Professional Documents
Culture Documents
Characteristic Aspects of Additive Manuf
Characteristic Aspects of Additive Manuf
Characteristic Aspects of Additive Manuf
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
Digital Object Identifier X.X/ACCESS.2019.DOI
VOLUME X, 2019 1
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
2 VOLUME X, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
we provide an exposure analysis, indicating whether the vary drastically based on the AM process employed3 , source
identified elements are unique to AM or also applicable to materials used, and whether manufacturing is performed by
Subtractive Manufacturing (SM) using computer numerical end users or is provided as a service4 .
control (CNC) machines. Our analysis is limited to SM2 Fig. 2 depicts a representative workflow when metal AM5
and does not consider other manufacturing technologies such is provided as a service. The workflow components include
as injection molding or casting and their respective cyber- several actors, computerized systems, software applications,
security issues in order to provide a concise analysis within data transfer mechanisms, and physical item transporta-
a reasonable length. SM has been selected for this analysis tion [23]. Not all elements in the workflow are located in
as it is more readily comparable to AM with regards cyber- the AM service provider’s controlled environment (indicated
security issues. Consideration of AM cyber-security issues in by the rectangular area in Fig. 2). Multiple actors, most of
the context of other manufacturing technologies is of interest which represent enterprises, are involved in AM and provide
for future research. or utilize the various services. Such a complex workflow is
susceptible to a broad range of attacks.
A. BACKGROUND
Additive Manufacturing (AM) is not an isolated process; it is 3 The American Society for Testing and Materials (ASTM) defines seven
embedded in a complex interaction of manual and automated different AM process categories [24], [25]; each of these categories can have
workflows in which various dependencies — including phys- several sub-categories, often referred to as AM technology.
4 As of May 2019, the 3D Printing Business Directory website [26] lists
ical and informational — can be defined. AM workflows may 783 companies offering 3D-printing service, 117 of which provide metal
printing.
2 For this paper, use of the term SM implies SM using CNC machines. 5 Many functional and safety-critical AM parts are produced in metal.
VOLUME X, 2019 3
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
Hardware Maintenance,
Updates of Software/Firmware Tool Path AM Service
AM Equipment Provider
Firmware Update
Manufacturer
Controller Computer
CAD/STL/…
Specification AM Machine
3D Part
Designer(s)
Process Modeling Sensor Data
Topology Optimization
Distortion Correction
Power Grid Electricity
Power
Supplier(s)
Feedstock
(e.g., Powder)
Feedstock
Supplier(s)
Manufactured Part
Customer(s) of
the End Product
Quality Control
Witness Samples Post-Processing
Logistics (Physical Supply Chain) Non-Destructive Testing (NDT) (e.g., HIP’ing)
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
Attack Method
AM equipment can be used to manufacture a wide variety
Attack Compromised
Effects of objects without expensive and time-consuming recon-
Manipulations
Vectors Element(s) figuration. Illegal part manufacturing can include export-
Targets
Adversarial Goals
controlled or nationally or internationally prohibited items
Materials &
Application Areas & Objectives such as firearms or explosive device components [31], [32],
[33], [34]. There is also the potential for AM printers to
manufacture instruments of crime, some of which have not
FIGURE 4: Attack Analysis Framework [23]. yet been conceived nor designed.
B. ANALYSIS
Effects
Our analysis of AM security exposure is organized according
Targets to the Attack Analysis Framework [23] (see Fig. 4). The
Adversarial Goals
& Objectives framework components used for this analysis are attack vec-
Attack Targets ≡
Effects (of Attacks) ∩ Adversarial Goals
tors, compromised elements, manipulations, and targets. At-
tack methods, which are semantically identical manipulations
Theft of Technical Data
that can be performed by different compromised elements,
AM Sabotage and targets are analyzed according to the three AM security
Illegal Part Manufacturing threat categories of technical data theft, sabotage attacks, and
illegal part manufacturing (see Fig. 5).
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
TABLE II: Security Implications of AM Environment. for fraudulent behavior. The consolidation of AM technical
data throughout the workflow simplifies technical data theft
AM Environment Security Implications in comparison to SM where the data is divided amongst
numerous specialized machines and operators, each only
SERVICE PROVIDER § Exposure to more potentially possessing the data necessary to accomplish a specific task.
• High Cardinality Malicious Actors In SM, multiple attacks and targets are needed to obtain
• Short Term Relationships comparable information as that which might be retrieved in
§ Increased potential for
PART MANUFACTURING Fraudulent Actors one targeted AM attack. This also simplifies AM sabotage
• Small Volume (on demand) attacks because a broad variety of manipulations can be
§ Concentrated Technical Data
FINAL PRODUCT MANUFACTURING (Easier Theft) staged from the same machine, instead of having to exploit
• Same/Few Machine(s) and manipulate multiple, different SM machines. Lastly, the
• Limited Assembly § Manipulations/Equipment Ratio
severe limitations of NDE techniques with respect to AM
NON-DESTRUCTIVE TESTING (Diverse Sabotage Attacks)
make sabotage attacks impacting internal geometries and part
• Immature / Severe Limitations § Sabotage Attacks harder to detect properties harder to detect.
