Abstract

Manufacturing industries are increasingly adopting additive manufacturing (AM) technologies to produce functional parts in critical systems. However, the inherent complexity of both AM designs and AM processes renders them attractive targets for cyber-attacks. Risk-based information technology (IT) and operational technology (OT) security guidance standards are useful resources for AM security practitioners, but the guidelines they provide are insufficient without additional AM-specific revisions. Therefore, a structured layering approach is needed to efficiently integrate these revisions with preexisting IT and OT security guidance standards. To implement such an approach, this paper proposes leveraging the National Institute of Standards and Technology’s cybersecurity framework (CSF) to develop layered, risk-based guidance for fulfilling specific security outcomes. It begins with an in-depth literature review that reveals the importance of AM data and asset management to risk-based security. Next, this paper adopts the CSF asset identification and management security outcomes as an example for providing AM-specific guidance and identifies the AM geometry and process definitions to aid manufacturers in mapping data flows and documenting processes. Finally, this paper uses the open security controls assessment language (OSCAL) to integrate the AM-specific guidance with existing IT and OT security guidance in a rigorous and traceable manner. This paper’s contribution is to show how a risk-based layered approach enables the authoring, publishing, and management of AM-specific security guidance that is currently lacking. The authors believe implementation of the layered approach would result in value-added, non-redundant security guidance for AM that is consistent with the preexisting guidance.

References

1.
ISO/ASTM 52900:2021 Additive Manufacturing – General Principles – Fundamentals and Vocabulary
,” ISO/TC 261 Additive Manufacturing.
2.
Ding
,
J.
,
Baumers
,
M.
,
Clark
,
E. A.
, and
Wildman
,
R. D.
,
2021
, “
The Economics of Additive Manufacturing: Towards a General Cost Model Including Process Failure
,”
Int. J. Prod. Econ.
,
237
, p.
108087
.
3.
Wohlers Report 2022: 3D Printing and Additive Manufacturing Global State of the Industry
,” Wohlers Associates, Fort Collins, CO, https://wohlersassociates.com/
4.
Graves
,
L. M. G.
,
Lubell
,
J.
,
King
,
W.
, and
Yampolskiy
,
M.
,
2019
, “
Characteristic Aspects of Additive Manufacturing Security From Security Awareness Perspectives
,”
IEEE Access
,
7
, pp.
103833
103853
.
5.
Yampolskiy
,
M.
,
Schutzle
,
L.
,
Vaidya
,
U.
, and
Yasinsac
,
A.
,
2015
,
Security Challenges of Additive Manufacturing With Metals and Alloys
,
Critical Infrastructure Protection IX
(
IFIP Advances in Information and Communication Technology
), Vol.
466
,
M.
Rice
,
S.
Shenoi
, eds.,
Springer International Publishing
,
Cham
, pp.
169
183
.
6.
Barker
,
E. B.
,
2020
, “
Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms
,” Technical Report, National Institute of Standards and Technology, Gaithersburg, MD, NIST SP 800-175Br1.
7.
Stouffer
,
K.
,
Pease
,
M.
,
Tang
,
C. Y.
,
Zimmerman
,
T.
,
Pillitteri
,
V.
,
Lightman
,
S.
,
Hahn
,
A.
,
Saravia
,
S.
,
Sherule
,
A.
, and
Thompson
,
M.
,
2023
, “
Guide to Operational Technology (OT) Security
,” Technical Report, National Institute of Standards and Technology, Gaithersburg, MD, NIST SP 800-82r3.
8.
Yampolskiy
,
M.
,
Gatlin
,
J.
, and
Yung
,
M.
,
2021
, “
Myths and Misconceptions in Additive Manufacturing Security: Deficiencies of the CIA Triad
,” Proceedings of the 2021 Workshop on Additive Manufacturing (3D Printing) Security,
ACM
, Virtual Event, South Korea, pp.
3
9
.
9.
Yampolskiy
,
M.
,
King
,
W. E.
,
Gatlin
,
J.
,
Belikovetsky
,
S.
,
Brown
,
A.
,
Skjellum
,
A.
, and
Elovici
,
Y.
