OIG Report: DOD Failed to Cyber-Secure Additive Manufacturing Systems

A new report from the Department of Defense’s Office of the Inspector General shows that the Pentagon did not properly secure its additive manufacturing systems from foreign intrusion and data tampering.

According to the IG report released on July 7, the failure to secure the systems, such as 3D printers, was due to the DOD considering them as tools rather than information technology.

The DOD has increased its use of additive manufacturing systems, especially within the Air Force and at national laboratories, to create models and materials such as replacement parts for military equipment used in the field, FCW reported.

Pentagon personnel treated the systems as tools used to build supply parts instead of IT systems that required cybersecurity controls, the report states.

Additive manufacturing technologies at the DOD were “incorrectly categorized” as standalone systems and were thus assumed to not need authority to operate even though they were connected to the department’s network.

The IG report notes that the miscategorization resulted in vulnerabilities that exposed the DOD Information Network to various cyber risks.

“The compromise of AM design data could allow an adversary to re-create and use DoD’s technology to the adversary’s advantage on the battlefield,” the report says. 

Malicious actors could also change the systems’ design data, which could affect the strength and utility of 3D-printed products.

The results of the IG report come after series of recent cyberattacks, including the SolarWinds and the Colonial Pipeline hacks.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now