3D printing growth raises security fears

Written by Amanda Hall-Davis
31/01/20

Three-dimensional (3D) printing is big business, with products and services expected by research firm Statistica to reach $35.6 billion by 2025. But as the sector expands, so do the potential security threats.

On a global scale, the UK places fifth in terms of adopting 3D printing and manufacturing, according to the study published by HP and A.T.Kearny. The method has become an integral method of UK manufacturing, in everything from the production of prosthetic limbs, to dental crowns, car prototypes and tangible architectural models.

The Ministry of Defence (MoD) for instance unveiled a new approach in identifying current technologies that can advance defence, which includes the use of 3D printing.

The Defence Technology Framework and Defence Innovation Priorities documents published in September 2019, highlighted how the MoD aims to identify technological changes that can advance defence. This includes 3D printing for submarines, ships, components and repairs, which can be created both cheaply and within 24 hours.

Associated security threats

With the advancement of new technology within the 3D printing industry, come new liabilities though; namely security threats.

A spokesperson at Siemens explained that the majority of common attacks today are based on crypto malware. “3D printers have the same vulnerabilities as other operating systems, and these are missing or late patches and security updates – however, with the correct protection mechanisms in place then the potential damage is quite low.”

Corey Nachreiner, chief technology officer at WatchGuard, identified that even a simple Denial of Service (DoS) attack could force an error at the end of a 3D print process, resulting in unusable parts, costing both time and money.

He highlighted that a hidden trojan horse in the network, or booby-trapped prints could structurally weaken the internal design of the model, while physical risks - such as very high heats occurring with the heating elements - could potentially disable some software safeguards.

“If they're [3D printing devices] networked, firewall them – you should be restricting network access to these printers, or the network printing hosts that run them,” Nachreiner stated. “Also, we recommend segmenting your 3D printers on the same network you segment other connected devices and leverage other network-based security services, to potentially catch now exploits against them.”

Like any industrial piece of equipment, 3D printers have a connection to the internet which is open to attack in order to disrupt production or potentially steal engineering designs. Research undertaken by a John Hopkins computer security team demonstrated the ease at which hackers could alter a few lines of code in a 3D blueprint for a drone’s propeller. The printed propeller appeared flawless, yet under closer scrutiny microscopic weaknesses in its blade resulted in its failure. With 3D printers manufacturing more critical aircraft components, it is a lesson that a few digital doors may remain unlocked.

“You see it with a lot of new technology and security is often an afterthought, you can see it with these drones and how highly vulnerable they can be to hackers,” said Lanier A. Watkins, who supervised the drone research at Johns Hopkins Homewood campus.

Protection mechanisms include a combination of a proper asset inventory, patching, network separation, monitoring and intrusion prevention, as well as agreements with vendors for improvement of their product security.

Highlighting how firms can protect themselves, the National Cyber Security Centre stated: “There are a range of measures that organisations can take to increase their cyber resilience, which range from training for staff to technical actions relating to the set up and configuration of devices, networks and software.”

The future for 3D printing

The adoption rate of 3D printing manufacturing will keep accelerating, with more and more vendors providing specialised offerings across a range of industrial sectors.

Filemon Schoffer, chief commercial officer at 3D Hubs, provided his predictions for the future: “Increasingly, more small to medium-sized businesses are making the most of the prototyping speed and geometric complexities 3D printing provides, as the technology becomes more accessible.”

A possible future customer demand might be the delivery of digital assets combined with print out on customer owned devices. SME’s 3D printing can continuously working on improving the flaws in 3D engineering. The result of hackers infiltrating digital blueprints could be a new kind of threat and commercial 3D printing products need enhanced security features already in place, instead of reliance on later ‘bug fix’ updates, when it could be too late.