3D Printing: A Cybersecurity Concern
Additive manufacturing, more commonly known as 3D printing, is a process of making three-dimensional solid objects from a digital model. Additive manufacturing is already used in a number of critical fields, such as medicine, aerospace, civil engineering, and industrial manufacturing.
3D printers are often internet-connected, and increasingly open-sourced. As a result, they face a host of security issues which range from digital to physical. Most of these issues fall broadly into either confidentiality and privacy concerns or device and product integrity concerns.
Confidentiality and privacy concerns are the most direct consequence of a data breach involving a 3D printer. This could compromise confidential data such as schematics and software code for products. For example, an individualized medical device may contain personally identifiable information and a data breach may trigger security and privacy laws – think HIPAA, various data breach notification requirements, or even Federal Trade Commission actions. It is not difficult to appreciate how security of 3D printing has tremendous value in industrial additive manufacturing sectors such as aerospace, automotive, and defense.
To that end, the U.S. Department of Defense recently provided seed funding for the Digital Manufacturing Design and Innovation Institute (DMDII) to launch a “Cyber Hub for Manufacturing” intended to tackle the issue of cyber-espionage attacks against the manufacturing sector. While this effort is specifically geared toward compliance with DOD protocols, the cybersecurity practices have much broader applicability and constitute just one example of efforts to develop cybersecurity infrastructure around this emerging technology.
The product integrity issues, however, may be an even bigger concern than privacy issues. Creation of defects in products built by 3D printers as a result of a hack can have real-world effects in ways many other cyberattacks cannot. For example, if the digital file that includes the code from which the printer generates the physical object is corrupted, the ultimate physical product may fail. This failure could lead to injuries, property damage, litigation, or product recalls. Even worse, the defect in the product may not be immediately identifiable. It is essential that 3D printers and all connected devices have protections to secure both digital designs and code as well as the integrity of the physical product.
The challenges to cybersecurity protection of both the digital and physical sides of the growing additive manufacturing industry should be on the mind of those designing and making 3D printed materials; those incorporating 3D printed materials into their own products for sale or use; and insurers. Traditional product liability law could potentially even lead a court to find that a manufacturer or seller of a 3D printed product is strictly liable, even if it did not know or have reason to suspect a manufacturing defect.
These product integrity issues are certainly on the mind of cybersecurity professionals looking at these concerns. For example, researchers are hard at work developing systems to verify the integrity of 3D printed objects. For example, a team of researchers from Georgia Tech and Rutgers University developed a three-layer system to verify that 3D printed objects have not been compromised by using acoustic measurements, printer component tracking, and detectable nanorods. Their system works independently from corporate computer networks to remove one of the major gateways to cybercrime.
At the very least, basic cybersecurity hygiene is critically important for manufacturers in the 3D printing space. Protecting 3D printing environments defends against a broad spectrum of other potential legal concerns including intellectual property, personal information, and product integrity. Those in the field should take heed.