(Stealthier Attacks) With the impact of environment on attack vectors, it is
reasonable conclude that the Return on Investment (ROI) for
an adversary is substantially higher in AM than in SM. It is
also logical to also conclude that the attractiveness of AM as
an attractive option for low volume, customized, on-demand
a target will grow rapidly given the impressive average 26.6%
manufacturing.
annual growth of the industry over the past 29 years [2]
Another aspect to consider is the way in which individual and the expected related decrease in SM as manufacturers
machines are used during the manufacturing process. In SM, transition to AM. Altogether, the exploitability, ROI, and
only external geometry can be modified during the man- industry growth lead to the reasonable assumption that AM
ufacturing process so usually several specialized machines exploit development will be higher than that in SM.
are used to manufacture various components which are then
assembled into the final product. In AM, one machine can be 2) Compromised Elements
used in a variety of ways, replacing the several specialized The AM security literature has demonstrated the ability to
SM machines. Additionally, in AM very complex internal compromise and exploit the workflow elements for different
geometries can be created so the number of components attacks. Past research has examined exploitation of different
required for the final product can be reduced. As a result, part cyber components of the workflow, such as the controller
assembling can be drastically reduced or even eliminated in computer [41], [35], the 3D printer firmware [36], [42], the
AM. A frequently cited example is the General Electric (GE) computer network [37], and digital design files and software
fuel injection nozzle incorporated into the Leading Edge components [28], [38]. Physical components have been also
Aviation Propulsion (LEAP) engine. There, AM reduced the considered as a compromisable element which can enable at-
number of parts from 20 to 1, eliminating assembly require- tacks. These include feedstock [38], the power grid [39], [27],
ments, with a corresponding 25% weight reduction [9]. and the physical environment [43], [44], [45].
Lastly, significant differences exist in the final step of the From these examples, together with the published official
manufacturing environment, the quality control step. In SM, incident reports [46] for various industrial control systems
there are several, well-established non-destructive evalua- (ICS), it is apparent that each and every element in the
tion (NDE) tools, such as Coordinate Measuring Machines AM and SM workflows can be compromised. While there
(CMM), Structured Light (SL), Eddy Current Testing (ECT), is a substantial overlap between AM and SM compromisable
Ultrasonic Testing (UT), and Computed Tomography (CT). workflow elements, further examination indicates there are
CMM and SL measure external geometry, ECT and UT also significant differences.
detect internal porosity, and CT detects cracks and internal Some compromised elements can be categorized as cyber
porosity. Each of these has limited applicability in the AM domain specific such as design files and process require-
environment. For example, CMM, SL, and ECT require ments. While AM facilitates dynamic on-demand customer-
access to all surfaces of a part [40]. provider relationships, it correspondingly creates greater ex-
These differences in operating environments have pro- posure avenues for the digital design files and requirements
found implications for AM security as compared to SM specifications. The files can be benign initially and then
security and are summarized in Table II. The higher car- compromised while part of the digital chain or they can
dinality of available AM service providers increases expo- originate from a malicious actor. In either case, in addition
sure to malicious actors. The short term customer-provider to being compromised elements, they can function as attack
relationships and small volume manufacturing in AM con- vectors to compromise the service provider environment.
tribute to a temporary, transactional situation in which loss Additional cyber components include the process modeling
of customers or reputational damage is more situational and software used to simulate and correct geometry distortion
less apparent to other customers, increasing the potential resulting from AM-induced effects such as warpage as well
6 VOLUME X, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
TABLE III: Compromisable AM Workflow Elements. marizes the compromisable AM workflow elements.
There are also elements in SM workflow that are either
C YBER C OMPONENTS not present in AM workflow or have very little relevance
Design Files and Specifications to its security. Most notable is the assembly step. In SM,
Process Modeling and Optimization Software the restriction to shaping external geometries necessitates
(topology optimization, distortion correction, etc.) multiple part assembly to create parts with internal geome-
Sensor Data Feedback tries. AM drastically reduces the extent to which assembly is
P HYSICAL C OMMODITIES needed, sometimes eliminating it entirely, due to its ability to
Feedstock create internal geometries during the fusion process. Another
(powder, inert gas, etc.) notable aspect is toolpath generation. In multi-axis SM ma-
Power Grid chines, the toolpath generation software has to account for
C YBER -P HYSICAL C OMPONENTS possible collisions between the various moving parts of the
Actuator Signals/Commands machine and the manufactured part. In AM the avoidance of
Sensor Data
such situations is considered trivial.
