The State of Cybersecurity in Additive Manufacturing (AM)
Many new technologies are introduced to the world with untold hype and fail to live up to their promise, both in terms of promised improvements and user adoption. This has not been the case for AM. As an industry, Wohlers Associates calculated that it has appreciated 21% in 2018 to a market value of $7.3 billion . An estimated 1,768 metal-based AM systems were sold in 2017, compared to 983 similar systems in 2016, which is an increase of ~80%.
AM can produce a component in a layer-wise fashion rather than starting with a block of material and removing pieces using milling, cutting, or lathing processes (referred here as subtractive manufacturing). In this way, additive processes are not constrained in the same way as subtractive processes, meaning that the manufacturing envelope is opened very wide to produce technically or financially infeasible components due to such challenges as shape complexities, extreme cost, material combinations, etc. Relevant examples of AM include surgical joint replacement components (such as titanium hip or knee replacements), components whose traditional manufacturing methods would be cost or time prohibitive , or components for which the original tooling (such as the dies for forging) no longer exists (such as various components replaced on aging aircraft systems expected to continue serving for many years into the future ). Using this manufacturing method allows mass customization while simultaneously decentralizing the manufacturing and distribution process. Underlining mass customization, three-dimensional (3-D) printing is being developed to fabricate highly dose-specific medication. In 2015, the U.S. Food and Drug Administration (FDA) approved the first 3-D printed drug available in the United States—Levetiracetam (Spirtam - Aprecia), which is used to treat partial onset, myoclonic, and primary generalized tonic-clonic seizures in patients with epilepsy .
Presently, there are many types of AM that vary based on cost, material system, manufacturing method, user capabilities, and characteristics of the desired final component. The several most common forms of AM/3-D printing (shown graphically in Figure 1, with examples shown in Figure 2) are as follows:
- Vat Photopolymerization: Using this process, an object is created in a vat of liquid resin photopolymer. Ultraviolet (UV) light is used to cure a UV-curable resin in a pattern that produces a part corresponding to a computer-aided design (CAD) file.
- Material Extrusion: This process is known as fused filament fabrication (FFF), or fused deposition modeling (FDM), and involves using an extruder nozzle to heat a thermoplastic filament wire past its melting point and extruding and depositing it onto a heated plate. This process is repeated over and over to create various components.
- Material Jetting: Sometimes called “inkjet printing,” the printer jets drops of ink onto a build tray and cures them. This process is repeated one at a time to create a 3-D component.
- Binder Jetting: An AM process in which a liquid-binding agent is selectively deposited to join powder particles. Layers of material are then bonded to form an object.
- Powder Bed Fusion: This is a family of AM processes involving direct metal laser sintering, selective laser sintering, and selective laser melting. All these processes use a focused heat source (lasers, electron beams, or thermal print heads) to melt/partially melt ultrafine layers of material in a 3-D space to construct a part in a CAD file. The powder is melted in a layerwise fashion. After each layer is fused, a roller transfers a very thin layer of powder over the previously printed layer. The process is continued until the component is finished.
- Direct Energy Deposition: Using this method, a metallic wire is fed and fused with either a laser or electron beam, melting and depositing the molten wire material in a pattern to create a component.
- Sheet Lamination: This type of AM is used in rapid prototyping to quickly create components for models.
Compromising an Additive Manufacturing Machine
AM machines require connections to other computers for a wide range of reasons. Firmware and software updates are required to keep the device functioning properly. Software connecting the machine to a controller laptop/desktop is required to take full advantage of the many different parameter settings and capabilities of an AM system. Additionally, AM machines use CAD data files (the most common is the .stl file type, which is sliced using a slider engine native to the particular printer and software package to convert the part to G-code fabrication instructions) to produce components. These files are often transferred via an SD card, CD, DVD, USB, flash drive, Wi-Fi, etc., to the AM machine. All these vectors provide the means to potentially gain access to an AM machine.