,
2018
, “
Security of Additive Manufacturing: Attack Taxonomy and Survey
,”
Addit. Manuf.
,
21
, pp.
431
457
.
10.
Malekipour
,
E.
, and
El-Mounayri
,
H.
,
2018
, “
Common Defects and Contributing Parameters in Powder Bed Fusion AM Process and Their Classification for Online Monitoring and Control: A Review
,”
Int. J. Adv. Manuf. Technol.
,
95
(
1–4
), pp.
527
550
.
11.
Gupta
,
N.
,
Tiwari
,
A.
,
Bukkapatnam
,
S. T. S.
, and
Karri
,
R.
,
2020
, “
Additive Manufacturing Cyber-Physical System: Supply Chain Cybersecurity and Risks
,”
IEEE Access
,
8
, pp.
47322
47333
.
12.
Adkins
,
C.
,
Thomas
,
S.
, and
Moore
,
D.
,
2021
, “
Defining and Addressing the Cybersecurity Challenges of Additive Manufacturing Platforms
,” Proceedings of the 2021 Workshop on Additive Manufacturing (3D Printing) Security,
ACM
, Virtual Event Republic of Korea, pp.
61
65
.
13.
Balta
,
E. C.
,
Pease
,
M.
,
Moyne
,
J.
,
Barton
,
K.
, and
Tilbury
,
D. M.
,
2023
, “
Digital Twin-Based Cyber-Attack Detection Framework for Cyber-Physical Manufacturing Systems
,”
IEEE Trans. Autom. Sci. Eng.
, pp.
1
18
.
14.
Yampolskiy
,
M.
,
Bates
,
P.
,
Seifi
,
M.
, and
Shamsaei
,
N.
,
2022
, “
State of Security Awareness in the Additive Manufacturing Industry: 2020 Survey
,” Progress in Additive Manufacturing 2021,
ASTM International
,
West Conshohocken, PA
, pp.
192
212
.
15.
National Institute of Standards and Technology
,
2018
, “
Framework for Improving Critical Infrastructure Cybersecurity
,” Technical Report, Version 1.1, National Institute of Standards and Technology, Gaithersburg, MD, NIST CSWP 04162018.
16.
ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection – Information Security Management Systems – Requirements
,” ISO/IEC JTC 1/SC 27 Information Security, Cybersecurity and Privacy Protection.
17.
Kure
,
H. I.
, and
Islam
,
S.
,
2019
, “
Assets Focus Risk Management Framework for Critical Infrastructure Cybersecurity Risk Management
,”
IET Cyber-Phys. Syst.: Theory Appl.
,
4
(
4
), pp.
332
340
.
18.
Lyu
,
X.
,
Ding
,
Y.
, and
Yang
,
S.-H.
,
2020
, “
Bayesian Network Based C2P Risk Assessment for Cyber-Physical Systems
,”
IEEE Access
,
8
, pp.
88506
88517
.
19.
OSCAL
,” https://pages.nist.gov/OSCAL/, Accessed April 27, 2023.
20.
Ferrill
,
E. D.
, and
Rajan
,
K.
,
2022
, “3D Bioprinting, Nanotechnology, and Intellectual Property,”
3D Bioprinting and Nanotechnology in Tissue Engineering and Regenerative Medicine
,
L.
Grace Zhang
,
J. P.
Fisher
, and
K. W.
Leong
, eds.,
Elsevier
,
Amsterdam
, pp.
505
522
.
21.
Goodwin
,
B.
,
2019
, “
Additive Manufacturing and Nuclear Security: Calibrating Rewards and Risks
,” Technical Report, Lawrence Livermore National Laboratory, LLNL-TR–788223, 1635763, 985244.
22.
Al Faruque
,
M. A.
,
Chhetri
,
S. R.
,
Canedo
,
A.
, and
Wan
,
J.
,
2016
, “
Acoustic Side-Channel Attacks on Additive Manufacturing Systems
,” 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS),
IEEE
,
Vienna, Austria
, pp.
1
10
.
23.
Gatlin
,
J.
,
Belikovetsky
,
S.
,
Elovici
,
Y.
,
Skjellum
,
A.
,
Lubell
,
J.
,
Witherell
,
P.
, and
Yampolskiy
,
M.