W ORKFLOW S TEPS
Feedstock Characterization
3) Attack Methods and Effects
Powder Recycling
Post-Processing From each individual compromised element, various manip-
ulations are possible. However, for the sake of concise discus-
sion, it is possible to group semantically identical manipula-
tions. An example of such a grouping would be part geometry
as the computer-aided design (CAD) software and toolpath modification, which can be accomplished through STL file
generators. Compromise of this software can have profound manipulations, toolpath command alterations, compromise
security implications, both enabling a broad range of sabo- of the digital representation in firmware or memory dur-
tage attacks and also affording unfettered access to technical ing processing, or even modification of individual actuator
data. signals. Together, the semantically identical manipulations
that can be exercised by different compromised elements are
Other compromisable elements in the AM workflow can
referred to as attack methods, depicted in the Analysis of
be categorized as physical domain specific such as the
Attack Framework [23], discussed in subsection III-B and
commodities used during the manufacturing process. These
depicted in Fig. 4. Attack methods and their achievable effects
include the source material, called feedstock, and auxiliary
are distinct for the different threat categories. Therefore,
materials supporting the manufacturing process such as inert
we organize the discussion below by the threat categories
gas and power. While power is not unique to AM, power
of technical data theft, sabotage attacks, and illegal part
grid manipulation impacts the AM manufacturing process
manufacturing (see Fig. 5).
and final part quality in a far different and more significant
manner than SM. For example, in AM power fluctuations can
a: Technical Data Theft
change the melting properties, detrimentally impacting fu-
sion and resulting in part loss as opposed to SM where power In the AM context, unauthorized use of relevant part pro-
fluctuations can mean simply a temporary work stoppage. duction data is often referred to as intellectual property (IP)
theft. However, not all technical data parameters essential
Compromisable cyber-physical elements in the AM work-
to produce a quality product are protectable under current
flow include actuators and the associated signals and com-
United States (U.S.) intellectual property law [48]. For our
mands. It also includes sensors and the transmitted data.
discussion, technical data theft refers to legally protectable
In both cases, the physical component can be modified or
IP as well as the information necessary to produce the part
damaged or the data produced and exchanged by the physical
such as process parameters.
component can be compromised, altering system perfor-
The technical data theft attacks examined in AM secu-
mance. A sensor compromise example for AM would be in-
rity research literature thus far can be categorized as solely
frared (IR) thermography for quality control as demonstrated
cyber and cyber-physical. Demonstrated cyber attacks have
by Slaughter et al. [47]. With IR thermography, false sensor
included a spear phishing attack used to exfiltrate an STL
data can be generated by damaging the sensor or altering
file 6 [29], [35] and network session hijacking used to retrieve
the data it generates. In the Slaughter et al. [47] scenario,
the last printed model [37].
faulty data allows a bad quality part to satisfy quality control
Cyber-physical attacks demonstrated in the literature have
requirements.
used physical emanations, also referred to as side-channels,
While such cyber-physical compromises can be relevant
to reverse engineer the AM part and related technical data.
for SM too, some compromisable elements in the AM work-
Demonstrated cyber-physical attacks have included single
flow have no or significantly less relevance for SM cyber
security. These include feedstock characterization, powder 6 It should be noted that this was used only as a preparation stage for the
recycling, and post-processing heat treatment. Table III sum- follow-up sabotage attack.
VOLUME X, 2019 7
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
TABLE IV: Attack Methods for Technical Data Theft. Theft of Technical Data
Attack Method
AM SM Hacking/Spear-Phishing/STL File
Theft – belikovetsky2017dr0wned
C YBER ATTACKS
Hacking/Network Session Hijacking/STL File
Spear Phishing X X Hacking
- do2016data
- belikovetsky2016dr0wned Source File Worm Worm/ACADMedre.A/CAD File
- belikovetsky2017dr0wned – eset2012acad
Network Session Hijacking X X Compromised Equipment
- do2016data Insider Attack
Worms: ACAD/Medre.A X X
Malicious Outsourcer
- eset2012acad
C YBER -P HYSICAL ATTACKS ...
Side Channels X X Reverse Engineering
- yampolskiy2014intellectual
Side Channels (Acoustic) X X Eavesdropping Side-Channels/Theoretical
- yampolskiy2014intellectual
- faruque2016acoustic Side-Channel Analysis
Side Channels (Acoustic and Electro-Magnetic) X X Side-Channel/Acoustic/Geometry
Acoustic / Sound – faruque2016acoustic
- song2016my Side-Channel/Acoustic/Geometry
- hojjati2016leave Thermal – song2016my
X- Possible, (X) - Conditionally Possible, 7- Not Possible Side-Channel/Acoustic/Geometry
Electro-Magnetic – hojjati2016leave
Power Consumption
Side-Channel/Electro-Magnetic/Geometry
Scanning – song2016my
Side-Channel/Electro-Magnetic/Geometry
side-channel stepper motor acoustic emanantions which were 3D Scanning / CMS – hojjati2016leave
able to reconstruct a part with 85.72% accuracy [43] and CT/X-Ray Imaging
combined acoustic and electro-magnetic emanation side- AM Equipment Analysis
channels [44], [45]. Cyber
The manipulations shown in the research literature con- Software
stitute only a sub-set of attack methods identified and catego- Firmware
rized by Yampolskiy et al. [23] (see Fig. 6). It is arguable that File Format
some of the cyber and cyber-physical attack methods listed in Network Protocols
the taxonomy for technical data theft can be applied to SM as Physical
well. We summarize similarities and differences in Table IV. Mechanical
There are, however, differences in the difficulty level re- Electrical
quired to achieve desirable results in AM as opposed to
Heat Sources
SM. With methods like scanning using structured light or
Electronics
high precision CMM machines, technical data theft can be
Environmental
easier for SM than it is for AM. This is due to the fact
...
