Many 3D printers lack cybersecurity features, which presents opportunities to introduce defects as components are being built, a new study shows.
The study, performed by a team of cybersecurity and materials engineers at New York University, concluded that with the growth of cloud-based and decentralized 3D printer production supply chains, there can be "significant risk to the reliability of the product."
Additive manufacturing (3D printing) is creating a globally distributed manufacturing process and supply chain spanning multiple services, and therefore raises concerns about the reliability of the manufactured product, the study stated.
The Federal Aviation Administration recently certified the first 3D-printed part for GE commercial jet engines. Automakers such as Ford have been using additive tech to build products and prototypes for years.
In fact, without 3D printing, the Ford Motor Co. would not be able to meet its new model vehicle build deadlines.
Ramesh Karri, an NYC professor of electrical and computer engineering, said it's entirely feasible that an attacker could hack into an internet-connected printer to introduce internal defects as a component is being printed.
"New cybersecurity methods and tools are required to protect critical parts from such compromise," Karri said in a statement.
The NYU research team proved it was able to hack into networks to control 3D printers and, in a controlled experiment, introduced sub-millimeter defects between printed layers. "They found that the defects were undetectable by common industrial monitoring techniques, such as ultrasonic imaging, which do not require destruction of the sample," the study said.
Over time, materials can weaken with exposure to fatigue conditions, heat, light and humidity, and become more susceptible to the small defects.
"With 3D printed components, such as metallic molds made for injection molding used in high temperature and pressure conditions, such defects may eventually cause failure," said Nikhil Gupta, a materials researcher and an associate professor of mechanical engineering at NYU's Tandon School of Engineering.
Additive manufacturing begins with a computer assisted design (CAD) file. 3D printing software, known as a G-code generator, then deconstructs the design into hundreds or thousands of slices and works to orient the robotic 3D printer head. The 3D printer then applies materials layer-by-layer that are typically as thin as 25 microns or less. To put that in perspective, 100 microns is about the thickness of a sheet of paper or a human hair; 7 microns is about the diameter of a red blood cell.
The researchers reported that the orientation of a 3D printed product during the manufacturing process could make as much as a 25% difference in its strength. However, since CAD files do not give instructions for printer head orientation, Gupta said, cyber attackers could deliberately alter the process without detection.
Karri added that with the growth of cloud-based and decentralized production environments, it is critical that all entities within the additive manufacturing supply chain are aware of the risks.