Army must do more to tackle cyber threats against 3D printing, Watchdog says


A Pentagon watch report warns the military is not doing enough to secure its 3D printing technology – an area the Defense Department and several military branches have touted as “breakthrough technology.”

The Defense Ministry Inspector General’s Report, released July 1, says the military misclassifies the military’s 3D printing programs, officially known as additive manufacturing, or AM, and leaves them behind. vulnerable to cyber attacks.

“Users viewed AM systems as ‘tools’ for generating supply parts instead of computer systems that required cybersecurity controls,” the report said.

Read more : A soldier sentenced for his role in the Fort Bragg Sham alliance

He warned that unless the Defense Department properly protects the confidentiality and integrity of its 3D printing systems, hackers “could compromise AM systems to steal design data or gain access” to networks. of the DoD.

3D printing begins to be used in major military programs. In early 2019, an Air Force unit used a printed part to maintain an F-22 Raptor. Around the same time, the Marines printed a concrete gangway. More recently, the Air Force and Marine Corps have touted the tools created by service members that have the potential to save money and time in both branches.

The Defense Department’s own strategy paper on additive manufacturing says the technology will help the military “build a more lethal and ready force” and notes that a key goal is to integrate it into its regular manufacturing.

However, unless properly secured, the new technology could not only be crippled by foreign hackers, but it could also give adversaries advantages they did not previously have, according to Peter Singer, senior researcher at the New America think tank and cybersecurity expert. and cyber warfare.

One problem would be “a foreign attacker who steals your IP [intellectual property], like a design, “Singer told in an email.” So they get your hard work and innovation for free and catch up faster – a specialty of the PLA [China’s armed forces]. “

There is also the risk that hackers “could alter the information (…) such as by subtly altering the design or manufacture, so as to compromise it in one way or another,” he added. .

Another key issue identified in the report is the continued failure to update computer operating systems.

“The need to update operating systems is essential to protect AM computers and the printers connected to them,” he noted.

Sailors from the Southwest Regional Maintenance Center (SWRMC) observe the transformation of their computer-aided software (CAD) design into a part printed using a Lulzbot TAZ 3D printer during additive manufacturing training in San Diego April 8-12, 2019. The course, taught by instructors from Naval Sea System Command is specially designed to provide sailors with the tools to become technical experts in the design and production of AM parts for use with 3D printers installed on four Navy ships based in San Diego, with plans for future installation across the fleet. (Molly Rhin / US Navy)

The report cited a 2019 incident in which Microsoft released more than 197 operating system vulnerability fixes. One closed a vulnerability “that allowed attackers to gain unauthorized access to a single computer and then use that access to connect to other computers,” he said.

The report’s authors gave credit to the military for making changes as a result of auditors’ visits, and Singer agreed that the military was doing some things right.

“It’s better, by far, than most of the private sector,” he said. “But, obviously, he’s nowhere near where he needs to be, as Pentagon leaders themselves would say.”

Outside groups have noted for years that the Pentagon does not prioritize cybersecurity early on in the acquisition process.

The main focus of the Inspector General’s report recommendations is to ensure that orders that have 3D printing technology treat it like any other computer system in the Department of Defense.

Despite the Pentagon’s chief information officer, or CIO’s disagreement, the orders that were audited – five in total – largely agreed with the changes suggested in the report. The IOC argued that existing policies are adequate; Just tell the orders that additive manufacturing systems must be subject to existing rules.

Singer said cybersecurity vulnerability reporting will be an ongoing issue.

“Alas, this [report] is not the first and it will not be the last, “he said.

– Konstantin Toropin can be contacted at [email protected] Follow him on twitter @ktoropin.

Related: Sailor Invented Truck Tool Now Available For All Corps Units

View full article

© Copyright 2021 All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Source link


Comments are closed.