that SM only defines exterior geometry, which is easily
Protection Removal
discernible by these methods, while AM defines both external
and internal geometry as well as the part microstructure. At Watermarks
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
Tolerances
Surface Finish
Mass
Center of Mass
Required Properties
Mechanical
Chemical
Thermal
Source Material/Softer Material/Feedstock
Source Material - zeltmann2016manufacturing
Supply Chain Attack
Supply Chain/Feed Stock/Mechanical Component
Feedstock - yampolskiy2015security
Chemical Composition
Powder Characteristics
Recycling
Sieving
Blending Properties
NBC Contamination
Replacement Parts Firmware Upgrade/Extruder Damage/Substitute
- moore2017implications
Software/Firmware
Mechanical Supply Chain/Feed Stock/Mechanical Component
- yampolskiy2015security
Electrical
which leveraged anisotropic7 properties to detrimentally im-
Electronics
AM Equipment
pact the part mechanical properties without modifying part
Manufactured Object
geometry [38], [49]. Other proposed or demonstrated process
Replacement parameter attacks include scanning strategy8 , heat source
Cyber Infection Process Control/Laser Power and Exposure Time
speed and targeting, and power intensity [38].
AM Process
- ilie2017in-built
Process Control/Extruder Rate Parameter Workflow process attacks include communication timing
– moore2017implications
Process Control Process Control/Heat Source, Targeting, and power supply manipulations [39], [27] and supply chain
Positioning, Fusing Pattern, and Timing
Scanning Strategy - yampolskiy2015security attacks [38]. Supply chain attacks include feedstock manip-
Built Direction
ulations such as changing the powder chemical composition
...
Sensor Information/Temperature Sensors
or geometric characteristics. While feedstock manipulations
Sensor Information
– xiao2013security can have a direct impact on quality, they are indiscriminate
Oxygen
Infrared
and cannot be used to target a specific part [16].
...
The state estimation attack demonstrated in the research
Post-Processing literature involved manipulating infrared (IR) thermography
Heat Treatment sensor data (see Table V). In an AM system using an IR
HIPing feedback control loop, manipulating the IR sensor data can
Temperature be used to influence the manufacturing process parameters
Pressure
and ultimately part quality [47].
Duration
Of all the proposed or demonstrated AM manipulations,
Gas
Annealing
only changes to external shape can be replicated by SM
Finish Machining
machines. All the remaining manipulations are unique to AM
EDM (see Table V). It is noteworthy that the manipulations shown
Surface Finish Cyber Attack/Controller Computer/Backdoor in the research literature constitute only a fraction of attack
- belikovetsky2017dr0wned
... Cyber Attack/Network Communication/HTTPS methods identified and categorized in a taxonomical form by
- do2016data
Compromised AM Equipment Cyber Attack/Alternate G-code/Firmware Yampolskiy et al. [23] (see Fig. 7).
- moore2017implications
Cyber Attacks
Cyber Attack/Printer/USB plain text
- belikovetsky2017dr0wned
Power Surge
Compromised Part Compromised Part/Drone Failure/3D Propeller 7 In this context, anisotropic means that mechanical properties vary ac-
- belikovetsky2017dr0wned
cording to build direction.
8 In Powder Bed Fusion (PBF), scanning strategy determines the pattern
FIGURE 7: AM Sabotage Methods (derived from [23]).
in which the source material is melted by the heat source.
VOLUME X, 2019 9
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
c: Illegal Part Manufacturing TABLE VI: Attack Targets for Technical Data Theft.
Illegal part manufacturing does not fit precisely into the
analysis framework. Illegal part manufacturing can be de- AM SM
Part Specification: Part Geometry X X
fined in AM as manufacturing a part without authorization or - belikovetsky2016dr0wned
manufacturing a prohibited item. Without authorization can - belikovetsky2017dr0wned
include manufacturing more items than originally licensed - do2016data
as well as without any authorization at all. Currently, there - faruque2016acoustic
- song2016my
are no safeguards to prevent such manufacturing and thus no - hojjati2016leave
attacks to thwart them. When protections are implemented, Part Specification: Required Properties X 7
then an attacker will need to either remove or bypass them - yampolskiy2014intellectual
and that situation would then be analyzable using the frame- Manufacturing Process Specification X 7
- yampolskiy2014intellectual
work. Until that point, manufacturing without or exceeding
Post-Processing Specification X (X)
authorization invokes the same considerations as technical - yampolskiy2018security
data theft — the data is being used in an unauthorized manner Indirect Manufacturing X (X)
in both instances and both instances require data access, only - yampolskiy2018security
how the data was originally obtained varies. X- Possible, (X) - Conditionally Possible, 7- Not Possible
4) Attack Targets
While an attack method will have an effect, it may not be We summarize the attack target similarities and differences
the desired effect depending on the adversarial goals and in Table VI.
