Cybersecurity risks and mitigation strategies in additive manufacturing

Review Article


Cybersecurity is a critical issue in additive manufacturing (AM), since AM relies on digital files and network connectivity. In this work, we first review several major cybersecurity risks and mitigation strategies in AM industry. Based on the review, we propose a new framework to detect threats and assess vulnerabilities in AM process. We also suggest a new technique of encrypting 3D model information using 2D images which may provide enhanced cybersecurity in AM process.


Additive manufacturing 3D printing Cybersecurity Cyberattack 

1 Introduction

Additive manufacturing (AM) or 3D printing is especially vulnerable to cyberattack, due to AM’s reliance on digital files and connectivity, and the impact on multiple parties through the supply chain [1]. AM has revolutionized the conventional manufacturing industry by how physical products are designed and produced. Designs are created digitally, and, via connected printers and production lines, can theoretically be manufactured anywhere, at any time, and by anyone with the means to do so [2]. AM’s reliance on digital files and connectivity can also open the process up to entirely new types of cyber threats, from product malfunctions to intellectual property theft and brand risk [1]. Given the highly connected environments manufacturers work in, and the pace of technological change they face, cyber risk is a top-of-mind industry issue [1]. Moreover, these systems are entrenched towards further moving into a larger interconnected network with social manufacturing already an established concept. The Framework Programme (FP) of the European Union states that network in future society will be based on four pillars: Internet by and for People, Internet of Contents and Knowledge, Internet of Things, and Internet of Services [3]. Similarly, future manufacturing will be supported by the four pillars [4].

The severity of damage to manufacturing industry caused by a cyber attack was demonstrated, when a German steel mill was the target of a cyber-physical attack that led to the critical parameters to become unregulated [5]. It caused massive damages in the blast furnace, which eventually led to the death of two workers [5]. Such attacks show that there is an urgent need to understand the cyber attacks in AM industry, the methodology to detect the cyber threats, and measurements to safeguard the AM process.

This paper is aimed at providing a brief overview of the cyber security issues in AM industry. Section 2 shows the framework for assessing different cyber security threats in AM process, and a variety of threat detection methodologies. Section 3 provides several emerging solutions to safeguard AM process. Section 4 summarizes the findings and provides recommendations.

2 Framework for assessing cyber security threats in AM process

2.1 Flow chart of AM process

In order to provide solutions to safeguard AM process from cyberattacks, it is important to understand the AM process itself and the steps involved in the process.

As shown in Fig. 1, the lifecycle of an AM part can be broadly put forth as follows:

Fig. 1

Flow chart of additive manufacturing process

  1. 1.

    Idea This stage involves the ideation of the part to be made based on functions and available resources. This would involve setting the parameters of the part to be made, the particular systems to be used to make the part and the materials for the part.

  2. 2.

    CAD tool Once the part parameters are decided, a CAD software is used to make a digital copy of the part with all its information. This stage takes ideas as input and outputs a CAD file with information that could be used as input for a tooling software.

  3. 3.

    Slicing algorithm The 3D printing process for a part is done layer by layer. The tooling requires the part to be sliced up into layers on a plane. The input CAD model is converted into an STL file in this stage with the STL file containing information that could be read by an AM system.

  4. 4.

    Slicing algorithm The slicing algorithm translates STL file into a series of G-codes for the AM system to print the part as per requirement.

  5. 5.

    Additive manufacturing unit The AM system does the printing work of the part. This contains a firmware connected to the printing hardware that can read the G-codes converted from the input STL file.

  6. 6.

    Finishing The 3D printed part is taken through a finishing process to get the final part.


As shown in the flow chart in Fig. 1, AM process involves AM machines, computers, software, and other digital machinery, etc. The connections among these assets account for the routes of information exchange within the facility and to the outside world, both physical and wireless. Additionally, people or systems could exchange information into/out of the system [1].

