When 3D printing gets into the wrong hands
Bryan Borzykowski, Forbes May 10, 2016
3D printing is beginning to revolutionize how things are made, so it's crucial to understand the risks associated with the technology.
This article first appeared on ZurichVoice on Forbes.com
It's only a matter of time until 3D printing begins to revolutionize how things are made — the technology, for example, is already being used to produce airplane parts and medical devices. The 3D printing market is projected to jump from $1.6 billion in 2015 to $13.4 billion 2018, per research firm Gartner.
“The next industrial revolution will be 3D printing," said Cynthia Slubowski, vice president and head of manufacturing and wholesale trade distribution at Zurich North America. “But what's really interesting is not so much the 3D printer, but the materials they're using to print these different products, like bio-medicines. That's where we're seeing huge advances. But with those types of materials come risk."
Todd Grimm, a 3D Printing Association board member, describes the technology's advance as "the unknown. It lacks standards, lacks controls and lacks certifications — that's the risk.”
Realizing cyber risks
At this point, the blueprints for 3D products pose the biggest long-term risks. These are software files, just like any other, stored on a computer. If a hacker breaks into a system, he or she can either steal the template and print products on his or her own or manipulate the file a company uses in its printing.
“It's an entirely digital process," Grimm said. “We don't have a protection mechanism on that file, so we may not know that something has been changed."
One product category that's open to abuse in this way is 3D-printed drugs, Slubowski says. In March, the first 3D-printed drug to receive approval from the U.S. Food and Drug Administration started shipping to pharmacies across the country. It was a landmark event, and it could one day lead to the creation of medicines tailored to individual needs.
To produce a medicine, a template tells the printer how much of each compound to add into the drug's mix. That's not much different from how drugs are made now, although 3D printing makes it easier for companies to alter the mix. The danger, though, is that hackers could break into the drug-making program and alter the doses.
“If it's not protected properly, anyone can get in there and change the recipe," Slubowski said. “Think about the ramifications: If I wanted to cause terror, that's a pretty good way to do it — just change the drug mix for the blood pressure medication one's taking, and instead of decreasing blood pressure, it now increases it."
Weapons manufactured via 3D printing represent another area of concern. Some places, such as New South Wales, Australia, have banned such devices, and the U.S. State Department said in May, 2015 that permission had to be granted before 3D gun files could be posted online. The big risk for companies is not necessarily the guns themselves, but their blueprints.
“It's very possible that someone could steal them," Grimm said. “All of those instructions reside on a server somewhere."
If plans get stolen, the manufacturer could be held legally responsible should someone download the blueprint and produce a gun. It would also pose a PR nightmare if that illegally made weapon were used in some sort of attack, Slubowski says.
Companies also need to be aware of other potential concerns: What happens if something 3D-printed at someone's home does something it's not supposed to do? Who would be liable?
For instance, if a hammer were printed at a home renovation store and the hammer's head broke off and hurt someone, would the company that made the blueprint be responsible? Or would the responsible party be the home renovation store that provided the printer? Or would it be the person who made the tool?
Unfortunately, there's no simple answer to these questions. “We have not seen any litigation around these issues and traditionally that is what sets the precedent for issues in the future," Slubowski said.
Mitigating the risks
Typically, people get so excited over the possibilities of a new innovation that risk management gets set aside, but the risks are still real, Slubowski says. To mitigate those issues, companies should:
- Have a frank and open discussion around what could go wrong: Write down the worst case scenarios and think about how to deal with those problems, she recommends.
- Update internal processes: Most manufacturing companies spell out exactly how to operate their machines and what workers can do if the equipment fails. When 3D printers are incorporated into the manufacturing environment, those processes need to be revised, she says.
- Ensure that your cyber-security protection is up-to-date: That's a good practice for any company today, but especially for one whose 3D blueprints can be altered or stolen.
- Consider your insurance options: Zurich offers various products that can mitigate these risks, including coverage for cyber-related issues, supply chain mishaps and product liability.
However, insurance doesn't typically cover a company involved in an illegal activity — whether or not it was intentional.