Differences in Digital Machinery
An adversary gaining access to an AM machine is potentially far more dangerous than access to a modern digital computer numeric-controlled subtractive machining machine. AM machines build their components layer by layer, from “the ground up.” In this way, an intentional defect can be hidden in the interior of an AM-built component and go unnoticed by the end user. Additionally, as AM components are often geometrically complex (as it is often more cost effective to fabricate simple components using traditional subtractive processes), it is difficult or impossible to perform nondestructive evaluation (NDE) processes to identify potential defects within these components. Figure 3 shows examples of NDE facilities used to inspect subtractive raw material. Accepted and standardized facilities and processes such as these do not exist to confirm the “soundness” of AM-sourced components. Indeed, NDE of AM manufactured components and “effects of defects” are active research areas funded by many different branches of the government. These branches have ties to the aerospace fields (U.S. Air Force and Navy, National Institute of Standards and Technology [NIST], National Aeronautics and Space Administration, etc.) through programs such as the Small Business Innovative Research, Small Business Technology Transfer, and the America Makes initiative, as well as many different private ventures associated with these departments.
For traditional, subtractive manufacturing, raw materials take many standard product forms—plates, rods, sheets, cylinders, blocks, etc. NDE processes for these product forms have been developed over many years and successfully identify defects commonly found in these product forms. As subtractive processes only remove subsequent layers of preexisting and previously inspected and certified material, the possibility of a rouge defect introduced by an adversary is highly unlikely. These traditional processes are much more difficult for an adversary to effectively “weaponize.” For other types of conventional production that do not involve as many subtractive processes, such as forgings and castings, using nonadditive processes means these methods are also insulated from cyberattacks. Commonly employed other additive processes, such as welding, soldering, or brazing, often involve adding one or only a few layers of material at joints. These processes have clearly defined and characterized NDE processes to inspect and identify defects. Joining these processes is wholly different from AM fabrication processes, which can be thought of as building a component from hundreds, or even thousands, of different individual welding or joining processes.
Researchers and AM operators are only beginning to examine the potential for an adversary to penetrate an AM system and affect the outcome of a fabricated component. Here, two case studies are presented as potential examples of the threat cyberwarfare presents to stand‑alone printing/AM facilities.
dr0wned – Cyber Attack on Quadcopter Propeller Blades
In 2016, Belikovetsky et al. published an article on arXiv.org describing and demonstrating the decrease in the fatigue life of a plastic component associated with a defect intentionally emplaced in an FDM 3-D printed quadcopter propeller and causing midflight failure of the component and destruction upon the subsequent crash .
As mentioned, 3-D printers use G-code commands transmitted from a CAD-enabled computer via a USB connection to control their operations (material extrusion and nozzle motions). Belikovetsky et al. made the following several assumptions as part of this work :
- The user does not keep the software up-to-date (noted as representative behavior for most private users).
- The printer owner also uses the controlling PC to surf the internet, read emails, download documents, play games, etc.
- The printer is a Lulzbot Taz5 (an FDM 3-D printer presently available for $1,000+ online), which operates Marlin firmware and connects to a controlling PC using the Cura software package.
- The material printed is acrylonitrile butadiene styrene plastic, a commonly used material for fused deposition modeling (FDM) 3-D printing.
The attack occurred by placing an internal void in the quadcopter propeller that acts as a stress concentration point and, hence, a fatigue initiation site. This type of sabotage is unique to AM. In addition, the location of the defect was strategically placed at the root of the propeller, the point of highest stress in the component. The design file (.stl) was modified to include tiny gaps between the propeller blade and cap (~0.1 mm, which offers a good compromise in terms of the potential for damage between an excessively large defect and an insignificant defect).
The attack was executed in the following three steps:
- Compromise the controller PC.
- Download and manipulate the original design file.
- Change the file located on the controller PC.
The controller PC was compromised via a patched WinRAR vulnerability  spoofing the file name and extension of the achieved file. A malicious .exe file was created using the Metasploit framework to trigger an exploit. The targeted PC received an email to download the infected file and open a .pdf file inside the .rar archive from dropbox.com. Upon clicking on the file, a reverse shell opened in the background, allowing the attacker to exercise controls on the controller PC’s system without the user’s knowledge.
The attacker remotely searched the controller computer for .stl design files (the most common file type used to generate the G-code necessary to control the 3-D printer) before downloading them for further investigation. Upon gaining possession of these files, the adversary could modify the design as they see fit using a CAD program such as SolidWorks. When modifications to the .stl file were complete, the reverse shell was used to place the maliciously-altered file back in the same place on the controller computer.