2.2 Existing techniques to assess cyber threats in manufacturing process

In terms of assessing the cyber security threats, the research is still nascent on the potential vectors of attacks on AM systems. Different frameworks have been proposed to have a structured process to combat the potential threats. The challenge is to design a counter to these attacks without burdening and slowing down the system, which usually is the case when a security system is in place. Most of these frameworks discussed below in this section were aimed at conventional manufacturing process with digital connections, but the concept can be expanded to include the AM process.

Lanotte et al. [3] provided a formal theoretical foundation to reason about and statically detect attacks to physical device in cyber physical systems (CPSs). They proposed a hybrid process calculus called Calculus of Cyber Physical System and Attacks (CCPSA) to model the components of CPS and cyber physical attacks. The model groups the attacks into classes and defines a top attacker. It defines the criteria to measure the tolerance vs vulnerability of the system for this top attacker and reasons that all other attacks can be formally tackled by the same criteria. Combita et al. [6] used game theory to reason out the difference between attacker and the security system with a conflict of goals, with the attacker intending to maximise damage to the system and the security working to minimise the damage. Desmit et al. [7] considered that the area to evaluate and predict cyber physical attack is at the intersection of cyber, physical, cyber physical and human entities in a manufacturing process. They proposed intersection mapping to identify points of vulnerability and propose impact analysis of intersection with decision trees that provides a scale to classify the vulnerabilities into low, medium and high levels. Once the intersections are mapped, an impact analysis is carried out at these junctions using metric characterising intersections which include: (a) Loss of information, (b) Inconsistency, (c) Relative frequency, (d) Lack of maturity, and (e) Time until detection. Each of these is ranked low, medium, and high indicating their vulnerability Impact. Decision trees are then made for each of these metrics that are easily repeatable for different situations. Some details are as follows [8, 9]:

  1. 1.

    Loss of Information metric Deals with information loss or modification at nodes. For this metric each type of intersection (human–human, human-cyber etc) will have separate decision trees.

  2. 2.

    Inconsistency metric Deals with the range of paths that an operation can take, focussing on repeatability of a process. Inconsistency can arise from different operators to slight change in machine set-up.

  3. 3.

    Relative Frequency Deals with the repetition of the same intersection. For example, the errors would be less if the same CAD file is used to make parts for the entire year relative to the errors that could come with multiple CAD files.

  4. 4.

    Lack of Maturity Deals with the trust in the system and the proficiency of the operator executing the process.

  5. 5.

    Time until Detection metric: Deals with the frequency at which a node in the process is inspected and the subsequent number of nodes that exist between inspections.


2.3 New framework for assessing threats in AM process

Based on the discussion above, we adopt the key ideas in the traditional manufacturing discussed in Sect. 2.3 and propose a new framework to assess the cyber security vulnerability in additive manufacturing industry, as shown in Table 1.

Table 1

Threats or vulnerability assessment for a typical AM process



Loss of information


Relative frequency

Lack of maturity

Time until detection









CAD tool and file







Slicing algorithm







Tooling algorithm







3D printer







Final part check






For each stage of the process, different vulnerability points are assessed. The individual metrics are measured for success at these stages and a rank is also assigned.

  1. 1.

    Idea The biggest hurdle during the ideation phase for the process is related to issues with maintenance of data. The validity of design is dependent on the competence of the group in charge. The information of the part parameters then should be safeguarded against intellectual property theft. Loss of information is a risk that may delay the project and that will be the major factor at this stage.

  2. 2.

    CAD tool and file This step in the process is the most valuable in terms of information, as it contains all a part’s geometric data. If connected to a product lifecycle management (PLM) software suite, the model could also include information related to simulated performance (e.g., results from finite element analysis, computational fluid dynamics, multi-physics simulations, etc.), failure modes, and the associated parameters of the part’s intended use.


