From thomasnet: 4 Major Supply Chain Cybersecurity Risks Additive Manufacturers Must Avoid

Along with the many benefits Additive Manufacturing brings to design, production and supply chain processes, risks related to its digital nature should be closely examined. Read the full story on on Thomasnet from our co-founder Stephan Thomas.

Additive manufacturing (AM) has transformed the manufacturing industry by fundamentally changing how manufacturers across all sectors design, manufacture, distribute, and maintain products. AM enables a faster, more flexible supply chain that accelerates the prototyping process, decreases time to market, reduces waste, and better serves the needs of end customers.

But as this new manufacturing gains adoption, new challenges are emerging in the form of security vulnerabilities along the supply chain. If we assess these vulnerabilities as risks, they break down into four categories — these are risk categories that all manufacturers need to factor into their operations.

Risk 1: Loss of Control Over Intellectual Property

As manufacturing digitization explodes and additive manufacturing becomes more prevalent, companies will be forced to consider the implications of losing control over their digitized assets. IP and design theft cost businesses billions — if not trillions — of dollars every year.

IP theft cost in the US alone was estimated at $600 billion in 2017 and brand theft including counterfeit goods reached $1.2 trillion in 2017. Many of these incidents begin with the targeted misappropriation of design or manufacturing data.

In this context, manufacturing IP is not only the designs but also all data associated with the manufacturing process itself — representing months of research to determine optimum machine settings, materials, parameters, and so on.

In other words, the ingredients and the recipe need to be protected.

Getting a complex and highly differentiated product to market can easily require millions of dollars of research, design, testing, development, manufacturing, and marketing — and many years of time investment. Every year brings new rivals, novel solutions, and greater potential for theft.

Whether entering a new market, incorporating connected products into their existing solutions, or exploring new manufacturing processes, manufacturers must implement impregnable techniques coupled with legal strategies and a top-down risk awareness culture that protects their IP as they make the transition to distributed manufacturing.

Risk 2: Loss of Control Over the Production Process — and Quality

With additive manufacturing today, anyone who has the right 3D printer and materials, along with the digital design files of a part, can manufacture a replica of the ‘legitimate’ part. Security technology can prevent this from happening by controlling under which conditions and rules a part can be made from its digital blueprint. This also addresses the issue of whether the part can be made, by whom, on which machine, and in what quantity.

But what about quality control? Additive manufacturing offers the possibility of fabrication using a wide variety of materials, and let’s not forget that additive manufacturing only recently transitioned from the world of prototyping in R&D labs to becoming a legitimate production process on the factory floor. Machine parameters, part positioning, and material quality are critical to ensure manufacturing of complex parts to the correct specifications and standards.

This risk is substantially amplified when we move from centralized manufacturing to distributed manufacturing. It’s relatively easy to manage this quality risk internally, but much more difficult to manage once manufacturing data is shared with legitimate third parties for production (or, worse, stolen for unauthorized production).

Unauthorized manufacturing may lead to sub-standard quality part, a potential costly recall, or a failure that could disrupt entire systems. Any deviance from what has been defined as the original digital “recipe” for the part can create an immense —and possibly lethal— quality risk.

Risk 3: Loss of Control Over Traceability

The assurance of integrity and traceability of any manufactured product is critical to prevent counterfeit, maliciously modified, poor quality, or uncertified parts from entering the physical supply chain. Until recently, manufacturers depended on paper-based records to maintain a history of which components were added to an assembly, when, and from which supplier.

In the aerospace industry, for example, manufacturers are required to keep up to nine years of documentation; in some cases, this means crates and crates of paper records that need to be reviewed to understand when a flawed component was introduced.

Today, with the increase of additive manufacturing techniques, manufacturers must be even more vigilant for the possibility that a part or component may have been tampered with. Cybersecurity technology offers a way to address these concerns by registering and authenticating each step of its life — from design through to physical fabrication.

Sometimes referred to as the ‘digital thread,’ these secure and immutable transactions enable any manufacturer to precisely trace how any part or device was manufactured and then determine recalls and address production issues at the root cause. This will provide significant cost reductions and provide additional quality assurance measures.

Risk 4: Loss of Control Over Product Design Could Imply Enormous Liability

Beyond the business and brand reputation risks of counterfeit product are considerations of how counterfeit products and parts will perform.

In order to stand behind their warranties, MTBF, and other performance assurances, manufacturers must be certain each component meets their quality standards. This has particular relevance for heavy equipment such as gas turbines and trains.

Manufacturers must also protect consumers from harm caused by their product and are liable for injury or property damage caused by any defect. When defending such claims, the manufacturer could plead that it was not the producer of the counterfeit product, or that the product included a component that, unbeknownst to the manufacturer, was in some way defective. Either way, this is likely a lengthy and expensive legal headache.

In all such cases, there is a heavy burden on every manufacturer to ensure the integrity of all parts and components along its supply and manufacturing chains. In practice, this means it is essential to be absolutely confident that the digital information that describes a product’s design and manufacture cannot be stolen, modified or corrupted. Without a secure method to protect this information, a manufacturer exposes itself to potentially enormous liability risk and legal costs.

Cybersecurity for Additive and Subtractive Manufacturing

As manufacturers embrace digital manufacturing techniques, they must consider techniques and technology to protect manufacturing data, to control and manage usage of these data, and to maintain decentralized and unalterable records of these movements.

Additive and subtractive manufacturing require the adoption of cybersecurity technology to encrypt, distribute, and trace the digital flow of parts — and to prevent counterfeits while ensuring that maliciously modified, substandard, or uncertified parts cannot be placed into service.

Original post on Thomas Insights — every day, we publish the latest news and analysis to keep our readers up to date on what’s happening in industry. Sign up here to get the day’s top stories delivered straight to your inbox.