In his novel, Clear and Present Danger, Tom Clancy wrote about a deputy director of the CIA who discovers he is being kept in the dark by colleagues who are conducting a covert war against a drug cartel in Colombia. When you are kept in the dark, bad things can happen.
Not presuming to be even half as talented a writer as Mr. Clancy, here I would try to write about a no-less Clear and Present Danger – manufacturers that are being kept in the dark, while using the great technology of 3D printing. The potential danger in this case is not fiction and can affect all of us.
Additive manufacturing, or as more commonly called – 3D printing, exists in our world since the 80s of last century.
In the last ten years, 3D printing has been mostly used by personal enthusiasts, while the manufacturing industry used it solely for the creation of prototypes. Nowadays, the usage of 3D printing is changing dramatically, as we notice more and more manufacturers increasing their use of 3D printing technology outside of the prototyping domain and shifting to 3D printing in their production lines. The trend started with the simple cost-effectiveness of low volume production and stretched further all the way to product innovation which allows manufacturers to redesign current products into new ones. These are no longer just prototypes.
A report by E&Y on 3D printing technology in the manufacturing industry shows that 24% of all companies perceive 3D printing as a strategic or important topic (the same number already use it) and a further 12% are considering adopting it. Further, and more so importantly, around one third of the plastics, automotive and aerospace, and pharmaceutical and medical companies that use 3D printing apply it to print their own end components or products.
Here is an example – GE announced that it is building the world’s largest 3D printer to use metals. Even more so, GE has recently started testing the world’s largest commercial jet engine using 3D-printed metal parts. Soon enough, we will be flying jets propelled by engines that are manufactured by 3D printers. Even sooner, we will be driving cars running by engines that are manufactured by 3D printers. This is great progress, but as with all great progress comes a great risk that requires careful attention.
3D printing enables product manufacturing through computer assisted design (CAD) files that are created by a product designer. The software then creates a print-ready CAD file. It deconstructs the CAD file into smaller parts and calibrates the printer by orienting its head. The 3D printer then applies material in very thin layers finally leading to a designed product. However, as it is not the CAD file that gives the printer instruction for orienting the printers’ head, attackers can change the process without being detected. To the naked eye, the end product will look exactly as designed from the outside, but can be vastly different from the inside. In the paper Manufacturing and Security Challenges in 3D Printing 1 published by a group of researchers from NYU Tandon School of Engineering they share insights of several scenarios, intentional or unintentional, that can affect the product quality and pose security challenges for the additive manufacturing supply chain.
During the last International Cyber Week event at Tel Aviv University, I was fortunate to listen to a good friend, Prof. Yuval Elovici of Ben Gurion University. Prof. Elovici, a well-known researcher in the field of cyber security, together with his team, a team from University of South Alabama and a team from Singapore University of Technology and Design managed to inject malicious code to a computer thus adding invisible commands to a file containing a 3D printing model of a drone propeller. The propeller was printed, looking exactly as it should from the outside, and was attached to a drone. Not long after the drone took off, the propeller broke under stress, as its body structure was weakened on purpose, causing the drone to fall of the sky and crash. Dr0wned (as they named their project) is a live experiment that proved how attackers, by modifying a digital file, can destroy a physical device.
In conclusion, manufacturers, shifting from prototyping to mass production using 3D printing technology, and the proof we got from the Academia on the new cyber risks this shift creates, clearly shows a real need for new cyber security tools in the 3D printing practice. Further, the traditional methods of QC and QA for testing 3D printed products for defects and weaknesses should also be rethought and adept. Unfortunately, preventive measures such as strong encryption of CAD files or disconnecting mission critical computers and 3D printer from any network, will not be enough to meet this challenge.
In a later discussion which I had with Prof. Elovici, I have come to learn about the good news: matter experts, from both academia and the industry, are already putting their minds into securing this environment and allowing manufacturers to safely use 3D printing technology for production. Back to Clancy’s Clear and Present Danger, Jack Ryan said “There’s no sense defusing a bomb after it’s already gone off”. Well, I could not agree more!
1“Manufacturing and Security Challenges in 3D Printing” by S.E Zeltmann, N. Gupta, N.G Tsoutsos, M. Maniatakos, J. Rajendran, R. Karri, 2017, JOM, 68, p. 1872–1881