objectives. The intersection between the adversarial goals
and objectives and the achievable effects define the attack
b: Sabotage Attacks
targets (see Fig. 4). As with attack methods, attack targets
are distinct for the different threat categories. Sabotage attacks can target the manufactured part, the AM
equipment, or the environment of either the part or equip-
a: Technical Data Theft ment [16], [23]. For the manufactured part, the attacks
The technical data theft attacks demonstrated in the AM demonstrated in the research literature have targeted degrad-
security literature have been focused on the part design file. ing part tensile strength in order to induce breakage under
The spear phishing and network session hijacking attacks a lower mechanical load [41], [49] and increasing material
focused on STL file exfiltration [29], [35], [37]. The STL fatigue development in order to induce breakage prematurely
file is currently the most widely used AM file format; the after a period of normal operations [29], [35].
format is limited to part geometry specification. The side- AM equipment attacks have been discussed in literature
channel attacks reconstructed (with varying degrees of error) where the researchers [16] theorized that it is possible to
part geometry only [43], [44], [45] . increase equipment wear and eventually achieve physical
Obviously, part geometry specification is of interest in both damage in a manner similar to that of the Stuxnet attack [30].
AM and SM cyber-security contexts. However, in the AM A part environment attack was demonstrated in the dr0wned
context, valuable technical data is not limited to geometry attack where a quadcopter drone was destroyed by sabotag-
alone. In the AM context, part material characteristics are ing one of its 3D-printed propellers [29], [35]. An equipment
defined along with the part geometry. While the design is environment attack was theorized as a potential danger based
essential to achieve the geometry, the manufacturing process on the materials used in metal AM [16]. Metal AM powders
parameters are essential to achieve the required part prop- are very fine, considered generally hazardous, and can be
erties. Thus in the AM context, technical data also includes combustible depending on the alloys [50], [16]. The damage
the required part properties specifications and manufacturing potential was accidentally demonstrated on November 5,
process parameters specifications [28]. These aspects are 2013 at a Powderpart 3D printing plant in Woburn, Mas-
widely irrelevant for SM, because during the SM manufac- sachusetts where several safety standards violations resulted
turing process only external geometry can be specified; the in a combustive dust explosion and small fire [51], [16].
material characteristics are determined separate from the part Looking at the categories only, one could say that all but
manufacturing process. the impact on the AM equipment environment are achievable
Other possible technical data theft attack targets might in SM as well (see Fig. 9). However, under closer inspection,
be post-processing specification and indirect manufacturing attack targets achievable in SM are only a sub-set of attack
such as tooling (see Fig. 8). While both can be used with targets achievable in AM (see Table VII for the summary).
SM as well, their role is less dominant. For example, heat It is possible to degrade tensile strength in SM. However,
treatment post-processing operations such as hot isostatic the required defects will be changes of external geometry
pressing (HIPing) and annealing are often needed to release and, as such, easily detectable by quality control measures. In
internal residual stress in metallic AM parts. However, they AM, the defects can be introduced through internal geometry
are rarely needed in SM. changes as well external alterations or by altering material
10 VOLUME X, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
AM Sabotage
Attack Target
Environment
a well-ordered process approach. The framework is based
AM Equipment
on industry best practices; it is not designed to address and
Machine Shop Tools
prevent all possible attacks but rather to help organizations
Disruption develop systems and processes which can address the known,
Physical Damage worst-case scenarios and to recover quickly and resiliently
Interlocks from all others such as zero-day attacks. Fig. 10 details
Safety Violation the RMF organization-based approach which places system
Electrical Components
assessment as the foundational level of risk management.
Overload
Systems may include not only desktop computers, laptops,
Damage / Burn
and servers, but also networked devices like AM machines
Manufactured Part
Device Properties
and the other operational technology (OT) depicted in the
Efficiency
representational AM workflow depicted in Fig. 2. Further-
Dependability more, a system is not limited to a single device. For example,
Reliability the AM machine and controller computer in Fig. 2 could be
Life Time logically grouped together as a system.
Damage / Failure The RMF process is organized according to steps and
CPS Stealth Properties tasks. The steps at the system level are Prepare, Catego-
Emanations
rize, Select, Implement, Assess, Authorize, and Monitor (see
Reflectivity
Fig. 11). Each RMF step consists of multiple tasks and each
1st Order Causal Effects
task has a set of potential inputs, many of which are outputs
Manufacturing Site
Availability
from other tasks. As an example, Fig. 12 depicts interdepen-
Equipment
dencies within and between the Prepare and Categorize steps
Availability and tasks.
Life Time While the framework is designed to apply to all systems,
Manufactured Part the actual task outcomes are unique, depending on specific
Avg. Material Use business requirements, risk tolerance, budgetary constraints,
Avg. Time per Part enterprise architecture, and other factors. Some inputs and
Avg. Part Acceptance outputs can be used to develop Cybersecurity Framework
Breakage Conditions (CSF) Profiles. The “Framework Profile” can then be em-
ployed to represent the current or desired state of cyber-
FIGURE 9: AM Sabotage Targets (derived from [23]).
security activities. One example of a profile is the Cyberse-
12 VOLUME X, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
assessed according to its potential impact on confidentiality, In AM operational settings, the devices are often geographically separated
and connected through network devices. Those network devices could be
integrity, and availability. Broadly, the Categorize step is used considered as part of the system or provided as a service which would trigger
additional security concerns and measures such as Service Level Agreements
9 Manufacturing is one of the 16 Critical Infrastructure Sectors identified (SLAs) which are not considered in our scenario.
in Presidential Policy Directive 21 (PPD-21) [60]. The Department of Home- 11 For our analysis, the “controlled environment” of Section III and the
land Security (DHS) includes Primary Metals Manufacturing and Machinery “environment of operation” of this section share the same boundary and
Manufacturing as core sector industries [61]. workflow components. We note that may not always be the case.
