The Cybersecurity Risks Posed by 3D Printing
Many experts believe that 3D printing may be a technology that can usher in a new era of manufacturing. Aside from the rapid manufacturing of complex designs, a key strength of 3D printing is that 3D models can easily share and distributed across global networks. This massively speeds up the supply chain and provides a platform that encourages collaboration.
However, this shared nature of 3D printing also creates a new type of risk. What cybersecurity risks should professionals and companies watch out for? Why is a data breach especially dangerous in the field of 3D printing?
The importance of cybersecurity in 3D printing
The strength of 3D printing hinges greatly on the fact that it requires digital assets in the form of 3D models. These models can be shared across several people and different departments in a company. One group may come up with a model while another revises it based on their needs. Sharing 3D models has also been a way for manufacturing companies to skip the logistical complexity of traditional supply chains.
On the other extreme is the use of 3D printing as a hobby or to support small businesses. There is no shortage of creating 3D models or 3D printing just for fun. There are also online services that can 3D print a model based on your specifications. This leverages the fact that 3D printed products are economical even if you just need one or two copies.
In the rapid rate of adoption of 3D printing, the aspect of cybersecurity seems to have been forgotten. The weak link of this technology is mainly its reliance on digital assets. As we should know by now, any digital asset is prone to hacking, theft, or tampering.
In the context of recreational 3D printing, cybersecurity may not be such a large issue. However, we must also understand that there are now aircraft and automobile components that are being made using 3D printing. A digital model that has been compromised can translate to real-world catastrophes like failing aircraft propellers or weak car hulls.
This potential for disaster has prompted several groups worldwide to come up with ways to protect digital assets created for 3D printing. There has been a lot of research on the subject, particularly different works from the NYU Tandon School of Engineering, the Georgia Tech and Rutgers University, the North Dakota State University, and the Carnegie Mellon University. Even the US Department of Defense has deemed this issue serious enough to fund a “Cyber Hub for Manufacturing” meant to address the risks of cyber-espionage in manufacturing.
Theft and counterfeit products
The most obvious risk of sharing digital models across networks is that they can be intercepted by parties who plan to recreate them. Aside from the theft of intellectual property, this creates the risk that products be released in the market that are considered sub-standard in terms of quality.
Intellectual property theft is a bigger issue when it comes to billion-dollar industries like cars and consumer products. The digital models used for 3D printing of commercial components may be the result of several years’ worth of research and product development. To have another party swoop in and steal the profits generated from such a product could lead to financial ruin for the company or professional who originally developed the product.
In some cases, personal data embedded in the 3D model can also be swollen. This could be the case for personalized medical devices. These devices were likely modeled based on the physiology or condition of the intended patient. This is information that should be kept confidential and has to be protected from theft equally as stringently as the 3D model.
A company called 3DP Security is devising a way to integrate features into a CAD file that will only be printed under very specific conditions. If the file gets stolen, it will only 3D print a product that is heavily and obviously defective. Hopefully, this will provide a way to easily identify counterfeit 3D printed products.
Tampering of digital models
More researchers are concerned about the risk that digital models can be tampered with by malicious hackers before they can go to production. Manufacturing products with built-in defects can have real-world consequences magnitudes more serious than any cyberattack. It’s easy to imagine how bad the consequences can be when we consider that 3D printed components are making their way into cars and airplanes.
The possible injuries, deaths, and property damage from defective products make this concern more pressing than anything related to data privacy or intellectual property theft. This does not even mention the possible economic consequences of doing a product recall and the manufacturing company having to face litigation. For this reason, ensuring the integrity of digital models for 3D printed products has been the priority of research in this area.
Research done in the New York University’s Tandon School of Engineering has shown that it’s possible to introduce defects in a 3D printed product that are so small that they cannot be detected by an ultrasonic C-scan and finite elemental analysis (FEA). Even if defects were detectable, it would be near impossible to do a quality check of every single product that comes out of a manufacturing line.
The easiest way to protect digital files is to have them encrypted before transmission. However, this does not provide a means for the receiving party to ensure the integrity of the digital files before or during manufacturing. Some researchers have proposed the analysis of acoustic profiles of 3D printers to ensure that there are no deviations in the process, no matter how small.
Hacking of 3D printers
Another way for hackers to tamper with 3D printed products is for them to directly hack into 3D printers. This is possible because most 3D printers nowadays are perpetually connected to the Internet to download project files.
Researchers at the Carnegie Mellon University have developed a tool called Connected 3D Print Observer or C3PO. This helps protect networked 3D printers by identifying the vulnerabilities of each device and any potential attack paths. With this knowledge, cybersecurity teams can continue to observe network traffic and identify any malicious inputs that can indicate a hacking attempt or Denial of Service attack.
Aside from practicing basic cybersecurity hygiene, there does not seem to be an existing standard to protect networked 3D printers from hackers. This is likely something that has to be handled on a case-to-case basis until 3D printers with stricter cybersecurity measures become more common. There is still a broad spectrum of cyber vulnerabilities that the 3D printing industry has to identify.
The lack of cybersecurity measures in 3D printing is an unfortunate consequence of how rapidly the technology has developed. Within the last decade, 3D printing has grown from proof-of-concept demonstrations to a full-on manufacturing process. The need for security was neglected along the way and has only recently been pushed to the spotlight.
Whether it’s for the protection of intellectual property or the prevention of tampering of digital files, it is apparent that the manufacturing industry needs to invest in cybersecurity measures. The consequence of espionage of 3D printed products is just too serious for us to continue to ignore this risk.