Flight testing was conducted on a DJI Phantom 2 Vision+ quadcopter drone (an example is shown in Figure 4). Using an unaltered propeller, the drone was able to take off and fly without any issues for 5 min. When a single unaltered propeller was replaced with a sabotaged one, the drone was able to take off and fly for 1 min and 43 s before propeller failure and subsequent crash.
Belikovetsky et al. further envisioned scaling up an attack to sabotage the G-code itself, bypassing the .stl file. Although the authors did not perform this action, they note that the script to change G-code files can be implemented as a worm with a wide variety of activation triggers. Such triggers include a specific date and use a simultaneous, coordinated attacked on multiple manufacturing systems conceivable by an adversary located across the globe and armed only with a computer.
“Jesus Nut” – A Theoretical Scenario
A theoretical attack was envisioned by Deloitte involving an imaginary CH-53 Sea Stallion helicopter , as shown in Figure 5. In this hypothetical scenario, the helicopter experiences a strange vibration at a low altitude and lurches towards the ground. There is a hard landing, but all onboard survive the harrowing experience. Afterwards, upon return to base, the pilot learns the cause for the incident was the sudden and catastrophic failure of the Jesus Nut, a screw-on, secured nut that holds the main rotor to the mast of the helicopter with a lynchpin.
In this narrative, although the nut and lynchpin are steel components easily fabricated by traditional methods, an inability to transport components to the field in a timely fashion has led to implementing on-site AM to meet demand. An investigation finds that this helicopter was not the only one to suffer a nonfatal, hard landing. All the affected aircraft suffered from a failure of a 3-D printed Jesus Nut, meaning that the on-site 3-D print shop may have been hacked. The dramatic increase in nonfatal accidents questions the reliability of the blueprints, 3-D printing processes, and all associated verification testing. These events, subsequent confusion, and lack of clear causes can lead to the grounding of numerous aircraft and loss of time, money, and weapon system availability as investigations are performed to see if the aircraft are safe to fly and what actions and remediation need to be taken. This type of situation is unacceptable in a warzone.
The cases discussed here highlight the need to ensure that 21st century digital manufacturing facilities are appropriately secured. Further exercises can be proposed, such as hacking any printers deployed in logistics stations or in forward deployed areas. Hackers from adversary countries, working with their country’s engineers/scientists, may be able to tailor innocuous defects into various components (such as aircraft engine parts in which a void or even microstructural differences caused by a simple change in print patterns can create fatigue initiation sites) to ensure failure in flight or in battle. As a further example, the U.S. Army is presently testing Rapid Additively Manufactured Ballistic Ordinance (RAMBO), a completely 3‑D printed grenade launcher (except for the springs and fasteners) . Even as much time and research dollars are spent on developing AM and trying to characterize its capabilities and the components produced, researchers have begun to pay attention to securing the facilities themselves from a foreign actor who may try to “reach out from afar.”
State of Present Research in AM Cybersecurity
Some of the first published research on the effect of cybervulnerabilities in 3-D printing/AM systems is discussed by Sturm et al. in 2014 . Since then, research has discussed phishing attacks to access 3-D printers  and use smart phones to perform side channel attacks against 3-D printers . Other works that explored these issues include those from Bridges et al.  and Yampolskiy et al. .
There are currently several efforts attempting to answer questions regarding cyberattacks to AM machines. The FDA has not issued specific recommendations for 3-D printing cybersecurity but has issued recommendations for cybersecurity associated with producing any medical device . These recommendations are as follows:
- Medical device manufacturers and health care facilities should take steps to ensure appropriate safeguards. Manufacturers are responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity. They are responsible for putting appropriate mitigations in place to address patient safety risks and ensure proper device performance.
- Hospitals and healthcare facilities should evaluate their network security and protect their hospital systems.
The Atlantic Council’s Brent Scowcroft Center on International Security recently published a report describing how 3-D printing and AM are transforming the aviation sector but acknowledges that the “cybersecurity risks are not fully understood” . The report further notes how Airbus and Boeing, the world’s largest civilian aircraft manufacturers, are already making standard use of AM in production. This marks an increase from niche and specialist uses and recommends that aircraft (airborne or on the ground) be treated “as nodes in multiple networks” and that the aviation sector’s culture of “managing safety in the face of complex risk” be applied to cybersecurity and involve stakeholders collaborating and developing a “shared perception of risk.” In essence, AM and 3-D technology adoption should not outpace developing adequate cybersecurity systems; however, concrete recommendations to create these systems are not offered.
