3D opportunity and cyber risk management

Cyber threats are not new. In fact, it is difficult to find an industry sector, technology, or organization that is immune to cyber risks. Examples of particularly damaging cyber attacks have been heavily covered in the news, including attacks leveraging such tactics as worms, spear phishing, and hacking. One worm, Stuxnet, was used to infiltrate Iran’s nuclear enrichment program, taking over centrifuges, causing them to spin out of control and become damaged. Many other examples of cyber attacks exist and can lurk in connected objects or software, including consumer digital equipment, smartphones, and USB-connected devices such as e-cigarettes, thumb drives, digital picture frames, and USB chargers.

Additive manufacturing (AM) is one area where cyber risk poses an especially significant danger. AM, also commonly known as 3D printing, alters the way in which physical products are designed and produced. Designs are created digitally, and, via connected printers and production lines, can theoretically be manufactured anywhere, at any time—by anyone with the means to do so.

The digitalization of physical products through AM may prove to be disruptive, opening up new opportunities to revolutionize the supply chain and create new parts and products that were previously impossible using traditional manufacturing. Indeed, the benefits and opportunities provided by AM are significant and have been explored in depth throughout Deloitte’s 3D Opportunity series. Manufacturers across sectors—from health care and automotive to aerospace and defense—are realizing AM’s many benefits in optimizing product designs, printing at or close to point of use, streamlining inventory management, and saving resources and costs through-out the product life cycle. Its use is expected to grow significantly, from $4.1 billion in 2014 to more than $21 billion globally by 2020.

But AM’s reliance on digital files and connectivity can also open the process up to entirely new types of cyber threats, from product malfunctions to intellectual property theft and brand risk, along with other new threats conventional manufacturers may not face. For example, the data generated about an object during the AM design and production processes can be considerable, generating a strand of information that runs through the AM object’s lifespan known as the digital thread—and creating a trove of potentially vulnerable information.

Developing a comprehensive AM cybersecurity approach is further complicated by the fact that cyber risk implications of AM affect multiple parties throughout the supply chain, from suppliers to owners, managers, and purchasers of AM systems, to distributors and purchasers of AM products. Cyber risk can impact each stage of the digital thread, from design and scan, to quality assurance and printing, to use in the field, and even disposal of the AM objects or printers.10 Indeed, AM’s existence at the intersection of the digital and physical worlds mean that, while companies seeking to apply AM must protect their digital assets, cyber risk extends to both the physical and logical objects associated with the entire process.