Cyber-physical Vunerabilities in Additive Manufacturing Systems

One of the key advantages of additive manufacturing (AM) is its digital thread, which allows for rapid communication, iteration, and sharing of a design model and its corresponding physical representation. While this enables a more efficient design process, it also presents opportunities for cyber-attacks to impact the physical word. In this paper the authors examine potential attack vectors along the Additive Manufacturing process chain. Specifically, the effects of cyberphysical attacks, and potential means for detecting them, are explored. Based on the results of this study, recommendations are presented for preventing and detecting cyber-physical attacks on AM processes. 1. Cyber-Physical Vulnerabilities in Manufacturing Processes 1.1 Attacks on Cyber-Physical Systems Cyber-physical systems (CPS) are systems that integrate physical hardware with software systems, often with the use of a network. With the growth of the Internet of Things (IoT) the number of CPS systems on networks continues to increase [1]. Concurrently, cyber-attacks have become more prevalent in recent years, increasing in maliciousness and decreasing in visibility [1-3]. This poses a significant issue, as cyber-attacks on cyber-physical systems could result in damage to the machines themselves or the humans who interact with them. A prominent example of a cyber-physical attack was the Stuxnet worm that targeted Iranian centrifuges used for refining uranium. In this attack the worm was able to infect the software system and affect the physical hardware, causing damage to the centrifuges. By sending false data back to the operators, Stuxnet was able to make it appear as though the centrifuges were operating correctly, while it caused them to damage themselves. The ability of Stuxnet both to cause damage to physical systems and to hide itself illustrates the ability of a cyber-physical attack to disrupt manufacturing systems and the need for physical methods of detection [4]. Another example of a cyber-physical attack is the hijacking of insulin pumps. In this case a hacker is able to connect to a Bluetooth enabled insulin pump to control the dose of insulin given to the wearer. By increasing or decreasing the dosage of insulin, it is possible to cause serious injury or even death in the user. The currently security system for these pumps is insufficient to prevent a cyber-physical attack that could have potentially lethal consequences [5].