In terms of CAD files, the complex nature and proprietary format of most CAD files make it more difficult for an attack to directly alter the part file; however, one could be designed to do so. For example, a CAD file for a crankshaft could be altered to reduce the area of the load bearing member, resulting in premature failure. Any corruption at this phase would propagate through the entire process chain, resulting in a part that is “bad” from start to finish. However, because parts may still be edited during the CAD phase, and the use of revision management in PLM software, the chances of detecting an attack are increased. There is another danger of the files being stolen at this stage. For Example, the ACAD/Medre worm that led to a leak of AutoCad drawings from Peru. The worm emailed AutoCad drawings and client files to a host of email ids accessible to the operator of the worm. There have been ransomware attacks that would freeze critical files in a computer and would only be released if a ransom is paid to the attacker.

  1. 3.

    Slicing algorithm All the modelling data are lost as the files are converted to STL format. Despite this loss of information, a theft of a STL file is still costly as it (1) contains all of the information needed to fabricate the geometry of the part (which could result in the production of counterfeit copies), and (2) the surface geometry data can be attacked to nefariously change part geometry.


As an example, apart from theft of the STL file, the attackers could undermine the process by introducing defects in the form of void encapsulation into the part that may lead to the part losing considerable strength. In this case study by Sturm et al. [8], a void was ‘printed’ into an ASTM standard D638-10 tensile test specimen part and its effects on the mechanical strength of part were assessed. The study showed that there was a direct effect of the voids on the viability of the part as the part lost sufficient strength as shown in Fig. 2. Also, several specimens were tested with different void sizes and their effects were evaluated as shown in Fig. 3.

Fig. 2

(Left) Uninfected dogbones breaking at the gauge section. (Right) Infected dogbones breaking at the void location within the specimen neck [8]

Fig. 3

Load and strain data of parts with and without voids [8]

  1. 4.

    Tooling algorithm Following the slicing algorithm, the tooling algorithm generates G code for AM machine. The likelihood to attack the tooling algorithm is relatively high.


Moore et al. [10] has conducted a case study on the potential attack on a firmware connected to the 3D printer. The study involved modifying the G codes used to print the required part by instructing the program to initiate an incorrect sequence of instructions when the print command was executed. A malicious firmware mimicking the existing set-up was installed in the system to achieve this result. Moore et al. [11] have similarly identified issues with the firmware, the USB channel linking the printer to the computer and the architecture in general. Their analysis discovered language and hardware dependencies that may induce additional attack vectors.

  1. 5.

    AM system The AM system is susceptible to different kinds of attacks ranging from a direct attack to the firmware operating the system or information thefts from side channels.


Zeltmann et al. [12] have suggested that the printing direction could also be altered which would pass completely undetected. The 3D printed parts are sensitive to print direction and may lose mechanical strength value significantly. This has serious consequences as the part would be indistinguishable from the required part but would cause failure in the system. In their case study they altered the print direction of the part and conducted tensile strength test on them as shown in Fig. 4. There was a definite change in the mechanical properties of the parts, and thus this method of attack on firmware could lead to catastrophic failure under use. These defects are impossible to detect as there are no differences, even under non-destructive testing (NDT) scans, between parts printed in different directions.

Fig. 4

Stress–strain curves for representative specimens fabricated in three different orientations [12]

Zhang et al. also examined the effect of printing orientation on the tensile and creep behaviors of 3D printed acrylonitrile butadiene styrene (ABS) [13]. They conducted a systematic characterization on the mechanical properties. Specifically, the effect of printing orientation on the tensile and creep properties is investigated. The results show that, in tensile tests, the 0° printing orientation has the highest Young’s modulus of 1.81 GPa, and ultimate strength of 22.4 MPa (Fig. 5). In the creep test, the 90° printing orientation has the lowest k value of 0.2 in the plastics creep model, suggesting 90° is the most creep resistant direction (Fig. 6). Such drastic changes in mechanical properties can even be used to weaponize an AM system. For example, compromise on the properties of a blade of a jet engine manufactured by an AM process can have fatal consequences [14].

