The Imperative of Cybersecurity in Metal Additive Manufacturing Technologies

December 5, 2023

Over the past few decades, cybersecurity has become paramount as software engineers and hackers engage in a digital arms race over the protection (and compromise) of sensitive data. This has touched many aspects of our digital world, but one area—manufacturing—has seemingly flown under the radar. However, new, advanced manufacturing technologies are just as much at risk for compromise as any other technology.

To ensure its secure network is not compromised by the software and hardware connected to it, the U.S. Department of Defense uses Security Technical Implementation Guides (STIGs) developed by the Defense Information Systems Agency (DISA) to serve as the benchmark for security standards. These guides help harden the DoD’s networks against breaches by preventing as many weak links across their systems as possible.

Perhaps most surprising is that many new advanced manufacturing technologies, like metal 3D printers, do not have established methodologies or standards for achieving STIG compliance. The good news is that Velo3D is the first metal additive manufacturing (AM) technology to achieve Green STIG Compliance.

But what does this mean? Achieving STIG compliance means that Velo3D printers can be configured to meet the rigorous security requirements of the United States Department of Defense (DoD).

Furthermore, Velo3D now offers a STIG compliant software “upgrade” for exiting customers if they want this level of security on their existing machines. The good news is that this upgrade can be done in the field and with minimal disruption to operations.

Understanding STIG Compliance

STIGs are comprehensive guides that detail the standards for securely configuring systems and devices. They encompass a wide range of topics, including operating systems, applications, networks, and security devices. Achieving STIG compliance, particularly a high compliance score, demonstrates a system’s resiliency against cyber threats and its alignment with DoD’s stringent security requirements.

For instance, achieving a Green STIG Compliance rating, like Velo3D’s certification, indicates a compliance score of 90% to 99% and signifies that a system adheres closely to these rigorous security benchmarks. This is the highest level of compliance, and it ensures that systems are fortified against cyberattacks, thereby safeguarding critical data. It also allows systems to connect to the DoD’s Non-Secure Internet Protocol Router Network (NIPRNet), as well as eligible to connect to the Secret Internet Protocol Router Network (SIPRNet) and assures customers that their printers are safeguarded against potential cyberattacks, further reducing security breach risks.

The Critical Role of STIGs in Metal Additive Manufacturing

Metal 3D printing, or metal AM, is becoming a key player in the production of defense-related components. Companies like Lockheed Martin, Aerojet Rocketdyne, and Northrop Grumman, are utilizing metal AM to fuel innovation, reduce lead time of replacement parts, accelerate development timelines of new technologies, and set new milestones in what can be achieved in their respective industries.

All these companies develop technology and manufacture parts that are protected under the International Traffic in Arms Regulations (ITAR). This means technology providers must ensure the highest level of security in their processes. Compliance with STIGs becomes essential in this context, as it provides a validated framework to protect against cyber vulnerabilities.

In the realm of metal AM, the application of STIGs is particularly crucial due to the unique challenges and vulnerabilities inherent in this field. The technology involves complex processes that integrate digital designs, advanced materials, and precision engineering. Each of these components introduces specific security risks that STIGs are designed to mitigate.

For instance, the digital design files used in metal AM are highly sensitive. If compromised, they could lead to significant intellectual property theft and national security threats. STIGs provide comprehensive guidelines to secure these digital assets, ensuring that they are stored, transmitted, and accessed in a manner that minimizes the risk of unauthorized access or tampering.

Furthermore, the networked nature of modern AM systems, often encompassing remote monitoring and control, can be susceptible to a variety of cyber intrusions, both common and unique. These breaches not only risk the theft of sensitive, private, or proprietary information but can also lead to denial-of-service (DDoS) attacks, interruptions in the printing process, damage to the AM machines, or unauthorized access to other organizational systems.

A coherent mitigation approach for AM must consider these unique requirements and potential adverse consequences for the organizations operating this equipment. Using STIG as a framework provides best practices for network security and helps to prevent unauthorized access to manufacturing systems. This is critically important in systems producing defense-related components, where any breach could have serious national security implications. Additionally, the software used in metal AM systems needs to be regularly updated and patched to guard against emerging cyber threats. STIGs outline best practices around software updates, ensuring that systems are kept up to date against the newest threats.

By meeting STIG compliance standards, manufacturers demonstrate their commitment to protecting sensitive data. Additionally, achieving STIG compliance involves rigorous testing and configuration of several key aspects:

  • Network Security: Ensuring that the manufacturing system is safeguarded against unauthorized network access.
  • Data Security: Implementing measures to maintain the confidentiality, integrity, and availability of sensitive data.
  • Software Security: Regularly updating and patching software to mitigate vulnerabilities.
  • Vulnerability Management: Continuously scanning and addressing potential security gaps.

Implications of Non-Compliance

The absence of STIG compliance in metal AM can have severe implications beyond the risk of cyberattacks and data breaches. In the defense sector, where data integrity and system security are non-negotiable, failing to meet these standards can disqualify manufacturers from critical defense contracts. Additionally, the reputational damage incurred from compromised systems can lead to a loss of trust among clients and partners, adversely affecting both current and future business opportunities.

Benefits of STIG-Compliant Systems

Manufacturers who achieve STIG compliance can leverage several benefits:

  • Enhanced Security: Reduced vulnerability to cyberattacks and data breaches.
  • Cost Savings: Preventing cyber incidents directly translates into financial savings and resource optimization.
  • Regulatory Compliance: Ensure the product meets DoD requirements and other compliance frameworks.
  • Customer Confidence: Assurance to clients, especially in the defense sector, that their data and products are secure.

Moving Forward with STIG Compliance

For metal AM companies, especially those involved in defense contracts, STIG compliance is becoming a necessity. It’s a commitment to security, a testament to the quality of their systems, and a competitive advantage in an industry where trust and reliability are as valuable as the products manufactured.

Manufacturers should view STIG compliance not just as a hurdle but as an integral part of their security posture. As the industry evolves, staying ahead in terms of security will be key to maintaining a strong position in the market, especially in sectors where data security is critical.

Was this article helpful?
YesNo

About the Author

Aaron Katske

Vice President – Information Technology

Aaron Katske is Velo3D's VP of Information Technology. He oversees all Information Technology (IT) strategy, operations, cybersecurity, compliance, business applications, and Facilities. Aaron is an accomplished IT executive with over 20 years of leadership experience driving transformative change across diverse industries, including Manufacturing, Supply Chain, and Software as a Service (SaaS). Aaron is a skilled technical leader proficient in technology strategy, enterprise architecture, and program management.