For many companies, the 3D printer is more than just a fun toy. 3D printing is bursting with possibilities for the office of the future—and it’s poised to disrupt a variety of industries today. Unfortunately, your 3D printer could be mouth-watering bait for today’s malicious cybercriminals if left unprotected. Just consider how researchers from the University at Buffalo were able to replicate full-fledged print files by using a zero-trace hacking method that collected data based on the sound waves made by a printhead. Pretty scary, right?
But security risks aren’t just limited to 3D print security and additive manufacturing. Hackers know that many businesses overlook their printers when it comes to securing their IT environments, and all it takes is a criminal with a bit of determination to gain entry to an unprotected entry point and monitor documents until they’ve got the intelligence necessary to launch a targeted spear phishing attack. Just like that, they’ve got a hold on all your organization’s most sensitive data.
While you should get excited about all the brilliant possibilities for 3D printing, you need to also be aware of the risks associated with integrating 3D printing into your network.
Digital attacks now have physical consequences
Another academic research group demonstrated just how ugly it could be if a hacker tweaked one line of code in your printable files. Using phishing, they gained access to a university computer that powered the 3D printer, and once inside, they replaced a file for a drone propeller with an almost identical version. The changes weren’t apparent after printing, so no one noticed until the drone took flight, at which point the $1,000 toy took a nosedive and crashed. The experiment was a tool to understand how attackers may intervene in the process between design and production.
On top of that, unsecured 3D print files could also run the risk of IP theft, which could undermine your company’s ability to innovate. While IP theft is just one component of transnational crime, the multinational corporations behind corporate espionage cases are worrying. The biggest, smartest cybercriminals are part of this industry, worth an estimated $1.6–$2.2 trillion each year. Whether they steal your IP to sell or sabotage your print jobs, there’s no positive outcome for your business if you fall victim to this type of theft.
Poor standardization is a mixed blessing
On the plus side, there is one factor that makes your 3D printers less risk-prone than a fleet of laptops on your network that all run Windows 10: There’s no standardization. 3D printer technology is incredibly varied, which is why teams of evil geniuses can’t necessarily design a de facto attack for all 3D printers. For the foreseeable future, you’ll likely be safe from blanket 3D printer malware for sale on the dark web.
While good news, it also means you’re on your own when it comes to making sure your 3D printer isn’t a massive risk right off the shelf. Without a print vendor that provides built-in security features out of the box or expert security guidance when you need it most, it’s all up to you and your team to build the necessary defenses. At worst, you might not know you’ve been sabotaged until a functional part fails.
You can’t protect what you don’t understand
The idea of cyber espionage in printing could result in worse problems than a printed pizza crust that’s too dense for your refined palate. What if organizations printing FDA-approved pharmaceuticals faced a hack? Or a commercial airline part was compromised?
You can’t protect what you don’t understand. That was essentially the conclusion of a team of researchers led by NYU professor Ramesh Karri, who said, “With the growth of cloud-based and decentralized production environments, it is critical that all entities within the additive manufacturing supply chain be aware of the unique challenges presented to avoid significant risk to the reliability of the product.”
In other words, what you don’t know about 3D print security could definitely hurt you. Educate yourself and your team as soon as possible—or team up with a vendor that can tackle the dirty work for you.
Know the risks first to defend against them
Printers of all types are natural conduits for sensitive data, and it’s up to you and your IT team to keep the wolves at bay. Once you understand the threats targeting your printers, you can better protect your fleet—and your organization at large—against cybercrime, acts of espionage, and sabotage.
Print security is a crucial component of information security, and it should start at the device level, with printers that can detect and self-heal from criminal attacks. With the right devices, tools, and expert guidance, your organization can avoid dealing with the risk of unsecured printing—like sabotage of your 3D print code—and enjoy all its benefits instead.