VOLUME X, 2019 13
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
B. ANALYSIS
High SB = Perceived Security Benefit The AM workflow depicted in Fig. 2 represents a general-
SC = Compensatory Security Cost ized workflow. Due to the various, flexible ways in which
CF = Brand A Firewall Appliance Cost
AM workflow components can be organized, from separate
Security Cost
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
if the failure to protect the data is such that it could be deemed the typical cost-benefit and liability analyses where they
to have facilitated the illegal part manufacturing. consider data value and security costs as to themselves;
As this area and potential for harm continues to grow and however, they also need to consider that they are also in
receive additional exposure in the AM security research, AM essence providing security for the other Layer 2 and Layer
service providers will need to consider implementing restric- 1 workflow participants. However, as in SM, the perception
tions and safeguards that will provide technical means for of security benefit as opposed to fixed security costs remains
defending against the inevitable circumvention attacks. The low the further removed from the target and the incentive
cost-benefit and liability exposure analysis for AM service still decreases with distance. But in AM, each component
providers differs from SM in this area in that the current SM can arguably be considered a proxy for the security of the
restrictions and safeguards are insufficient to address these whole workflow, a factor which should affect the AM cost-
issues and the potential for using an AM service provider for benefit weighting differently than in SM where components
illegal manufacturing appears limitless. can consider segregation as a security measure in their cost-
benefit analysis.
2) Attack Layer 2
Attack Layer 2 consists of those workflow components b: Sabotage Attack
recognized as supply chain. This level includes the AM For AM, the sabotage attack at this level would most likely
equipment manufacturer, part designer, and feedstock and be a cross layer attack where the supply chain commodities
power suppliers. It does not include the post-production were modified in order to damage the part or equipment at
transportation depicted in Fig. 2. When considering which the manufacturing level or the deployed system at the end
security measures to implement, the AM supplier evaluates user level. An example would be manipulating feedstock
all security threat categories. characteristics which might cause part failure due to poor
quality or might cause equipment damage due to a chemical
a: Technical Data Theft interaction explosion.
At the supply chain level, the technical data would again be Attacks originating from a Layer 2 source have the ten-
valuable to the AM supplier as data owner. It is also possible dency to affect numerous manufactured parts at once. Tar-
that the AM supplier would possess part of the AM service geting attacks originating from a Layer 2 source are rather
provider’s technical data in the form of stated specifications difficult given the indiscriminate nature of the supply chain
requirements. The same Attack Layer 1 analyses concerning and distance from the end user. With the distance, the damage
business value and lost market share or advantage would would appear to be a remote risk to the AM supplier and the
apply. Similarly, indemnity between the parties would again AM service provider security would be an intervening factor
be governed by commercial contractual obligations and re- between supplier security measures and ultimate damage.
sponsibilities. With the perception of high cost for low benefit, the
Unique to this level is the need to consider that the tech- AM supplier would most likely assign a lower priority for
nical data theft at this layer could be used to initiate a cross sabotage attack-related measures as opposed to technical data
layer attack against the AM service provider – the enabling theft. However, as discussed in technical data theft above,
technical data theft depicted in Fig. 16 is not restricted to the AM component becomes a proxy for the security of the
the same attack layer because a Layer 2 theft can be used workflow due to the integrated and complex nature of the
to facilitate a Layer 1 sabotage. However, the AM supplier AM workflow. This changes the cost-benefit and liability
may consider the threat remote and rely on the AM service exposure analysis for the AM component to require including
provider implementing their own preventative security mea- a distant benefit as compared to SM where the component has
sures. The difficulty with this rationale is that the Layer 2 some ability to rely on segregation and shorter digital threads
theft might have the effect of transforming the actor from which do not span the entire workflow.
malicious outsider into a malicious insider for the cross layer
attack. c: Illegal Part Manufacturing
While there is overlap between AM and SM with regards As with Attack Layer 1, illegal part manufacturing becomes
to technical data theft, there are differences due to the in- primarily a technical data theft threat in that the external
tegration of process parameters into the AM data set and malicious actor would need access to a manufacturing en-
the integration of the uninterrupted AM digital thread. In vironment to accomplish the goal of unauthorized or pro-
comparison, in SM the data for each component’s require- hibited item manufacturing. The AM supplier is unlikely to
ments can remain with that component. For example, the highly prioritize measures identified as specifically prevent-
SM material supplier does not need to send to the SM part ing illegal part manufacturing. However, given the apparently
manufacturer how the source material was produced. That unlimited growth potential in illegal part manufacturing and
information is not necessary for the SM CNC machines to the potential for global harm, it is necessary to develop
operate successfully. safeguards and restrictions since the current SM measures
The AM environment creates a complex security inter- are insufficient. Responsibility for the cost of development,
dependency. The AM workflow elements at Layer 2 have deployment, and then defense against circumvention attacks
18 VOLUME X, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
VOLUME X, 2019 19
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
20 VOLUME X, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
against 3d printers,” in Proceedings of the 2016 ACM SIGSAC Conference [65] L. Graves, M. Yampolskiy, W. E. King, S. Belikovetsky, and Y. Elovici,
on Computer and Communications Security. New York, NY, USA: ACM, “Liability exposure when 3d-printed parts fall from the sky,” 2018, (In
2016, pp. 895–907. Print).
[45] A. Hojjati, A. Adhikari, K. Struckmann, E. Chou, T. N. Tho Nguyen, [66] C. Krauss and J. Schwartz, BP will plead guilty and pay over $4
K. Madan, M. S. Winslett, C. A. Gunter, and W. P. King, “Leave your billion, 2012. [Online]. Available: https://www.nytimes.com/2012/11/16/
phone at the door: Side channels that reveal factory floor secrets,” in business/global/16iht-bp16.html
Proceedings of the 2016 ACM SIGSAC Conference on Computer and [67] C. Robertson, J. Schwartz, and R. Pérez-Peña, BP to
Communications Security. New York, NY, USA: ACM, 2016, pp. 883– pay $18.7 billion for Deepwater Horizon oil spill, 2015.
894. [Online]. Available: https://www.nytimes.com/2015/07/03/us/bp-to-pay-
[46] Department of Homeland Security, “Cybersecurity and Infrastructure gulf-coast-states-18-7-billion-for-deepwater-horizon-oil-spill.html
Security Agency–Industrial Control Systems,” 2019, https://ics-cert.us- [68] N. F. Engstrom, “3-d printing and product liability: identifying the obsta-
cert.gov. cles,” U. Pa. L. Rev. Online, vol. 162, p. 35, 2013.
[47] A. Slaughter, M. Yampolskiy, M. Matthews, W. E. King, G. Guss, and [69] E. M. Malloy, “Three-dimensional printing and a laissez-faire attitude
Y. Elovici, “How to ensure bad quality in metal additive manufacturing: toward the evolution of the products liability doctrine,” Fla. L. Rev.,
In-situ infrared thermography from the security perspective,” in Proceed- vol. 68, p. 1199, 2016.
ings of the 12th International Conference on Availability, Reliability and [70] P. Reddy, “The legal dimension of 3d printing: Analyzing secondary
Security. New York, NY, USA: ACM, 2017, pp. 78:1–78:10. liability in additive layer manufacture,” Colum. Sci. & Tech. L. Rev.,
[48] A. Brown, M. Yampolskiy, J. Gatlin, and T. Andel, “Legal aspects of vol. 16, p. 222, 2014.
protecting intellectual property in additive manufacturing,” in Critical [71] S. Wang, “When classical doctrines of products liability encounter 3d
Infrastructure Protection X: 10th IFIP WG 11.10 International Conference, printing: New challenges in the new landscape,” Hous. Bus. & Tax LJ,
ICCIP 2016, Arlington, VA, USA, March 14-16, 2016, Revised Selected vol. 16, p. 104, 2016.
Papers 10. Springer, 2016, pp. 63–79. [72] P. J. Comerford and E. P. Belt, “3dp, am, 3ds and product liability,” Santa
[49] S. E. Zeltmann, N. Gupta, N. G. Tsoutsos, M. Maniatakos, J. Rajendran, Clara L. Rev., vol. 55, p. 821, 2015.
and R. Karri, “Manufacturing and security challenges in 3d printing,” Jom, [73] H. Nielson, “Manufacturing consumer protection for 3-d printed prod-
vol. 68, no. 7, pp. 1872–1881, 2016. ucts,” Ariz. L. Rev., vol. 57, p. 609, 2015.
[50] OSHA, “OSHA FactSheet,” 2014. [74] N. D. Berkowitz, “Strict liability for individuals-the impact of 3-d printing
on products liability law,” Wash. UL Rev., vol. 92, p. 1019, 2014.
[51] OSHA Regional News Release, “After explosion, US Department of
[75] N. E. Weiss and R. S. Miller, “The target and other financial data breaches:
Labor’s OSHA cites 3-D printing firm for exposing workers to combustible
Frequently asked questions,” in Congressional Research Service, Prepared
metal powder, electrical hazards Powderpart Inc. faces $64,400 in penal-
for Members and Committees of Congress February, vol. 4, 2015, p. 2015.
ties,” May 2014.
[76] L. Cheng, F. Liu, and D. D. Yao, “Enterprise data breach: causes, chal-
[52] A. I. Adediran, A. Nycz, and L. J. Love, “An in-depth review on the scien-
lenges, prevention, and future directions,” Wiley Interdisciplinary Re-
tific and policy issues associated with additive manufacturing,” Journal of
views: Data Mining and Knowledge Discovery, vol. 7, no. 5, 2017.
Science Policy and Governance, vol. 11, no. 1, 2017.
