New Pentagon policy to accelerate the use of 3D printing in the face of new cyber concerns
Defense Ministry officials are keen to accelerate adoption of additive manufacturing to solve frontline and logistical challenges amid a recent policy shift, even as the ministry’s watchdog raises new concerns about to how the military secures its 3D printing systems.
In June, the DoD released its first additive manufacturing policy. The post closely follows DoD’s very first additive manufacturing (AM) strategy, released in January.
The new policy defines the roles and responsibilities of business management through the ministry. He indicates that the DoD will use this practice to “support the commanders of the joint forces and [combatant command] theater requirements, transform maintenance operations and supply chains, increase logistical resilience and improve self-reliance and readiness for military services.
Tracy Frost, DoD’s Manufacturing Technology (ManTech) program director, said the DoD wants to align the department’s various additive manufacturing activities to accelerate the use of the technology across the military.
“[AM] has been around for a long time, but as used today it is cutting edge technology, ”Frost said at a July 14 event hosted by the Center for Government Contracting at George University Mason. “It is distributed and accessible thanks to its smaller footprint, and its cost is lower. It’s innovative, allowing us to create new designs like we’ve never seen before. And that allows us to iterate and prototype faster, supporting fast design cycles.
The military services are currently working on implementation plans to push the new policy forward, while a joint additive manufacturing task force led by Frost’s office continues to oversee the Pentagon’s AM efforts.
The Defense Logistics Agency also operates a common 3D printing model sharing platform called the “Joint Additive Manufacturing Model Exchange,” Frost said. Its ManTech office further identifies AM training needs and helps fund research into qualified AM metal parts.
Angela Tymofichuk, Air Force deputy assistant secretary for logistics and product support, said AM use is increasing across the department where staff are in need of spares for aging equipment and made in the face of decreasing sources of manufacturing in certain sectors. She said the Air Force is pushing AM into operational use through its major commands, and the department now has a responsible property management system with associated training in place for 3D printers.
“We have ‘spark cells’ across the Air Force where their intention is to put these innovative technologies and processes into the hands of our highly creative and innovative Airmen and see what they can do.” Tymofichuk said at the GMU event.
Despite the momentum behind the department’s use of FA, the DoD Inspector General raised new security concerns in a drafted audit released last week. The watchdog found that the five DoD component sites were not consistently using cybersecurity controls at their AM sites, leaving both systems and design data at risk.
“DoD components did not systematically secure or manage their AM systems or design data because AM users viewed AM systems as ‘tools’ for generating supply parts instead of computer systems. that required cybersecurity controls, ”the report said. “Further, the DoD components erroneously categorized AM systems as stand-alone systems and mistakenly concluded that the systems do not require authorization in order to operate.”
DoD officials accepted the IG’s recommendations to treat AM systems as information systems under DoD policy and to require 3D printing systems to obtain an ATO. The Air Force told the IG it was issuing a policy requiring an ATO for AM systems in May, with full compliance required by May 2022.
But cybersecurity remains an issue in both the additive manufacturing industry and in the DoD, according to Joe Veranese, head of enterprise systems at America Makes, the National Additive Manufacturing Innovation Institute, which serves as the link between the department. and industry.
“If you don’t secure these machines. . . you make data available to a bad actor, you make data compromised by a bad actor, a loophole can be introduced, ”Veranese said in an interview with Federal News Network. “And the thing with the additive is you can bury a flaw under 17 layers of stuff and never see it until it fails. So you have to be able to understand and trust in the file being printed.
Many small and medium-sized manufacturers don’t update their machines because it takes them out of service, costing companies a loss of production, according to Veranese. And a firmware update can crash a machine, taking it offline for even longer, he said.
Meanwhile, as the DoD IG revealed, the DoD often failed to update their machines, safely using removable media and leaving other parts of the process open to potentially malicious actors, as they considered them. AM systems as tools rather than computer systems. Veranese also said the DoD feels comfortable not following typical computer protocols because they rule out their 3D printing systems, effectively blocking them from the internet.
But malicious code and other loopholes can still be introduced, Veranese said, forcing the department and industry to adopt a new mindset around additive manufacturing cybersecurity.
“It makes people think it’s something important,” he said. “I don’t stay inside the yellow tape around this big machine because I might lose a finger. Well, I don’t share my password or put my password on a little sticky note on my monitor because it might be compromised. It must also be innate. And until it’s really accepted that way, we’re going to continue to have problems.
The new DoD policy on AM systems requires managers to ensure that “the cyber-physical infrastructure and processes are secure and capable of supporting the use of AM throughout the lifecycle of AM systems. weapon systems ”. He says the ministry will conduct periodic cyber risk assessments for AM systems and institute AM-specific processes to prevent data exploitation.
Frank Kelley, vice president of Defense Acquisition University, suggested that the DAU could develop training for DoD personnel on AM security.
“I think it would be a good thing for DAU to come up with some sort of classroom where all elements of the acquisition workforce are represented, give them a problem, where adaptive manufacturing could be the solution,” he said. Kelley said at the GMU event. . “And then we slip in a bad file and see if they catch it before printing it and see if we actually have good security procedures and protocols.”