Fig. 5

Stress–strain curves of three printing orientations [13]

Fig. 6

Creep elongation vs. time of three printing orientations [13]

  1. 6.

    Final part check This stage involves the quality check of the finished part for inconsistency or defects. Some defects in the AM process like dramatic change in Cad CAD model can be found out through routine inspection. But the encapsulation of voids requires expensive NDT methods. The alteration in print direction cannot be detected at all.


Sturm et al. [6] in the same study evaluated the likelihood of AM operators to detect the attack. In this study, 5 groups of students were given 3D printed parts. One group among them was given the part with a void that did not cause failure, and the other four groups were given parts with voids that caused failure at certain location. The students were not told about the existence of voids. Of these groups only two actually observed the parts being printed and among those only one observed the presence of the void, which they dismissed as being a ‘divot’. All four teams with the performance affecting void noticed premature failure of the part on testing. Two of them attributed the failure to the presence of voids with one team recognizing it as ‘divot’ they would have seen earlier. None of the teams attributed the presence of voids to possible cyber-attack. They all assigned the issue to malfunctioning of the AM system. Thus, we can see that the voids can pass undetected and that these usually will result in failure in engineering use.

2.4 Threat detection methodology

Chettri et al. [15] proposed a detection methodology called Kinetic Cyber-attack detection (KCAD), which uses analog emissions such as acoustics, electromagnetic emissions, etc., from the side channels of AM as parameters for attack detection. They model the functionalities of the system by mapping analog emissions with respective cyber domain data. The KCAD model can be placed to monitor the information flow in any stage of the process. This non-intrusive model runs simultaneously with the AM process. Its major components are as follows: (1) Analog emission sensors Sensors used to measure the aforementioned analog emissions from the AM system. The placement of the sensors depends on choice of side-channel that needs to be measured. (2) Pre-processing and feature extraction Pre-processing removes the known noise signals from the analog emissions that are independent of the control parameters. (3) Interpreter The control parameters used takes the help of interpreter to convert their codes to a machine command. These signals are then sent to a detection model. (4) Detection model The architecture requires continuous training to improve its detection skills. It is a supervised model that learns from the data and its interpretations over a period to calibrate its understanding of threats.

3 Emerging solutions to safeguard AM process from cyber threats

We see that the AM process potentially has threats at different stages. It warrants different types of solutions. One of the new solutions would be improved encryption on CAD data or better fault detection at the end of the process, using 2D images to represent 3D models. The work of Sinha et al. [16] in producing 3D models from 2D images using deep residual networks is a promising methodology that could be explored for safeguarding the CAD model. The network learns a meaningful representation of shape surfaces allowing it to interpolate between shape orientations and poses, invent new shape surfaces, and reconstruct 3D shape surfaces from previously unseen images as shown in Fig. 7.

Fig. 7

3D reconstruction of rigid surfaces from a single RGB image. a Results on test dataset for reconstructing the 3D shape surface of cars (top) and airplanes (bottom) from a single RGB image. b, c Comparing Sinha et al. method to the PASCAL 3D + Kar et al. method for car (b) and aeroplane (c) dataset [16]

Thus, through storing 3D CAD data in simple 2D images allows for greater freedom in encryption without losses. This could then be converted back to 3D model at the user end for final AM part check step. Here, a process can be established to compare the sent CAD model to the received one. The 2D image of the CAD model should match to the key 2D image that is sent along with it, establishing a key based security.

4 Concluding remarks

In this work, we review major existing cyber threats in AM industry, and several existing techniques to protect AM process from cyber attack. We propose a new framework to detect threats and assess vulnerabilities in AM process, with case studies in literature. We also suggest a new technique of encrypting 3D model information using 2D images which may provide enhanced cybersecurity in AM parts.

In conclusion, currently there is still no universal solution to solve all cyber security issues in AM industry. There is an on-going need of collaborative effort between AM machine manufacturer, AM software developer, end user, and government agencies to provide a comprehensive solution to this critical issue.



