Cyber security in additive manufacturing

David Boström3D-printer, Software

Wematter wants to make things smarter globally. That is why Wematter has developed an industry-leading cloud software strategy to unlock customers’ full global potential in an internet of things. This strategy is built on best-in-class security, which focuses on protecting critical customer information to assure business continuity while reducing risk. Wematter is keen on using best practices through repeatable processes in areas including:

  • Data transmission;
  • Storage;
  • Logging;
  • Access controls;
  • Cryptography;
  • Management of third parties;
  • Incident management;
  • Tracking of threats; and
  • Continuous improvement.

 

Cyber Security in General

All security work aims to ensure that important assets are not exposed to unacceptable risk. Different types of organizations have different levels of acceptable risk. The defense industry, for example, is very risk-averse; that sector allocates a considerable amount of its budget to maintain air-gapped on-premise systems (computer systems that are physically isolated from potentially dangerous networks) and in-house solutions.

Most organizations take a balanced approach where they want to take advantage of the increased productivity and cost reduction of cloud-based solutions such as Amazon Web Services, Office 365, and similar Software-as-a-Service (SaaS) offerings. Relying on cloud solutions will be more secure for most organizations than developing and maintaining in-house solutions. Typical budget constraints and the security competence available within the company dictate the approach.

 

Cyber Security at Wematter

Wematter Security Pillars

Wematter’s primary security goal is to protect customers’ 3D models. We have accordingly built our security architecture on the following pillars:

  • Limiting data storage;
  • Encryption in transit and at rest;
  • Two-factor authentication;
  • Principle of least privilege; and
  • Software development best practices.

Limiting data storage

Wematter’s headquarters, located in Linköping, Sweden, only uses European data centers. The company also refuses to store customer models longer than necessary, which means that as soon as a 3D model has been sliced and printing begins, the model is deleted.

Encryption in transit and at rest

Communication between the customer’s device and Wematter’s Deep Space software, and again between Gravity printers and Deep Software is always encrypted and authenticated with certificates. Data storage in Wematter’s servers or on the company’s devices is similarly encrypted.

Two-factor authentication

Every user that accesses Wematter Deep Space needs credentials furnished by a key account manager at Wematter. The invited user receives an email and must log in to Wematter Deep Space with their name and password to access the model. Login attempts must also be verified with two-factor authentication to ensure that a stolen password cannot be used.

 

Principle of least privilege

Access privileges for people and computers are limited to the least amount necessary to perform the intended function. No one at Wematter, for example, needs the privilege to access customer 3D-models. The 3D models are only accessible by the Wematter algorithms during the limited time it takes to slice and prepare the print.

 

Software development best practices

Lines of code that are destined for use by customers are peer-reviewed before being released. A rigorous set of automated tests and static analysis tools are run on the code before it is qualified to handle customer data.

 

A graphic representation of Wematter's security system

A graphic representation of Wematter’s security system

 

Examples of threats

Wematter’s security system blocks a range of threats so that customer models are kept secure throughout their time in Wematter’s system.

Stolen credentials

3D-models are unidirectionally transmitted to Wematter’s servers. When a customer login or password is stolen, it cannot be used to log in without tricking the customer to also provide two-factor authentication. Even if the attacker manages to clear the two-factor authentication and log into the customer’s account, there is no function to retrieve 3D models that have already been sliced. These models are not transmitted back to the customer; they are instead purged from the server.

Compromise of Wematter’s servers

Wematter uses Amazon Web Services, and all our servers are located in data centers with solid physical perimeter defenses. All customer data is also stored in encrypted form so that, even if the data is leaked, it is not in usable form. The attacker would have to break through additional, file-specific encryption to access industrial secrets. These systems are complimented by Wematter’s short-term data retention policy. We remove customer data as soon as possible, thus limiting the time that it is able to be attacked on our servers.

Compromise of Wematter Gravity 3D printer

Wematter uses a secure IoT-platform to perform verified application image deployments to the Gravity 3D-printer. The platform ensures that the operating system’s interfaces are fully locked and all communication is end-to-end encrypted.

The printers are also designed to comply with Wematter’s short-term data retention policy. Print jobs are never stored in the printer’s hard disk; jobs instead go to RAM member during the print and are automatically purged from the printer system upon print completion.

Compromise of Customer IT system via Wematter Software

Wematter’s software cannot compromise customer’s IT systems because it is isolated from the customer’s IT environment.

Some competing 3D-printing software requires the installation of executable programs on customers’ computers. These installations carry risks because they often require full access to data and network interfaces.

Wematter software instead runs in clients’ web browsers. It does not require installing any software on customers’ devices. A web browser is a very mature and secure technology that runs web applications in a sandbox environment. A web application running in the browser does not have access to any files or data on the host computer, which insulates the host computer from potential attacks.

The Gravity 3D-printer, moreover, does not need to be part of the customers’ internal network and can be connected to any public, guest, or lab network. The Gravity 3D-Printer also uses a Secure IoT platform and will only run verified images that are released by Wematter. Again, some competing 3D-printers require a local connection between the computer and printer, thus creating greater risk to clients’ IT systems. Some printers might even use USB sticks, which are known for being a way to sneak malware into internal systems.

Do you have questions about how your data is processed during our print process? Contact us today at sales@wematter.se or call +46 13 560 33 00 and we will be happy to tell you more! You can also download this article in pdf format below.

Cybersecurity in additive manufacturing

Download pdf

Send download link to:

I confirm that I have read and agree to the Privacy Policy.

I want to receive news and offers from Wematter (in English)