The marketplace—and pickpockets—of 3D printing
June 3, 2016
3D printing could enable and empower more products, designers, and customers. Will it enable more criminals, too?
This article first appeared on TheAtlantic.com.
Earlier this year, Queen Nefertiti returned to Egypt after spending more than a century in Germany. Her iconic ancient Egyptian bust, which German archaeologists found in 1912, has been on display in Berlin’s Neues Museum since 1912.
But two German artists believed the bust belonged back in Egypt. They managed to covertly scan the statue and create a 3D computer-aided design (CAD) file, which they plan to exhibit in Cairo. They also uploaded the file online, so that anyone with an internet connection can torrent the file to study or 3D-print their own Nefertiti busts.
This is a prime example of an emerging technology becoming available to and used by everyday people, not just scientific experts: In this case, no one got hurt and no money was moved. But it also demonstrates how 3D printing has the potential to put everything up for grabs, and the people who move in may have more ominous plans than those two artists.
Additive manufacturing—the creation of a 3D object by layering 2D cross-sections of material—has taken off across industries, allowing companies to quickly create, customize, and produce jewelry, auto parts, construction materials, prescription pills, prosthetics, and even food. If you can get the file, you can make it. Because of this, the blueprints themselves, like all digital materials, are magnets for hackers. There are plenty of innocent and democratizing ways 3D printing can be used, but all stakeholders in all industries will be in trouble if they don’t take cybersecurity surrounding their 3D printer designs and products seriously. The technology that makes 3D printing possible could turn manufacturing into a free-for-all. Its appeal is also its danger.
“Eventually, anyone will be able to make almost everything,” wrote John Hornick of the Finnegan IP law firm in Intellectual Property Watch. “No one else will know they made it or be able to control it, which I call 3D printing away from control.”
Industry expert Cindy Slubowski, Zurich North America’s vice president of manufacturing, likens 3D printing’s effects on society and commerce to that of the 20th century’s assembly lines. “The question for most manufacturers today is not when to adopt 3D printing, but how fast they can move to capitalize on its efficiencies and understand the risks,” Slubowski said in an article earlier this month.
It’s evident that 3D printing is only going to grow, as it makes headway in an increasing number of industries and as simplified versions become available as children’s toys. Gartner predicts that 3D printer shipments are forecast to more than double every year between 2016 and 2019, by which time worldwide shipments are expected to reach more than 5.6 million. But as 3D printing becomes a bigger part of the manufacturing market, what are the implications on that market’s security? The connectivity of the entire 3D-printing process, from design to manufacturing, makes it much easier for criminals with the right set of technical skills to invade and take advantage of the supply chain.
Counterfeiters have a lot to gain from 3D printing: Not only can they steal the design files to create cheap knock-offs (saving them R&D and material costs), but they can also create their own 3D-printable design files from pre-existing objects, the way the German artists did with the bust of Nefertiti.
Since assets in a 3D printing supply chain are largely digital—design files and blueprints, design and print software—in some ways, they’re more vulnerable than if they were physical. Hackers can do more than just steal: They can intentionally sabotage the designs of 3D-printed objects with the intent to harm. “Somebody could very easily get in, change that blueprint, and then all of the sudden, you're manufacturing something, and you have just created risk you probably didn’t realize you would encounter,” Slubowski says.
Last year, for example, the US Food and Drug Administration began approving 3D-printed prescription drugs for release. Slubowski posits that if hackers change just one milligram of a drug’s blueprint, the effects would have devastating health consequences. “If nobody touches that [altered design], we now have millions of false prescription drugs out there that are affecting people,” she says.
Even our national security is at risk. A 2014 Defense One article said that the Department of Defense and contractors like General Electric and Lockheed Martin have begun using 3D printing to produce parts for the military. Unfortunately, the Department of Defense is already a target of cybercrime, with a public 2013 report saying the agency and its contractors “have sustained staggering losses of system design information incorporating years of combat knowledge and experience.”
The Washington Post obtained the confidential version of the report, which listed designs for the PAC-3 missile system, F/A-18 fighter jet and Black Hawk helicopter — among others — as having been digitally compromised. Boeing is already using 3D printing to create more than 20,000 non-metallic parts, 150 of which are made for the F/A-18. If hostile groups get ahold of Boeing’s blueprints, they’ll gain a deep knowledge of the machinery—and any vulnerabilities it might have—that multiple countries use in their military forces. The damage could be deadly.
The art world, health care, the military: They’ve all been disrupted by 3D printing, and the security issues that arise in turn may be more than just disruptive. They could be dangerous. 3D printing is turning everything from car parts to prosthetic limbs into files, which can be stolen, altered, and replicated with abandon.
And legislation and security measures are struggling to catch up. “The reality of it is that none of this technology has seen a lawsuit. None of it's been tested in the courts.” Slubowski says. “Until something like that happens, we don’t have a precedent.”
The 3D-printing process would reshape the traditional supply chain of a countless number of products to such an extent that we don’t yet have a legal structure or guidelines or navigate it. According to Slubowski, defective 3D-printed products that were modified by hackers leave companies liable to lawsuits, even if the item that fails is a counterfeit. “Because they didn’t have the appropriate protocols in place to protect that information or check that information to make sure it was not modified.”
3D printing may eventually mean that everyone can make everything. The legal implications of that possibility are endless, but in the meantime, Slubowski believes companies looking to grab a piece of the $11 billion 3D-printing market will have to protect themselves from cyber crime by implementing counterfeit-detection measures and generally establishing strict, vigilant security policies internally. After all, the next 3D-printing hack may be targeting something even more valuable than the bust of a queen.