,
2021
, “
Encryption is Futile: Reconstructing 3D-Printed Models Using the Power Side-Channel
,” 24th International Symposium on Research in Attacks, Intrusions and Defenses,
ACM
,
San Sebastian Spain
, pp.
135
147
.
24.
Brandman
,
J.
,
Sturm
,
L.
,
White
,
J.
, and
Williams
,
C.
,
2020
, “
A Physical Hash for Preventing and Detecting Cyber-physical Attacks in Additive Manufacturing Systems
,”
J. Manuf. Syst.
,
56
, pp.
202
212
.
25.
Liang
,
S.
,
Zonouz
,
S.
, and
Beyah
,
R.
,
2022
, “
Hiding My Real Self! Protecting Intellectual Property in Additive Manufacturing Systems Against Optical Side-Channel Attacks
,” Proceedings 2022 Network and Distributed System Security Symposium,
Internet Society
,
San Diego, CA
.
26.
Belikovetsky
,
S.
,
Yampolskiy
,
M.
,
Toh
,
J.
,
Gatlin
,
J.
, and
Elovici
,
Y.
,
2017
, “
dr0wned – Cyber-Physical Attack With Additive Manufacturing
,” 11th USENIX Workshop on Offensive Technologies (WOOT 17),
USENIX Association
, p.
16
.
27.
Carrion
,
P. E.
,
Graves
,
L. M.
,
Yampolskiy
,
M.
, and
Shamsaei
,
N.
,
2021
, “
Evaluation of a Cyber-Physical Attack Effectiveness in Metal Additive Manufacturing by Selectively Modifying Build Layer Thickness
,”
International Solid Freeform Fabrication Symposium
,
Virtual
,
2021
.
28.
Parker
,
G.
,
MacDonald
,
E.
,
Zinner
,
T.
, and
Yampolskiy
,
M.
,
2022
, “
3D-Mold’ed In-Security: Mapping Out Security of Indirect Additive Manufacturing
,”
ASIA CCS '22: ACM Asia Conference on Computer and Communications Security
,
Nagasaki, Japan
,
May 30–June 3
.
29.
Beckwith
,
C.
,
Naicker
,
H. S.
,
Mehta
,
S.
,
Udupa
,
V. R.
,
Nim
,
N. T.
,
Gadre
,
V.
,
Pearce
,
H.
,
Mac
,
G.
, and
Gupta
,
N.
,
2022
, “
Needle in a Haystack: Detecting Subtle Malicious Edits to Additive Manufacturing G-Code Files
,”
IEEE Embedded Syst. Lett.
,
14
(
3
), pp.
111
114
.
30.
Shi
,
Z.
,
Mamun
,
A. A.
,
Kan
,
C.
,
Tian
,
W.
, and
Liu
,
C.
,
2023
, “
An LSTM-Autoencoder Based Online Side Channel Monitoring Approach for Cyber-Physical Attack Detection in Additive Manufacturing
,”
J. Intell. Manuf.
,
34
(
4
), pp.
1815
1831
.
31.
Mamun
,
A. A.
,
Liu
,
C.
,
Kan
,
C.
, and
Tian
,
W.
,
2022
, “
Securing Cyber-Physical Additive Manufacturing Systems by In-Situ Process Authentication Using Streamline Video Analysis
,”
J. Manuf. Syst.
,
62
, pp.
429
440
.
32.
Graves
,
L.
,
King
,
W.
,
Carrion
,
P.
,
Shao
,
S.
,
Shamsaei
,
N.
, and
Yampolskiy
,
M.
,
2021
, “
Sabotaging Metal Additive Manufacturing: Powder Delivery System Manipulation and Material-Dependent Effects
,”
Addit. Manuf.
,
46
, p.
102029
.
33.
Pearce
,
H.
,
Yanamandra
,
K.
,
Gupta
,
N.
, and
Karri
,
R.
,
2022
, “
FLAW3D: A Trojan-Based Cyber Attack on the Physical Outcomes of Additive Manufacturing
,”
IEEE/ASME Trans. Mechatron.
,
27
(
6
), pp.
5361
5370
.
34.
Gatlin
,
J.
,
Belikovetsky
,
S.
