ASTM’s approach to cyber security training development and execution.
The additive manufacturing community and experts in the cyber security field have identified the security of additive manufacturing (AM) as a critical gap. With the increased adoption of AM in a variety of applications, including manufacturing of functional parts for safety-critical systems, security is crucial. AM is a highly computerized technology that relies on digital input files and on computer control of the manufacturing process itself. Attacks in AM are not limited to the cyber domain or to the digital design files; some of the attacks can occur in the physical domain, e.g. by contamination of source material or changing the communication timing. A wide variety of cross-domain attacks are possible, such as side-channel attacks that allow reconstruction of a 3D printed object solely based on the emanations (acoustic, electromagnetic, power, etc.) of the AM machine during the manufacturing process. The challenge of a cross-domain attack is that they originate as a manipulation in one domain and cause effects in a different domain.
The objective of this program was to develop training courses for both executives as well as subject matter experts (SMEs) that would allow them to have a high level of understanding of the cyber security needs associated with the use of digital data. As manufacturing evolves to a more digital process, security needs must evolve and adapt to address these new risks. The eventual users of the information in this training would be SMEs, such as the IT professionals and data managers of these facilities who need a deeper technical understanding of the risks and how they can be mitigated in order to meet customer requirements.
Auburn University and ASTM created an online survey to reach out to the AM community as well as the America Makes membership. This survey included questions establishing the type of AM facility being examined as well as what security concerns and mitigation methods were currently in place. Security best practices were also compiled. Once the needs/gap analysis was conducted, the two training courses were developed. The first course, “AM Security Overview” is a 6-hour virtual course aimed at high-level executives. The second course, “AM Security Inside-Out,” focuses on the technical details, such as known attacks and proposed defense measures, for SMEs. The courses are located on the America Makes Digital Storefront for use by America Makes members.
Two virtual training courses on cyber security for additive manufacturing were successfully created. These training courses benefit the members of America Makes by providing both a high-level executive brief on the overall risks and needs of cyber security as well as an in-depth review of the complexity and solutions to this issue. The training educates America Makes community members about topics like security threats, malicious actors, realistic attacks, and approaches to defend against these attacks as well as their current limitations. The version of the training for executives, “AM Security Overview,” intends to facilitate these decision makers to the challenges of securing AM against a broad variety of threats. This 6-hour training is at a more strategic level. The version of the training for the SMEs, “AM Security Inside-Out,” is oriented to both SMEs in AM who are not familiar with security and to SMEs in cyber security who are not familiar with AM. It prepares the SMEs for understanding technical challenges and for developing technical solutions addressing security threats in AM. The duration of this training sequence is two full days.
Other Project Participants
- Auburn University
- U.S. Department of Defense