At New York University, Zeltmann et al. performed an experiment like the quadcopter case study described here by emplacing small intentional defects in 3-D printed tensile specimens conforming to the ASTM D638-14 standard [16, 17]. In this way, the team was able to predict performance through modeling, inspect the known defects using ultrasound (a versatile and widely employed NDE method, where they found no signs of the defects), and note a decrease in strength for the defective specimens under known and controlled laboratory conditions.
With a team from Rutgers University and the Georgia Institute of Technology, Bayens et al. described how acoustic sensing (listening to the specific patterns in the extruder or laser’s motion) can be used to sense if the part is printed using the appropriate G-code pattern . A second method the team investigated was using sensors to monitor the motions of the extruder to ensure that the appropriate scanning patterns were used. Finally, a third method studied used gold nanoparticles injected into the feedstock filament during feedstock fabrication. After manufacturing, the object can be scanned to determine if the gold nanoparticles have shifted in the object or if they have holes or other defects (similarly to the way contrast agents and dyes are used to more accurately image tumors in magnetic resonance imagery or computed tomography scans). A similar auditory-based method to provide 3-D printing security has also been explored in recent work by Belikovetsky et al. .
North Dakota State University’s Dr. Jeremy Straub (Department of Computer Science) published two papers discussing the threats that cyberattacks pose to 3-D printers and potential solutions to these problems. Straub proposed a monitoring system that can identify when an attack occurs in real time, with the potential to abort a print job as soon as malicious intent is identified. This system uses five cameras to monitor the printer and compare the object being printed to a referenced, expected shape [20, 21].
Chhetri et al. investigated a similar set of side channel analog emissions (acoustic and electromagnetic) from 3-D printers and claimed they could determine zero-day kinetic cyberattacks in fused deposition modeling AM by monitoring the various changes in parameters to the 3-D object, such as speed, dimensions, and movement axis . The accuracy of this method to detect the range of variations introduced into these parameters from laboratory‑induced kinetic cyberattacks was about 77.45%.
Private Sector Responses to the AM Cybersecurity Need
In response to these and other reports, 3-D printing cybersecurity startups have emerged, such as 3DP Security (founded by Dr. Nikhil Gupta of New York University’s Tandon School of Engineering) and Identify3D (cofounded by Joe Inkenbrandy and Stephan Thomas).
Additionally, the Danish company “Create it REAL” has developed a platform for encrypting and decrypting 3-D files onboard a 3-D printer. The main goal of this company’s work is IP protection, but it also has the potential to mitigate malicious attacks by preventing file alteration . Underlining these IP concerns, recent filings by the Walt Disney Company show that it has filed a patent for 3-D printing with antiscanning filament, citing concerns that their figurines and models could easily be copied using 3-D scanning and printing . The hope of the company is that this threat can be mitigated with a new 3-D printing process (although, it is noted that a potential low-tech solution to this would be possible with a scan of dulling spray paint).
In 2016, the Digital Manufacturing and Design Innovation Institute (DMDII) in Chicago launched the National Center for Cybersecurity in Manufacturing, which focuses on the risks to AM through $750k seed money from the Pentagon . DMDII held a Cybersecurity in Manufacturing Workshop to provide a forum to educate interested parties. The most recent of these was held on September 25–26, 2018, at the University of Illinois Labs Innovation Center.
Another group that started in 2014, the National Defense Industrial Association, formed a working group called Cybersecurity for Additive Manufacturing, with several different joint working group teams. These teams included the following: (1) the Manufacturing Environment Team (run by Dr. Marilyn Gaska of Lockheed Martin), (2) the Policy Planning and Impacts Team (led by Ms. Sarah Stern of the Boeing Company), (3) the Technology Solutions Team (led by Ms. Heather Moyer of Atlantic Broadband), and (4) the Reference and Integration Team (led by Ms. Catherine Ortiz of Defined Business Solutions, LLC). Yet another group, the Cyber Secure Dashboard (started in January 2017), jointly created with the University of Illinois Urbana-Champaign, Lockheed Martin, Heartland Science and Technology and others, was instituted to develop an assessment tool to help small and medium-sized manufacturers in complying with U.S. Department of Defense-mandated control requirements .
