Within the digitized world of additive manufacturing, the storage and transfer of huge streams of sensitive data have become commonplace. Data includes individual SMEs passing technical IP documents between departments, but it also includes entire distributed manufacturing networks, for example transferring aerospace part files from one country to another.
I sat down with Nikhil Gupta, a professor at纽约大学’s Tandon School of Engineering, and Jing Zhang, a professor of engineering atPurdue University Indianapolis, to better understand the current state of 3D printing cybersecurity, the main risks, and what we could be doing as an industry to secure our 3D printing data.
With the ongoing industrialization of 3D printing, both 3D printers and manufacturing facilities are becoming increasingly IoT-connected. As convenient as this is, it gives rise to the threat of cybersecurity breaches, and 3D printing technology is well on its way to outpacing the competency of its own security infrastructure.
In fact,according to this Deloitte study, up to 40% of advanced manufacturing firms had suffered a cybersecurity incident in the past year, owing to the implementation of cutting-edge production technologies. Of those affected, 38% had suffered damages in excess of $1 million.
Ralph Resnick, Founding Director ofAmerica Makes, also attributes the growing risk toincreasing connectivity on the shop floor。尽管如此,最近的一项美国调查显示,只有37.7%的增材制造组织进行了正式或非正式的网络风险评估。
Gupta说:“金融和制造业等行业等行业之间存在关键区别。”Manufacturing and Security Challenges in 3D Printing。“Banks can change the stolen credit card numbers to stop future losses. However, part designs often aren’t changed for years, even decades. Hence, solutions specific to the manufacturing industry need to be developed.”
IP theft and process sabotage
According to Zhang, there are two main cybersecurity risks in 3D printing: IP theft and process sabotage. While these won’t apply to the average joe printing decorative pieces in the workshop, companies, research institutions, and state organizations handling any kind of sensitive 3D printing data should be wary.
The risk of IP theft is typically not an issue when considering in-house design and prototyping, as security vulnerabilities really begin to appear when outsourcing production to higher-volume manufacturing facilities. As well as 3D part files, companies should work to secure their process parameters too, seeing as many of these can take years to develop and fine-tune for industrial parts.
IP can be stolen in any number of ways. Cloud-based file-sharing systems may be hacked, email servers can be breached, and solid 3D printed parts may even be reverse-engineered using 3D scanning technology. If the end goal is to counterfeit a product, this may lead to major revenue losses for a company.
Zhang told 3D Printing Industry, “By using non-destructive testing techniques such as CT scanning, the internal microstructure of a printed part can also be revealed, which can be used to derive the used processing parameters.”
When it comes to process sabotage, the main risk is the malicious modification of part data, which can lead to increased in-service failure rates. Quality assurance and individual part testing can alleviate this risk, but these measures are both time and cost-intensive. This makes them unfeasible for high part volumes.
To demonstrate just how catastrophic process sabotage can be, researchers fromBen-Gurion University of the Negev,南阿拉巴马大学, andSingapore University of Technology and Designhave previouslyhacked into a 3D printer used to fabricate drone components。The team made undetectable modifications to the 3D printed propellers of the drone, which were visually discrete enough to make it past quality assurance. However, after just two minutes of flight time the propeller snapped, downing the drone seemingly out of nowhere.
Zhang adds, “The STL and toolpath files can be modified by introducing internal features without affecting the exterior appearance. This can compromise the integrity and properties of the printed parts.”
What measures do we currently have in place?
Many of the measures the 3D printing industry currently has in place are not all that different from more general cybersecurity techniques. Organizations employ firewalls to prevent access to sensitive databases and encrypt their 3D files to alleviate the risk of interception. One cybersecurity technology cannot protect against every threat, however, and there are now a number of more 3D printing-centric technologies being developed.
A patent recently issued to Gupta’s NYU teamdescribes how security features can be programmed right into the design of a CAD file itself. By splitting a model up into at least two parts, the sections can be digitally displaced to make them impossible to print without knowing the offset. The clever approach is just one way of preventing part counterfeiting, almost like a digital watermark that renders a stolen model useless.
Elsewhere, blockchain as a service (BaaS) companySIMBA Chainhas previously collaborated with the US Air Force to help secure defense supply chains using smart contracts. By registering and tracking supply chain data on an immutable blockchain ledger, sensitive information such as part files can be sent to forward forces free from unwanted surveillance. This ensures on-demand equipment repairs cannot be interfered with on the front lines.
When it comes to combating process sabotage, Dr. Jeremy Straub, a computer science professor atNorth Dakota State University,以前提出了一个聪明的人基于视觉的零件监控系统。The monitoring process would work in real-time alongside a 3D printer, using an array of five cameras to compare the printed part to the expected shape of the reference STL file. As such, it would be able to detect visual cues that could suggest a defective print, enabling users to abort faulty prints without requiring any part testing.
The next steps for the 3D printing industry
It’s not all doom and gloom, as there is a route to security in all of this by way of improved education and greater investments. While the technology readiness of the individual measures is largely there, it is our ability to apply our tools that is lacking.
Gupta says, “More investment is required, but the critical need is to develop training programs where manufacturing and cybersecurity professionals interact with each other and understand each other’s needs and limitations.”
NYU is currently working on one such program, whereby it will provide graduate-level courses on additive manufacturing security. Backed by a grant from the国家科学基金会课程将培养机械工程斯图dents in the principles of cybersecurity.
Zhang agrees with the sentiment on collaboration: “For companies, an interdisciplinary approach is required to fully understand and analyze the risks. The team should be composed of experts from mechanical engineering, electrical engineering, computer science, industrial engineering, and other disciplines. For the public, general education of the potential risks and receiving necessary training on mitigation are required.”
With interdisciplinary teams, companies would be better equipped to conduct comprehensive risk analyses. Heat maps are a common way of doing this, whereby possible resource investments are assessed for their potential impacts. As we’ve seen, there are several security approaches available but applying them all is often too costly, so carefully planned risk assessments can help with crucial resource allocation and decision making.
最终,这取决于两个思想比一个人要好。随着3D打印技术的复杂性本身增加,网络安全风险的复杂性以及问题的萌芽性也使其难以解决。通过以协作的方式解决该问题,我们可以帮助确保添加剂制造业安全地安全地增长。
Subscribe to the3D Printing Industry newsletterfor the latest news in additive manufacturing. You can also stay connected by following us onTwitter, liking us onFacebook, and tuning into the3D Printing Industry YouTube Channel。
Looking for a career in additive manufacturing? Visit3D Printing Jobsfor a selection of roles in the industry.
特色图片显示Arburg Freeformer 3D打印设施。通过Arburg的照片。
