April 30, 2021
Pathfinder Phase I: Securing 3D Printers in Manufacturing
MxD is partnering with the Department of Defense in the evaluation and development of a risk assessment for additive manufacturing (3D printers) as 3D printers do not currently meet the NIST Cybersecurity Risk Management Framework (RMF). The RMF currently functions as a set of criteria that dictate how the United States government IT systems must be architected, secured, and monitored.
The National Institute for Standards and Technology (NIST) Cybersecurity Risk Management Framework (RMF) dictates how United States government IT systems must be architected, secured, and monitored. Additive manufacturing does not currently meet the requirements in the RMF. Because Department of Defense contracts do not define the security requirements of 3D printers, there is no consistent way to assure that printers in use throughout the defense industrial base are secure. As modern printing and imaging solutions become more versatile and sophisticated, cybercriminals will actively turn these innovations into vulnerabilities unless a systemic manner of assuring their cybersecurity is developed.
Proposed Solution
The evaluation of a standalone 3D printer from MarkForged will produce the development of an extensive reference guide, which will include a scoring mechanism for any additive manufacturer to validate their equipment. A risk assessment report, which will include current system vulnerabilities, and a system security plan for a non-classified environment will be produced during this project.
Impact
Present-day 3D printers have to handle connections to enterprise networks, desktops, laptops, tablets, smartphones, cloud, and other remote devices. Applying NIST’s RMF will guide manufacturers of 3D printing systems and their end users to improve security and reduce the threat of cybercriminals hacking, damaging, or otherwise corrupting these systems.
Outcome
The project outcomes contained reporting documents such as, the System Security Plan which documents detailed system categorization and system boundaries along with a risk assessment report which is a workbook identifying current system vulnerabilities and security objectives and finally, a STIG checklist which provides a grading sale for each security technical implement guide (rule).