Blockchain technology is being used to secure the digital thread to 3-D print file data to implement software and validation tools through the AM process. A blockchain is a growing list of records linked using cryptography. Each record contains a cryptographic hash of the previous block, a timestamp, and transaction data; this technology is incorporated into Bitcoin technology. Two companies spearheading these technologies are Identify3D and Cubichain Technologies.
Summary of Research and Recommended Best Practices
Several efforts are beginning to address cybersecurity in AM. A variety of solution areas is explored, including embedded tracking to ensure CAD files are not stolen, automatic dimensional control to ensure optimized printing, CAD modeling strategies, and microstructure tagging. Security features embedded in the CAD files or printed products themselves would be used to deter counterfeiting. Various means are proposed to monitor cyberincursions, including encrypt/decrypt procedures and visual and acoustic monitoring methods, and microstructural/nanoparticle encoding into the fabricated component (either via nozzle temperature for 3-D printing or laser power levels for common metallic AM processes).
Much research has focused on cybersecurity for desktop 3-D printers operating via FFF or FDM (using a thermoplastic as the feedstock; see Figure 6). Little research has been published examining the cybersecurity of high-dollar systems, such as those required to produce metallic components via an additive process such as selective laser sintering. Components printed using these systems would be used for such things as aircraft structural components and, by extension, would require the highest levels of security.
Ultimately, a question that needs to be asked whenever an engineer is deciding to 3-D print a component is “Does this component really need to be 3-D printed?” Oftentimes, the risk (both in terms of time spend, financial investment, etc.) does not justify bypassing traditional subtractive manufacturing. If the answer to this question is legitimately yes, then the following common-sense recommendations should be followed to minimize the risk of an attack on the machine:
- Consistently ensure that all firmware and software are up-to-date on both the controller computer and the printer itself.
- Ensure the computer is equipped with up-to-date antivirus software and is routinely scanned to ensure no infections.
- Control the way in which the file containing part fabrication instruction is transferred from the “outside world” to the computer controlling the printer.
- Use appropriate encrypt/decrypt procedures with the files in question.
In addition, NDE procedures (visual, acoustic, and any others) used to verify that a component has been fabricated properly should be used as required, weighing the cost of the NDE vs. the importance of the fabricated component. Finally, research groups, government, and private industry need to continue working together to develop best practices for this problem. They must remain vigilant and maintain this work moving forward, as cyberattacks will evolve and continue.
- McCue, T. J. “Wohlers Report 2018: 3D Printer Industry Tops $7 Billion.” Forbes, 30 September 2018, https://www.forbes.com/sites/tjmccue/2018/06/04/wohlers-report-2018-3d-p....
- Thomas, D.“Costs, Benefits, and Adoption of Additive Manufacturing: A Supply Chain Perspective.” International Journal of Advanced Manufacturing Technology, vol. 85, pp. 1857–1876, 2016.
- Pawlyk, O. “3-D Printing Is Changing the Way Air Force Fixes Its Aging Planes.” DefenseTech, 2 May 2017, https://www.military.com/defensetech/2017/05/02/3-d-printing-is-changing....
- Kite-Powell, J. “FDA-Approved 3D Printed Drug Available in the U.S.” Forbes, 22 March 2016, https://www.forbes.com/sites/jenniferhicks/2016/03/22/fda-approved-3d-pr....
- 3D Hubs. “3 Additive Manufacturing Technologies to Watch Out for in 2017.” Medium, 30 September 2018, https://medium.com/extreme-engineering/3-additive-manufacturing-technolo....
- Belikovetsky, S., M. Yampolskiy, J. Toh, J. Gatlin, and Y. Elovici. “dr0wned – Cyber-Physical Attack with Additive Manufacturing.” 11th USENIX Workshop on Offensive Technologies (WOOT ‘17), Vancouver, BC, Canada, 14–15 August 2017.
- WinRAR File Extension Vulnerability. http://www.rarlab.com/vuln_zip_spoofing_4.20.html.
