only 37.7% of additive manufacturing organizations have conducted a formal or informal cyber risk assessment.
“There is a crucial difference between sectors like finance and sectors like manufacturing when it comes to cybersecurity,” says Gupta, co-author Manufacturing and security challenges in 3D printing. “Banks can change stolen credit card numbers to prevent future losses. However, part designs often go unaltered for years or even decades. Therefore, specific solutions for the manufacturing industry must be developed.
Intellectual property theft and process sabotage
According to Zhang, there are two main cybersecurity risks in 3D printing: intellectual property theft and process sabotage. While these do not apply to the average decorative parts Joe printed in the workshop, businesses, research institutes, and government organizations dealing with any kind of sensitive 3D printing data should be wary.
The risk of intellectual property theft is generally not an issue when considering in-house design and prototyping, as security vulnerabilities really start to appear when outsourcing production to manufacturing facilities. larger volumes. In addition to 3D part files, companies should also make an effort to secure their process parameters, as many of them can take years to develop and refine for industrial parts.
Intellectual property can be stolen in several ways. Cloud-based file sharing systems can be hacked, mail servers can be hacked, and solid 3D printed parts can even be reverse engineered using 3D scanning technology. If the end goal is to counterfeit a product, it can result in significant loss of revenue for a business.
Zhang told 3D Printing Industry, “Using non-destructive testing techniques such as CT scanning, the internal microstructure of a printed part can also be revealed, which can be used to derive the processing parameters used.”
The main risk when it comes to process sabotage is malicious modification of part data, which can lead to increased in-service failure rates. Quality assurance and testing of individual parts can mitigate this risk, but these measures are both time consuming and expensive. This makes them impractical for high part volumes.
To demonstrate how catastrophic process sabotage can be, researchers from Ben Gurion University of the Negev, University of Southern Alabama, and Singapore University of Technology and Design have previously hacked into a 3D printer used to make drone components. The team made undetectable changes to the drone’s 3D printed propellers, which were visually unobtrusive enough to pass QA. However, after only two minutes of flight, the propeller broke, causing the drone to fall seemingly out of nowhere.
Zhang adds, “STL files and toolpaths can be modified by introducing internal functionality without affecting the external appearance. This can compromise the integrity and properties of the printed parts.
What measures do we currently have in place?
Many of the measures currently put in place by the 3D printing industry are not that different from more general cybersecurity techniques. Businesses use firewalls to prevent access to sensitive databases and encrypt their 3D files to reduce the risk of interception. However, a single cybersecurity technology cannot protect against all threats, and there are now a number of more 3D printing-centric technologies in development.
A patent recently issued to the NYU team at Gupta describes how safety functions can be programmed directly into the design of a CAD file itself. By dividing a model into at least two parts, the sections can be moved digitally to make them impossible to print without knowing the offset. The smart approach is just a way to prevent parts from being counterfeited, almost like a digital watermark rendering a stolen model useless.
Elsewhere, blockchain as a service (BaaS) company SIMBA chain has previously worked with the U.S. Air Force to help secure defense supply chains using smart contracts. By recording and tracking supply chain data on an immutable blockchain ledger, sensitive information such as coin files can be sent to transmit forces without unwanted surveillance. This ensures that on-demand equipment repairs cannot be hampered on the front line.
When it comes to tackling process sabotage, Dr. Jeremy Straub, professor of computer science at North Dakota State University, has already proposed an intelligent system vision-based parts monitoring system. The monitoring process would work in real time with a 3D printer, using an array of five cameras to compare the printed part to the expected shape of the reference STL file. As such, it would be able to detect visual cues that might suggest a faulty print, allowing users to undo faulty prints without requiring part testing.
The next steps for the 3D printing industry
All is not catastrophic, for there is a path to safety in all of this through improved education and greater investment. While the technological readiness of individual measures is largely there, it is our ability to apply our tools that is lacking.
Gupta says, “More investment is needed, but the critical need is to develop training programs where manufacturing and cybersecurity professionals interact and understand each other’s needs and limitations. “
NYU is currently working on one of these programs, where it will be teaching postgraduate courses in additive manufacturing safety. Supported by a grant from the National Science Foundation, the course will train mechanical engineering students in the principles of cybersecurity.
Zhang agrees with the sentiment on collaboration: “For companies, an interdisciplinary approach is necessary to fully understand and analyze risks. The team should be made up of experts in mechanical engineering, electrical engineering, computer science, industrial engineering and other disciplines. For the public, general education on potential risks and necessary training on mitigation are required.
With interdisciplinary teams, companies would be better equipped to carry out comprehensive risk analyzes. Heat maps are a common way of doing this, whereby possible investments in resources are evaluated for their potential impacts. As we have seen, there are several security approaches available, but applying all of them is often too costly, so carefully planned risk assessments can help with allocation of critical resources and decision making.
In the end, it comes down to two minds that are better than one. As the complexity of 3D printing technology itself increases, so does the complexity of cybersecurity risk, and the nascent nature of the problem makes it difficult to resolve. By tackling the problem collaboratively, we can help ensure that the additive manufacturing industry thrives safely.
Subscribe to 3D Printing Industry Bulletin for the latest additive manufacturing news. You can also stay connected by following us on Twitter, love us on Facebook, and granting 3D Printing Industry YouTube Channel.
Looking for a career in additive manufacturing? Visit 3D printing works for a selection of roles in the industry.
The image shown shows an Arburg Freeformer 3D printing installation. Photo via Arburg.