Building customer confidence through world-class data protection

Ever since the birth of additive manufacturing, questions about the technology’s impact on data protection and intellectual property have continued to arise. Initially, when additive manufacturing technology was exclusively used as a tool for product design and prototyping, these questions focused on intellectual property. This was a natural concern, considering that the technology would theoretically let anyone with access to the original CAD file and suitable equipment create a perfect 3D print of the design.

As additive manufacturing as grown to establish itself as a viable production tool across a number of industries, the threat of industrial sabotage has become a lingering concern when it comes to data protection. It is possible for hackers to introduce structural errors into CAD files via subtle adjustments to part orientation or the introduction of defects in the printed layers. These changes will not be visible if they are made to the interior of the part rather than the surface (referred to as a ‘void attack’) and are often virtually undetectable through techniques such as sonic imaging once the part has been printed. Nonetheless, they will have a significant effect on the resulting part’s material strength — increasing the risk of failure. With functional parts created for the automotive and aerospace sectors, the consequences of such sabotage can potentially be extremely serious.

In order to help maintain additive manufacturing’s current period of growth, it is important that all companies offering such services are ready to answer customer concerns of this nature and put measures in place to maintain the very highest standards of data protection. This should be a constant for every project stage — from receiving the customer’s initial CAD file to storing their project data for future reference (repeat orders etc.). In other words, the sending and storage of customer project data must be treated with equal importance.

When sending additive manufacturing project data, there are two key points where files are most vulnerable: the initial transmission from client to company, and the transfer from ERP system to printer. An effective data protection strategy should therefore begin with a secure platform for customers to submit their files. A secure online portal is highly effective in this regard, although a recent study into cyber-security in additive manufacturing at Virginia Polytechnic suggested increased use of ‘digital hashing’ of files, which would enhance the security of files transmitted via email. In practice, file encryption can be utilised to similar effect, and can also be used to protect data when it is sent to the printer. Regardless of the method used, the security of AM-related files during transmission should be part of the wider IT security strategy.

As discussed above, many of the changes that hackers are likely to attempt will be invisible after printing and extremely difficult to detect manually. An effective file-checking tool is therefore invaluable, and should be utilised at multiple project stages, before any file is sent to print. While such tools are typically focussed on preventing human error from affecting printing results, they can also act as the last line of defence against sabotage. However, this does not mean they should be treated as infallible. If sabotage is considered a serious risk, employee training and process control is essential, with any software tools providing them with additional support.

To help mitigate your customers’ concerns about their CAD files’ security, we would strongly advise you to establish robust NDA’s with them at the outset of your partnership. If necessary, be willing to tailor your process around any NDA’s you have in place. Any initial efforts will be rewarded with increased customer confidence and loyalty, which will likely lead to a steady stream of repeat business.

In terms of physical data storage, many customers insist on NDA’s that specify which which countries data may be stored. For example, companies may have standard NDA’s that do not allow data to be transported outside of the EU. Be flexible and willing to accommodate this when required, as it can often prove to be a deal-breaker for customers. Companies such as Microsoft, IBM and a range of regional hosting companies offer localised data hosting to help accommodate such requirements.

There’s a lot to consider when it comes to data protection in additive manufacturing, as cybercrime is rapidly evolving to keep pace with new security enhancements. However, if the security of customer data is treated with the appropriate level of concern and AM companies are willing to invest in the right processes and technology, instances of theft and sabotage will be kept to the absolute minimum. This will help build confidence in additive manufacturing and encourage more companies to explore what it can offer them.