- Deloitte. “Cybersecurity for Government Additive Manufacturing.” https://www2.deloitte.com/us/en/pages/public-sector/articles/additive-ma..., accessed 20 September 2018.
- Hodgkins, K. “Meet RAMBO, the Army’s Badass New 3D-Printed Grenade Launcher.” Digital Trends, 10 March 2017, https://www.digitaltrends.com/cool-tech/army-3d-printed-grenade-launcher.
- Sturm, L., C. Williams, J. Camelio, J. White, and R. Parker. “Cyber-physical Vulnerabilities in Additive Manufacturing Systems.” Con-text, vol. 7, no. 8, 2014.
- Song, C., F. Lin, Z. Ba, K. Ren, C. Zhou, and W. Xu. “My Smartphone Knows What You Print: Exploring Smartphone-Based Side-Channel Attacks Against 3D Printers.” The 2016 ACM SIGSAC Conference on Computer and Communications Security,pp. 895–907, 2016.
- Bridges, S., K. Keiser, N. Sissom, and S. Graves. “Cybersecurity for Additive Manufacturing.” Proceedings of the 10th Annual Cyber and Information Security Research Conference, 7–9 April 2015.
- Yampolskiy, M., A. Skjellum, M. Kretzschmar, R. Overfelt, K. Sloan, and A. Yasinsac. “Using 3D Printers as Weapons.” International Journal of Critical Infrastructure Protection, vol. 14, pp. 58–71, 2016.
- U.S. Food and Drug Administration. “Medical Devices – Cybersecurity.” https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm, accessed 29 September 2018.
- Haria, R. “Atlantic Council Warns of Cybersecurity Risks of 3D Printing in Aviation.” 3D Industry, 13 November 2017, https://3dprintingindustry.com/news/atlantic-council-warns-cybersecurity....
- ASTM D8638-14. “Standard Test Method for Tensile Properties of Plastics.” ASTM International, West Conshohocken, PA, 2014.
- Zeltmann, S. E., N. Gupta, N. G. Tsoutsos, M. Maniatakos, J. Rajendran, and R. Karri. “Manufacturing and Security Challenges in 3D Printing.” Journal of Materials, vol. 68, no. 7, pp. 1872–1881, July 2016.
- Bayens, C., T. Le, L. Garcia, R. Beyah, M. Javanmard, and S. Zonouz. “See No Evil, Hear No Evil, Feel No Evil, Print No Evil?Malicious Fill Pattern Detection in Additive Manufacturing.” 26th USENIX Security Symposium, Vancouver, BC, Canada,16–18 August 2017.
- Belikovetsky, S., Y. Solewicz, M. Yampolskiy, J. Toh, and Y. Elovivi. “Digital Audio Signature for 3D Printing Integrity.” IEEE Transactions on Information Forensics and Security, 2018.
- Straub, J. “Identifying Positioning-Based Attacks against 3D Printed Objects and the 3D Printing Process.” SPIE Defense + Security, Anaheim, CA, 2017.
- Straub, J. “A Combined System for 3D Printing Cyber Security.” SPIE Commercial + Scientific Sensing and Imaging, Anaheim, CA, 2017.
- Chhetri, S. R., A. Canedo, M. Abdullah, and A. Faruque. “Kcad: Kinetic Cyber Attack Detection Method for Cyber-Physical Additive Manufacturing Systems.” Proceedings of the 35th International Conference on Computer Aided Design, 2016.
- Clarke, C.“Create It REAL Creates Encryption Platform for 3D Printers to Prevent Intellectual Property Losses.” 3D Printing Industry, 13 June 2017, https://3dprintingindustry.com/news/create-real-creates-encryption-platf....
- Disney Enterprises. “Print Method Using a Three-Dimensional (3D) Printer to Provide Scanning Protection for Printed 3D Objects.” Patent application ser. no. 14/334,156, 17 July 2014.
- Waterman, P. J. “3D Printing Cybersecurity Gets Boost from DMDII and Others.” Rapid Ready, 21 August 2018, http://www.rapidreadytech.com/2018/08/am-cybersecurity-gets-boost-from-d....
- Ross, R., P. Viscuso, G. Guissanie, K. Dempsey, and M. Riddle. “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” NIST Special Publication 800-171, revision 1, December 2016.