Cyber security in additive manufacturing

David Boström3D-printer, Software

Wematter as a company has a vision of making things smarter globally. That is why Wematter has an industry-leading cloud software strategy to unlock customers’ full global potential. This strategy is built on best-in-class security, focusing on protecting critical customer information in a way that guarantees business continuity and reduces risks. Wematter is keen on using best practices through repeatable processes in areas including:

  • Data transmission
  • Storage
  • Logging
  • Access controls
  • Cryptography
  • Management of third parties
  • Incident management
  • Tracking of threats
  • Continuous improvement

Cyber Security in General

The goal of all security work is to ensure that important assets are not exposed to unacceptable risk. Different types of organizations have different levels of acceptable risk. For example, the defense industry has a very low-risk acceptance level and thus allocates a considerable amount of budget to maintain air-gapped on-premise systems (computer systems that are physically isolated from potentially dangerous networks) and in-house solutions.

Most organizations take a balanced approach where they want to take advantage of the increased productivity and cost reduction of cloud-based solutions such as Amazon Web Services, Office 365, and similar SaaS (Software-as-a-Service) offerings. For most organizations, relying on cloud solutions will be more secure than developing & maintaining in-house solutions given typical budget constraints and the security competence available within the company.

Cyber Security at Wematter

Wematter Security Pillars

The primary security goal of Wematter is to protect customer 3D-models. With this goal in focus we have built our security architecture on the following pillars:

  • Limiting data storage
  • Encryption in transit and at rest
  • Two-factor authentication
  • Principle of least privilege
  • Software development best practices
Limiting data storage

Wematter HQ is located in Linköping, Sweden and we only use data centers located in Europe. Wematter has no interest in storing customer 3D models longer than necessary. As soon as the 3D-models have been sliced and a print started they can be removed.

Encryption in transit and at rest

Communication between the customer device and Deep Space as well as between the Gravity printer and Deep Space is always encrypted and authenticated with certificates. Data is always stored in encrypted form.

Two-factor authentication

To access Wematter Deep Space every user needs credentials that are given by a key account manager at Wematter. The invited user receives an email and must log in to Wematter Deep Space with their name and password to see the model. Login attempts must also be verified with two-factor authentication to ensure that a stolen password cannot be used.

Principle of least privilege

These access privileges of both people and computers are limited to the least amount necessary to perform the intended function. There are no people at Wematter who need the privilege to access customer 3D-models. The 3D-models are only accessible by the Wematter algorithms during the limited time of slicing and preparing the print.

Software development best practices

At Wematter all lines of code that get used by customers are peer-reviewed before being released. Additionally, a rigorous set of automated tests and static analysis tools are run on the code before it is qualified to handle customer data.

Security System Model

 

Wematter Security System Model

 

Examples of threats

In this section, we will provide examples of different types of threats and how they are blocked by Wematter security principles.

Stolen credentials

If a customer login or password is stolen it cannot be used to log in without tricking the customer to also provide two-factor authentication. However, even if the attacker manages to log in to the customer account there is no function to retrieve the 3D models that were sliced. 3D-models are sent one-way to Wematter.

Compromise of Wematter servers

Wematter utilizes Amazon Web Services, and all our servers are located in data-centers with solid physical perimeter defenses. In addition to this, all customer data is stored in encrypted form, and thus even if the data was leaked it is not usable by the attacker. Most importantly Wematter removes customer data as soon as possible limiting the time it is even stored on our servers.

Compromise of Wematter Gravity 3D-printer

Wematter uses a secure IoT-platform to perform verified application image deployments to the Gravity 3D-printer. The platform ensures that the operating system interfaces are fully locked down and all communication is end to end encrypted.

Also even if the hard disk of the Gravity 3D-printer was stolen the customer 3D-model is never stored on the disk but only in RAM-memory during the print.

Compromise of Customer IT-system via Wematter Software

The Wematter software avoids this threat by being an external system that is isolated from the customer IT-environment.

First of all the Wematter software runs in the web browser and does not involve installing any software on the customer devices. A web browser is a very mature and secure technology that runs web applications in a sandbox environment. A web application running in the browser does not have access to any files or data on the host computer. This is in contrast to some competing 3D-printing software that requires the installation of executable programs on the customer computer with full access to data and network interfaces.

Additionally, the Gravity 3D-printer does not need to be part of the customers’ internal network and can be connected to any public, guest, or lab network. The Gravity 3D-Printer also uses a Secure IoT platform and will only run verified images released by Wematter. This is in contrast to some competing 3D-printers which require a local connection between the computer and printer. They might even use USB-sticks which are known for being a way to sneak malware into internal systems.

Do you have questions about how your data is processed during our print process? Contact us today at sales@wematter.se or call +46 13 560 33 00 and we will be happy to tell you more! You can also download this article in pdf format below.

Cybersecurity in additive manufacturing

Download pdf

Send download link to:

I want to receive news and offers from Wematter