,
Moore
,
S. B.
,
Solewicz
,
Y.
,
Elovici
,
Y.
, and
Yampolskiy
,
M.
,
2019
, “
Detecting Sabotage Attacks in Additive Manufacturing Using Actuator Power Signatures
,”
IEEE Access
,
7
, pp.
133421
133432
.
35.
Yu
,
S.-Y.
,
Malawade
,
A. V.
,
Chhetri
,
S. R.
, and
Al Faruque
,
M. A.
,
2020
, “
Sabotage Attack Detection for Additive Manufacturing Systems
,”
IEEE Access
,
8
, pp.
27218
27231
.
36.
Rott
,
M.
, and
Monroy
,
S. A. S.
,
2021
, “Power-Based Intrusion Detection for Additive Manufacturing: A Deep Learning Approach,”
Industrial IoT Technologies and Applications
,
Peñalver
,
L.
,
Parra
,
L.
, eds.,
Springer International Publishing
,
Cham
, pp.
171
189
.
37.
Zinner
,
T.
,
Parker
,
G.
,
Shamsaei
,
N.
,
King
,
W.
, and
Yampolskiy
,
M.
,
2022
, “
Spooky Manufacturing: Probabilistic Sabotage Attack in Metal AM Using Shielding Gas Flow Control
,” Proceedings of the 2022 ACM CCS Workshop on Additive Manufacturing (3D Printing) Security,
ACM
,
Los Angeles, CA
, pp.
15
24
.
38.
Kurkowski
,
E.
,
Rice
,
M.
, and
Shenoi
,
S.
,
2022
, “Detecting Part Anomalies Induced by Cyber Attacks on a Powder Bed Fusion Additive Manufacturing System,”
Critical Infrastructure Protection XVI
(
IFIP Advances in Information and Communication Technology
), Vol.
666
,
Staggs
,
J.
,
Shenoi
,
S.
, eds.,
Springer Nature Switzerland
,
Cham
, pp.
175
203
.
39.
Yanamandra
,
K.
,
Chen
,
G. L.
,
Xu
,
X.
,
Mac
,
G.
, and
Gupta
,
N.
,
2020
, “
Reverse Engineering of Additive Manufactured Composite Part by Toolpath Reconstruction Using Imaging and Machine Learning
,”
Compos. Sci. Technol.
,
198
, p.
108318
.
40.
Sola
,
A.
,
Sai
,
Y.
,
Trinchi
,
A.
,
Chu
,
C.
,
Shen
,
S.
, and
Chen
,
S.
,
2021
, “
How Can We Provide Additively Manufactured Parts With a Fingerprint? A Review of Tagging Strategies in Additive Manufacturing
,”
Materials
,
15
(
1
), p.
85
.
41.
Wei
,
C.
,
Sun
,
Z.
,
Huang
,
Y.
, and
Li
,
L.
,
2018
, “
Embedding Anti-Counterfeiting Features in Metallic Components Via Multiple Material Additive Manufacturing
,”
Addit. Manuf.
,
24
, pp.
1
12
.
42.
Usama
,
M.
, and
Yaman
,
U.
,
2022
, “
Embedding Information Into Or Onto Additively Manufactured Parts: A Review of QR Codes
,”
Steganograph. Watermark. Meth. Mater.
,
15
(
7
), pp.
25
96
.
43.
Yampolskiy
,
M.
,
Graves
,
L.
,
Gatlin
,
J.
,
Skjellum
,
A.
, and
Yung
,
M.
,
2021
, “
What Did You Add to My Additive Manufacturing Data?: Steganographic Attacks on 3D Printing Files
,” 24th International Symposium on Research in Attacks, Intrusions and Defenses,
ACM
,
San Sebastian, Spain
, pp.
266
281
.
44.
Milaat
,
F. A.
,
Witherell
,
P.
,
Hardwick
,
M.
,
Yeung
,
H.
,
Ferrero
,
V.
,
Monnier
,
L.
, and
Brown
,
M.
,
2022
, “
STEP-NC Process Planning for Powder Bed Fusion Additive Manufacturing
,”
ASME J. Comput. Inf. Sci. Eng.
,
22
(
6
), p.
060904
.
