Security is an often ignored part of additive manufacturing.
Unfortunately, security incidents seem to be on the rise, and particularly related to company cloud infrastructure. In recent years more companies are using cloud technology to store designs and other critical information. During the pandemic many companies erected cloud platforms in order to support remote workers, and still do so today.
Security incidents take many forms, but generally the idea is that data that should be secured is somehow exposed to others outside the company. This could be personal information about staff and clients, internal company documents or even 3D designs sought by competitors.
Someone inside every organization can access these materials, but normally access is restricted to those who “need to know”. However, if one of those privileged accounts is compromised, then the information can be exposed.
The most typical method of gaining access to the privileged accounts is through “phishing”, where a seemingly correct email persuades the account holder to click on a link. Once that’s done, automated scripts take over and compromise the account. This can actually be done without the account holder even knowing what’s going on.
According to a recent report from Netwrix:
- 51% of manufacturing companies have experienced an attack on their cloud infrastructure in the past 12 months
- 73% of those attacked were done via phishing.
- 38% of respondents in this sector had to deal with account compromise at least once, while the average for all other industries was 31%
- 19% of manufacturing organizations experienced supply chain compromise but only 15% of respondents from other verticals reported this type of attack
Netwrix said only 35% of manufacturing companies have set up clouds, while in general companies are at 41%. Thus manufacturing is lagging not only in security, but even using cloud technology at all.
VP of Security Research at Netwrix explained:
“Cloud adoption is accelerating in the manufacturing sector: These organizations report that they expect 52% of their workloads to be in the cloud by the end of 2023, up from the current 35%. Fast implementation of cloud computing could cause security gaps. Paying close attention to securing all three attack vectors — data, identities, and infrastructure — will reduce the risk of infiltration and its consequences.”
While this survey is likely intended to drum up business for Netwrix, much of what they say is actually true. In many ways the manufacturing industry lags current developments in technology. We see that every day: many companies have still yet to adopt 3D printing tech into their operations.
The same is evidently true for security aspects.
Manufacturing companies face particularly more dangerous risks as there is the possibility of compromising equipment operation. Many pieces of equipment can be operated remotely, and exposing the credentials to them means someone can literally run your 3D printers. It is possible that job sequences can be disrupted, or in the worst case, machine damage occurs.
If it’s true that companies will continue to move into the cloud in coming years, it is definitely a good idea to ensure the security is in place.
For the AM market, companies are often adopting pre-made cloud solutions provided by others. These companies develop sophisticated workflow solutions that allow not only remote workers, but also connections with clients and suppliers. A company using these services might be unaware of the services’ security capabilities.
The bottom line here is that those providing cloud-based AM workflow solutions had better ensure they provide more than adequate security for their clients, and those clients had better ask a lot of questions about the security of the service.