Transport

Atlantic Council warns of cybersecurity risks of 3D printing in aviation

Aviation is responsible for 4 billion journeys per year, and the transportation of 55.7 million tons of cargo across the world. Like many industries, aviation has readily adopted additive manufacturing and 3D technologies in aircraft production, maintenance and training.

But this enthusiasm and for new technologies comes at a cost. As Washington D.C. think-tank the Atlantic Council notes, “the speed of innovation, technological advancement and adversary capability is potentially outstripping policy and regulatory development in many areas of the ecosystem.”

In a report recently published by the think tank’s Brent Scowcroft Center on International Security, the Atlantic Council confronts its findings that although new and emerging capabilities like 3D printing are “transforming the aviation sector,” they are presenting previously unfamiliar “cyber-security risks that are not yet fully understood.”

Atlantic Council on Cybersecurity

The Atlantic Council outlines its vision for air travel as characterized by “a safe and prosperous aviation industry, with resilient trust and systems.”

Aircraft are often assembled by a consortium of suppliers across regions of the world, who are now using composite materials and 3D printing instead of traditional manufacturing methods. Across this extended supply chain there is, as the Atlantic Council phrases it, a “wealth of intellectual property and proprietary data.”

This is particularly pertinent in 3D printing, where designs and codes for components, data, algorithms, software and machine commands are stored digitally and prone to compromise if not encrypted correctly.

The US Navy Air Systems Command (NAVAIR) is increasingly using 3D printing for replacement parts on demand. Photo via NAVAIR.
The US Navy Air Systems Command (NAVAIR) is increasingly using 3D printing for replacement parts on demand. Photo via NAVAIR.

A consequence of rapid adoption

As the report notes, additive manufacturing in aviation has grown rapidly in recent years to the extent that both Airbus and Boeing, the world’s largest aircraft manufacturers, are making standard use of it in production, up from niche and specialist use.

It is the digital file preparation required for 3D printed components that presents the most concern. The report lists three ways in which a hacker could interfere with digital files for 3D printing.

Deny, compromise and sabotage

Hackers could firstly “deny” producting by deleting firmware, software or product designs, a phenomenon that has been found across industries.

Secondly, they could “compromise” intellectual property by stealing product design files. The report notes that this would make industrial espionage easier since tooling and production lines would not be needed for 3D printing a stolen component.

Finally, a hacker could “sabotage” the component by modifying the printing process or the file with the intent of causing a weakness in the structure. In an field as risky as aviation, one faulty component could cause a catastrophic engine failure.

Examples demonstrated by researchers include undetectable sabotage resulting in product weakening or acceleration of fatigue life, or an external attack chain initiated by malware that was able to then sabotage quality without being detected.

Maintenance and MalwARe

The report also confronts the risks in having aircraft maintenance software wholly or partly dependent on paperless processes, where aircraft data is coordinated with the ground crews’ handheld and AR devices.

It cites a particular example in 2008 where a crash occurred because an engineering computer tracking incorrect takeoff configurations was infected with malware.

Airlines need to maintain enormous inventories for aircraft parts to keep their fleets in the air. Using 3D printing for on-demand manufacturing is a promising alternative. (Photo courtesy of Stratasys).
Airlines need to maintain enormous inventories for aircraft parts to keep their fleets in the air. Using 3D printing for on-demand manufacturing is a promising alternative. (Photo courtesy of Stratasys).

Report conclusions

The report concludes that, whether or not aircraft are airborne, they must be treated “as nodes on multiple networks,” and that the aviation sector’s culture of “managing safety in the face of complex risk” ought to be applied to cybersecurity. This should involve stakeholders collaborating and developing a “shared perception of risk.”

In the case of aviation, this may suggest that the adoption of additive manufacturing and 3D technology should not outpace the development of adequate cybersecurity systems.   

At the same time, 3D printed components have, in some instances proved to be more reliable than traditionally manufactured ones. When CFM International’s fleet of Leap-1A engine fleets began experiencing problems earlier this month, the problem was not the engine’s 19 3D-printed fuel nozzles but the static turbine shrouds made from ceramic matrix composites.

The Atlantic Council’s full report, entitled “Aviation Cybersecurity, Finding Lift, Minimizing Drag”, by Peter Cooper, can be read here.

Title page of The Atlantic Council's Report. Image via Atlantic Council.
Title page of The Atlantic Council’s Report. Image via Atlantic Council.

For more information on 3D printing and aviation, subscribe to our free 3D Printing Industry newsletter, follow us on Twitter, and like us on Facebook.

 Featured image shows a GE engineer maintains the aircraft engines. Photo via GE.