24 March 2018

Why the military needs to take 3-D printer cybersecurity seriously

By: Meredith Rutland Bauer 

Marines with 2nd Maintenance Battalion, 2nd Marine Logistics Group discuss the capabilities of 3-D printing technology with a British Royal Navy Commando during Exercise Bold Alligator 17 at Camp Lejeune, N.C., Oct. 26, 2017. (Lance Cpl. Abrey D. Liggins/Marine Corps) The use of 3-D printing in the military is becoming more commonplace, and as a result experts are emphasizing the importance of treating 3-D printers like the hackable machines they are. While a 3-D printer’s capability for experimental on-site manufacturing is far more futuristic than a traditional Wi-Fi enabled printer, the hardware is as vulnerable to cyberattacks as an average laptop or connected printer, said Nikhil Gupta, a New York University associate professor of engineering and materials researcher.

As more 3-D printers become integrated in military labs and deployed in the field, anti-malware software, using encryption and limiting physical access to the printer is imperative, because “it’s just another computer, so whatever you can do to a computer, you can literally do to a 3-D printer,” Gupta said.

The Marine Corps, for example, has printed an experimental grenade launcher: The Rapid Additively Manufactured Ballistics Ordinance, or R.A.M.B.O. The Marines are also working on creating a 3-D printing lab to make drones, spare parts and other items on an as-needed basis in the field.

In addition, the U.S. Navy’s Naval Surface Warfare Center and private partners designed a 3-D printed submarine hull, which took between three months and five months to print, at a cost of about $800,000, the Navy stated in a news release.

However, if a 3-D printer is hacked or infected with a virus, hackers could program it to add imperfections in the item it’s printing. Those imperfections could mean the item fails during use, and if those parts are weapons or integral to vehicles, those imperfections can have dangerous consequences, Gupta said.

Or consider another scenario. If the temperature of the material being printed is increased or decreased slightly, it changes the chemical structure of the material, potentially weakening the item, Gupta said. Another possible threat would be if small air pockets were added, making the item look secure, but making it structurally weaker.

When it comes to items like a grenade launcher or a submarine shell, a weaker hull or a misaligned barrel could mean the difference between life and death.

In addition to the introduction of an imperfection that causes a part of fail, a compromised 3-D printer could potentially give access to classified materials on military networks. If files are stolen, enemy combatants could print the same type of parts used by U.S. service members and use them in combat or use them to train against.

Gupta said one way his team at NYU proposes countering these attacks, especially the threat of files being stolen, is to design sensitive pieces with flaws built in — but provide a “decoder” separately that fixes the flaw. When printed by the intended owner, the part functions properly; otherwise, it’s useless.

For example, if an enemy combatant prints a stolen file of a handgun that is designed with this flaw, but without the decoder, “that gun will probably not fire or explode,” he said.

Ultimately, however, the best approach to 3-D printers is to identify and correct network vulnerabilities before an issue arises.

A hacker could break into a 3-D printer through a weakness when the printer port is opened to a separate network for diagnostics or through other vulnerabilities, Gupta said. A way to prevent this is to have internal subnets, much like the types that exist at national labs, and make sure the 3-D printers can’t be accessed outside that subnet.

Those early tests for the Marine Corps’ R.A.M.B.O. grenade launcher, for instance, have been done on separate networks until the larger picture of cybersecurity is established with these new tools, said Capt. Chris Wood, co-lead for the Marine Corps’ additive manufacturing projects.

“As we continue to quickly test and learn, we’ve kept our printers off of Marine Corps networks so that we can ensure the value of 3-D printing before we undergo the hard work of ensuring cybersecurity of the equipment and software,” Wood said. 

“The Marine Corps does have a robust process for assuring cybersecurity of both new hardware and software, which our 3-D printers would similarly follow. However, our team is also looking into the unique effects and methods of cyberattacks within the realm of 3-D printing processes, materials and design.”

This approach will assure that, as the military identifies the benefits of utilizing 3-D printers to rapidly address much-needed resources in the field, no network shortcomings have real and lasting implications to service members.

No comments: