For years, aerospace and defense companies have used 3D printers to mass-produce precision parts. Guided by digital blueprints, the printers create solid objects from layers of metal powder. A new report, however, warns that hackers could reconfigure the machines' settings, turning them into volatile explosives.
According to the report just published by the National Institute of Standard and Technology, "the confidentiality, integrity, and availability of information processed, stored, or transmitted on replication devices" are increasingly vulnerable to cyber-intruders, since they are often "connected to organizational networks, have central processing units that run common commercial operating systems, store information internally on nonvolatile storage media, and may even have internal servers or routers."
That means that, not only could data be compromised, but hackers could interfere with the operations of 3D printers, committing various types of sabotage—some of which could be lethal.
As the technology news site NextGov reports:
3D printer explosions are not notional. The Occupational Safety and Health Administration in May fined Massachusetts-based printing outfit Powderpart $64,000 after a blast inflicted third-degree burns on a company employee. Powderpart failed to contain known sources of potential ignition, such as titanium and aluminum alloys, before the November 2013 incident, OSHA determined.
"The issue with powders is —because they are so fine—they could become volatile depending on the chemical composition," said Michael Chipley, a specialist in cyber-security for building control systems. "You probably don't want to have a whole lot of free particulates in the air that can undergo spontaneous combustions" at a production plant.
Chipley warns that a cyber-intruder could change the composition and proportions of the powdered metal used to print parts—essentially turning the 3D printer into an explosive device. Or, someone with malicious intent could use the same process to introduce material stresses.
A weakened printed part that makes it into an assembly line, "or even worse, out to a delivered product or system would require a recall and replacement," he added. Chipley said hopefully quality control processes would catch such errors, but nonetheless the facility would have to be shut down for repairs.
"Like all interconnected systems and devices, once a foothold has been established, then all nodes and other systems are at risk," Chipley said.