45.
Enck
,
W.
, and
Williams
,
L.
,
2022
, “
Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations
,”
IEEE Secur. Priv.
,
20
(
2
), pp.
96
100
.
46.
ISO 14649-17:2020 Industrial Automation Systems and Integration – Physical Device Control – Data Model for Computerized Numerical Controllers – Part 17: Process Data for Additive Manufacturing
,” ISO/TC 184/SC 1 Industrial Cyber and Physical Device Control.
47.
ISO/ASTM 52915:2020, Specification for Additive Manufacturing File Format (AMF) Version 1.2
,” ISO/TC 261 Additive Manufacturing.
48.
Specification – 3MF Consortium
,” https://3mf.io/3mf-specification/, Accessed September 28, 2023.
49.
Bonnard
,
R.
,
Hascoët
,
J.-Y.
,
Mognol
,
P.
, and
Stroud
,
I.
,
2018
, “
STEP-NC Digital Thread for Additive Manufacturing: Data Model, Implementation and Validation
,”
Int. J. Comput. Integr. Manuf.
,
31
(
11
), pp.
1141
1160
.
50.
Rodriguez
,
E.
, and
Alvares
,
A.
,
2019
, “
A STEP-NC Implementation Approach for Additive Manufacturing
,”
Procedia Manuf.
,
38
, pp.
9
16
.
51.
Um
,
J.
,
Park
,
J.
, and
Stroud
,
I. A.
,
2021
, “
Squashed-Slice Algorithm Based on STEP-NC for Multi-material and Multi-directional Additive Processes
,”
Appl. Sci.
,
11
(
18
), p.
8292
.
52.
ISO 10303-238:2022 Industrial Automation Systems and Integration – Product Data Representation and Exchange – Part 238: Application Protocol: Model Based Integrated Manufacturing
,” ISO/TC 184/SC 4 Industrial Data.
53.
Lipman
,
R.
, and
Lubell
,
J.
,
2015
, “
Conformance Checking of PMI Representation in CAD Model STEP Data Exchange Files
,”
Computer-Aided Des.
,
66
, pp.
14
23
.
54.
ISO 10303-11:2004 Industrial Automation Systems and Integration – Product Data Representation and Exchange – Part 11: Description Methods: The EXPRESS Language Reference Manual
.”
55.
Luttmer
,
J.
,
Ehring
,
D.
,
Pluhnau
,
R.
,
Kocks
,
C.
, and
Nagarajah
,
A.
,
2022
, “
SMART Standards: Modularization Approach for Engineering Standards
,” Volume 2: 42nd Computers and Information in Engineering Conference (CIE),
American Society of Mechanical Engineers
,
St. Louis, MO
, p.
V002T02A065
.
56.
Loibl
,
A.
,
Manoharan
,
T.
, and
Nagarajah
,
A.
,
2020
, “
Procedure for the Transfer of Standards Into Machine-Actionability
,”
J. Adv. Mech. Des. Syst. Manuf.
,
14
(
2
).
57.
Joint Task Force Interagency Working Group
,
2020
, “
Security and Privacy Controls for Information Systems and Organizations
,” National Institute of Standards and Technology, Technical Report SP 800-53, Rev. 5, Edition: Revision 5.
58.
Chacon
,
S.
, and
Straub
,
B.
, “
Pro Git
,” https://git-scm.com/book, Accessed July 10, 2023.
59.
Lubell
,
J.
,
2023
, “
Additive Manufacturing Profile
,” https://github.com/usnistgov/am-profile.
60.
Ben-Kiki
,
O.
,
Evans
,
C.
, and
döt Net
,
I.
,
2021
, “
YAML Ain’t Markup Language (YAML™) Revision 1.2.2
,” https://yaml.org/spec/1.2.2/, Accessed March 23, 2023.
61.
Stergiopoulos
,
G.
,
Dedousis
,
P.
, and
Gritzalis
,
D.
,
2022
, “
Automatic Analysis of Attack Graphs for Risk Mitigation and Prioritization on Large-Scale and Complex Networks in Industry 4.0
,”
Int. J. Inf. Secur.
,
21
(
1
), pp.
37
59
.
You do not currently have access to this content.