JZ acknowledges the financial support provided by Walmart Foundation (project title: Optimal Plastic Injection Molding Tooling Design and Production through Advanced Additive Manufacturing).

Compliance with ethical standards

Conflict of interest

On behalf of all authors, the corresponding author states that there is no conflict of interest.


  1. 1.
    Brown J, Ezzard J, Goldenberg S, Haid J (2017) 3D opportunity and cyber risk management.
  2. 2.
    M. Cotteleer, Joyce J (2014) 3D opportunity: Additive manufacturing paths to performance, innovation, and growth,” Deloitte Review 14
  3. 3.
    D. Papadimitriou (2009) Future internet: the cross-ETP vision document. Accessed 26 Dec 2017
  4. 4.
    X Yao, Z-T Lian, Y Yang, Jin H (2014) Wisdom manufacturing:new humans-computers-things collaborative manufacturing model. Comp Int Manuf Syst 20:1490–1498Google Scholar
  5. 5.
    RM Lee, MJ Assante, Conway T (2014) German steel mill cyber attack—SANS ICS
  6. 6.
    LF Cómbita, J Giraldo, AA Cárdenas, Quijano N (2015) Response and reconfiguration of cyber-physical control systems: A survey. In: 2015 IEEE 2nd Colombian Conference on Automatic Control (CCAC). pp 1–6Google Scholar
  7. 7.
    Z DeSmit, AE Elhabashy, LJ Wells, Camelio JA (2016) Cyber-physical vulnerability assessment in manufacturing systems. Procedia Manuf 5:1060–1074 /01/01/ 2016.CrossRefGoogle Scholar
  8. 8.
    LD Sturm, CB Williams, JA Camelio, J White, Parker R (2017) Cyber-physical vulnerabilities in additive manufacturing systems: a case study attack on the.STL file with human subjects. J Manuf Syst 44:154–164 /07/01/ 2017.CrossRefGoogle Scholar
  9. 9.
    ESET (2017) ACAD/Medre.A 10000′s of AutoCAD Designs leaked in suspected industrial espionage.
  10. 10.
    SB Moore, WB Glisson, Yampolskiy M (2017) Implications of malicious 3D printer firmware. In: Proceedings of the 50th Hawaii International Conference on System Sciences (HICSS), pp. 6089–6098Google Scholar
  11. 11.
    S Moore, P Armstrong, T McDonald, Yampolskiy M, (2016) Vulnerability analysis of desktop 3D printer software. In: 2016 resilience week (RWS), pp 46–51Google Scholar
  12. 12.
    E Zeltmann, N Gupta, NG Tsoutsos, M Maniatakos, J Rajendran, Karri R (2016) Manufacturing and Security Challenges in 3D Printing JOM 68, pp 1872–1881CrossRefGoogle Scholar
  13. 13.
    H Zhang, L Cai, M Golub, Y Zhang, X Yang, K Schlarman et al (2017) Tensile, creep, and fatigue behaviors of 3D printed acrylonitrile butadiene styrene. J Mater Eng Perform. Scholar
  14. 14.
    M Yampolskiy, A Skjellum, M Kretzschmar, RA Overfelt, KR Sloan, Yasinsac A (2016) Using 3D printers as weapons. Int J Crit Infrastruct Prot 14:58–71 /09/01/ 2016.CrossRefGoogle Scholar
  15. 15.
    SR Chhetri, A Canedo, Faruque MAA (2016) KCAD: kinetic cyber-attack detection method for cyber-physical additive manufacturing systems. In: 2016 IEEE/ACM International Conference on Computer-Aided Design (ICCAD), pp. 1–8Google Scholar
  16. 16.
    A Sinha, A Unmesh, Q Huang, Ramani K (2017) SurfNet: Generating 3D shape surfaces using deep residual networks (arXiv170304079S)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Mechanical and Energy EngineeringIndiana University-Purdue University IndianapolisIndianapolisUSA

Personalised recommendations