[77] B. Albright, “Siemens 3d prints power turbine blades,” 2017. [On-
[53] A. Banerjee, “Arms and the man: Strategic trade control challenges of 3d line]. Available: https://www.digitalengineering247.com/article/siemens-
printing,” International Journal of Nuclear Security, vol. 4, no. 1, p. 7, 3d-prints-power-turbine-blades/
2018. [78] T. Kellner, “The blade runners: This factory is 3d printing
[54] W. Hoffman and T. A. Volpe, “Internet of nuclear things: Managing the turbine parts for the world’s largest jet engine,” 2018. [Online].
proliferation risks of 3-d printing technology,” Bulletin of the Atomic Available: https://www.ge.com/reports/future-manufacturing-take-look-
Scientists, vol. 74, no. 2, pp. 102–113, 2018. inside-factory-3d-printing-jet-engine-parts/
[55] Z. Li, X. Ma, H. Li, Q. An, A. S. Rathore, Q. Qiu, W. Xu, and Y. Wang, [79] S. Gallagher, “How a cracked fan blade (probably) ended a
“C3po: Database and benchmark for early-stage malicious activity detec- decade of no us air travel fatalities,” 2018. [Online]. Available:
tion in 3d printing,” arXiv preprint arXiv:1803.07544, 2018. https://arstechnica.com/information-technology/2018/04/how-a-cracked-
[56] Z. Li, A. S. Rathore, C. Song, S. Wei, Y. Wang, and W. Xu, “Printracker: fan-blade-probably-ended-a-decade-of-no-us-air-travel-fatalities/
Fingerprinting 3d printers using commodity scanners,” in Proceedings of [80] E. Chuck and S. Walters, “Passenger killed after en-
the 2018 ACM SIGSAC Conference on Computer and Communications gine fragment damages southwest jet,” 2018. [Online].
Security. ACM, 2018, pp. 1306–1323. Available: https://www.nbcnews.com/storyline/airplane-mode/southwest-
[57] F. Baumann and D. Roller, “Additive manufacturing, cloud-based 3d airlines-plane-makes-emergency-landing-philadelphia-airport-n866686
printing and associated servicesâĂŤoverview,” Journal of Manufacturing [81] N. K. Kitroeff, C. N. Negroni, and Z. Wichter, “SouthwestâĂŹs
and Materials Processing, vol. 1, no. 2, p. 15, 2017. fatal accident prompts scrutiny of engine inspections,” 2018.
[58] H. K. Chan, J. Griffin, J. J. Lim, F. Zeng, and A. S. Chiu, “The impact [Online]. Available: https://www.nytimes.com/2018/04/18/business/
of 3d printing technology on the supply chain: Manufacturing and legal southwest-plane-engine-failure.html
perspectives,” International Journal of Production Economics, vol. 205, pp. [82] M. Gajanan, “The deadly southwest engine explosion is a dangerous
156–162, 2018. warning sign for thousands of planes,” 2018. [Online]. Available:
[59] K. Stouffer, T. Zimmerman, C. Tang, J. Lubell, J. Cichonski, http://time.com/5244808/southwest-airline-engine-failure-metal-fatigue/
and J. McCarthy, “Cybersecurity framework manufacturing profile,” [83] L. Aratani, “Federal investigators open hearing into cause of fatal
National Institute of Standards and Technology, Gaithersburg, MD, southwest airlines engine explosion,” 2018. [Online]. Available:
Tech. Rep. NIST IR 8183, Sep. 2017. [Online]. Available: https: https://www.washingtonpost.com/local/trafficandcommuting/federal-
//nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8183.pdf investigators-open-hearing-into-cause-of-fatal-southwest-airlines-
[60] Department of Homeland Security, “Critical Infrastructure Sectors,” 2019, engine-explosion/2018/11/14
https://www.dhs.gov/critical-infrastructure-sectors. [84] N. Manworren, J. Letwat, and O. Daily, “Why you should care about the
[61] ——, “Critical Manufacturing Sector,” 2019, target data breach.” Business Horizons, no. 3, p. 257, 2016.
https://www.dhs.gov/cisa/critical-manufacturing-sector.
[62] E. L. Witzke, “Selecting rmf controls for national security systems.”
Sandia National Lab.(SNL-NM), Albuquerque, NM (United States), Tech.
Rep., 2015.
[63] National Institute of Standards and Technology, (NIST), “Special pub-
lication 800-53, revision 4: Security and privacy controls for federal
information systems and organizations,” National Institute of Standards
and Technology, (NIST), Gaithersburg, MD, Tech. Rep., 2013.
[64] B. L. DeCost, H. Jain, A. D. Rollett, and E. A. Holm, “Computer Vision
and Machine Learning for Autonomous Characterization of AM Powder
Feedstocks,” JOM, vol. 69, no. 3, pp. 456–465, Mar. 2017. [Online].
Available: http://link.springer.com/10.1007/s11837-016-2226-1
VOLUME X, 2019 21
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2931738, IEEE Access
Graves et al.: Characteristic Aspects of Additive Manufacturing Security from Security Awareness Perspectives
22 VOLUME X, 2019
This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/.