Even as 3D printing is gaining momentum in the military, unless the systems are properly secured, they can be vulnerable to unauthorized changes to designs and open up the Defense Departmentâ€™s networks to unnecessary cybersecurity risk, DODâ€™s inspector general said in a July 7 report.
Additive manufacturing (AM) systems, which includeÂ printers and computers, are used to create three-dimensional prototypes, models and materials, including replacement parts for military equipment in the field.
DOD, however, has been inconsistent when it comes to securing these systems because personnel considered them to be â€śtoolsâ€ť used â€śto generate supply parts instead of information technology systems that required cybersecurity controls.â€ť
The systems were â€śincorrectly categorizedâ€ť as standalone systems and thus assumed to not need authority to operate, even though they connected to DODâ€™s network. That mislabeling resulted in â€śvulnerabilities that exposed the DoD Information Network to unnecessary cybersecurity risks,â€ť the report states.
â€śThe compromise of AM design data could allow an adversary to re-create and use DoDâ€™s technology to the adversaryâ€™s advantage on the battlefield. In addition, if malicious actors change the AM design data, the changes could affect the end strength and utility of the 3D-printed products.â€ť
The IGÂ recommendedÂ additive manufacturing systems be included in DODâ€™s IT systems portfolio along with cybersecurity controls, and include authorities to operate. The watchdog also suggested that DODâ€™s CIO issue specific guidance to clarify that additive manufacturing systems were information systems that needed to be protected and â€średuce the risk of continued noncomplianceâ€ť with existing applicable DOD instructions. The DOD CIO disagreed with that recommendation.
The IG also recommended all additive manufacturing systems be upgraded to Windows 10 or get an appropriate waiver.
This article was first posted on FCW, a sibling site to GCN.