Characterizing and Defending Against Cyber Security Vulnerabilities in Additive Manufacturing

Additive manufacturing technologies represent the forefront of a modern industrial revolution. New machines such as 3D printers facilitate the design and effortless creation of part geometries that enable economic mass customization of manufactured parts. These new machines are therefore rapidly being adopted throughout the manufacturing world for the creation of both design prototypes and end-user parts. However, the increasingly widespread use and dependence on this emerging technology may pose new safety and security concerns to manufacturing, office, and home environments alike. Like other mechatronic systems, 3D printers employ software-controlled electrical signals to produce physical motions. Nearly all modern additive manufacturing machines incorporate an internet connection or at least have a direct connection to a personal computer with internet access, yet little attention has been directed toward cybersecurity solutions that could prevent malicious attackers from entering the system and manipulating the creation of parts. Unlike most other manufacturing processes (e.g. CNC machining), additive manufacturing allows a part to be constructed both internally and externally. It is therefore possible for a part’s internal structure to be compromised in a way that is not easily detectable, even through close inspection of the external surface and other measurement techniques after fabrication.

The National Institute for Standards and Technology (NIST) has released an internal report detailing inherent security risks associated with replication devices such as 3D printers, stating that insufficient cyber protection exits for such machines. This research specifically addresses these concerns and suggests and verifies the efficacy of specific solutions. Several attack vectors have been identified through which a cyber attacker might be able to compromise the structural integrity of 3D-printed parts in ways that would not be easily detectable after the part has been completed. These types of attacks were then emulated on a commercial-grade 3D printer, and their effects on the strength of the resulting parts were characterized using an Instron load testing machine.

Based upon ongoing DoD-sponsored U.Va research efforts regarding cybersecurity for cyber physical systems in general, the proposed solution for enhanced 3D printer security incorporates a highly-secured, trusted sentinel device monitoring the mechatronic system that operates the printer as a means for detecting potential cyber attacks. This research effort shows the feasibility of real-time detection of illogical printer behavior through the employment of a low-cost sentinel device that uses machine-independent sensors and transducers to monitor the machine’s motions and other reactions to instructions throughout the printing process. The results presented are intended to help stimulate the development of new security enhancements to protect 3D printers already at work in the field as well as current and future products in development.