by Industrial Print Magazine Staff
When three-dimensional (3D) printers are connected to the internet, they become susceptible to cyberattacks.
“This leaves consumer and corporate networks vulnerable to theft of private data, ransomware attacks, and disruption to normal course of business and life. Employing proper security practices can prevent these attacks that result in significant costs to corporations and consumers,” explains Christopher Stricklan, CEO/co-founder, Kraetonics, LLC.
Above: 3YOURMIND’s Part Identification is a software tool that aids engineers in determining the best manufacturing method for spare parts.
Implementing software with real-time monitoring, authentication, encryption, and other security features helps proactively manage risk.
Importance of Security
Additive manufacturing (AM) requires safeguards that protect vulnerable files and data.
While this has always been true, with AM expanding beyond prototyping and into “producing critical components for aerospace, defense, medical, and energy sectors,” it is now more critical than ever to protect the process, according to Brent Stucker, chief scientist, Nikon SLM Solutions.
“As machines become more connected for efficiency, remote monitoring, and data-driven optimization, they also become more exposed. Every connected machine becomes a potential entry point for cyber threats that can compromise intellectual property (IP), alter part geometries, or even affect the material properties of mission-critical components,” continues Stucker.
Andre Wagner, CEO, Authentise, says software security for AM is important because of the many attack vectors, for example IP theft and the insertion of faults into devices. “Software is both the cause of those attack vectors and with secure, end-to-end solutions, it can protect against them.”
Looking particularly at IP, Marcellus Buchheit, president/CEO, Wibu-Systems USA Inc., says protecting digital files for 3D printing is critical for safeguarding IP, preventing unauthorized use, and maintaining data integrity.
“From concept to the printed object, many stakeholders contribute to the AM process. The actual digital design of the printed object represents or contains the IP of its maker, and today, those digital printing files are more often than not distributed to the various stakeholders via the internet. In many cases, that object is only one part of a finished product assembled by another agent in that process—an integrator or perhaps a vendor. In other cases, the actual 3D printing will be handled by a third party service provider. At every step in the process, the digital IP needs to be protected against theft, piracy, and tampering, but still be readily available for legitimate agents to use, process, and reprocess,” continues Buchheit.
There are so many different parts of the 3D printing process that if one section is interfered with, the whole process is ruined. For example, “in metal AM, the digital thread—CAD, process parameters, scan strategies, and build data—holds the recipe for performance. If even one variable is tampered with the end part could fail without warning. That’s why software security isn’t just an IT concern; it’s a manufacturing integrity concern. Secure AM workflows protect IP, ensure traceability, and guarantee the safety and reliability of printed parts,” states Stucker.
Another example, at 3YOURMIND the company works with defense organizations where securing the production chain is critical. “Data in the hands of malevolent actors could give them an advantage; such as sabotaging parts by altering the print files before production,” shares Felix Bauer, CTO, 3YOURMIND.
“Secure AM software is vital to protect IP, ensure design integrity, and prevent malicious alterations. The uptime of machines is the most vital aspect in a manufacturing environment. There has to be a complete 360 degree perspective on all aspects of security in all layers,” says Ajay Bharadwaj, head of software development, Intech Additive Solutions.
Type of Software
End-to-end workflow software is one defense against vulnerabilities. Standalone solutions, like in-process monitoring, authentications, and encryption are also useful.
“The system is as secure as the most vulnerable point. So all aspects should be considered in terms of security,” admits Bharadwaj. This means many different software solutions with multiple purposes can be considered, for example, counterfeiting of spares, real-time monitoring solutions like tampering of parameter sets for each print, multi-stage authentication of parameter sets, end point security, encryption of print files, secure transfer, and audit systems.
According to Stucker, important layers of software security in AM include access control and authentication systems, which restrict and log access to machines, software platforms, and files, ensuring only authorized personnel can make changes. Another is end-to-end encryption; data is protected as it moves through the AM workflow—from design to print to inspection. Real-time monitoring and intrusion detection helps track unusual machine behavior or file access patterns that might signal tampering. File integrity monitoring ensures that build files haven’t been modified since approval. Audit logs and version control provide traceability for compliance and forensic analysis in case of a breach.
“These systems work together to create a resilient and transparent AM environment, giving manufacturers peace of mind and auditors clear visibility,” adds Stucker.
File encryption, digital rights management solutions, and access control systems are also used to protect 3D printing files, says Buchheit. He also notes Advanced Encryption Standard is an industry standard tool used for secure file transmissions. Rivest-Shamir-Adleman uses public key encryption schemes while end-to-end encryption ensures that only authorized parties can access the file during sharing or storage.
“Combining two or more of these mechanisms greatly enhances protection of the IP embedded in the 3D printing files,” continues Buchheit.
Tools like binary diversification (BINDIV) provide passive protections to computer systems. “Kraetonic’s goal is to support manufacturers to integrate BINDIV into their development operations pipeline to prevent bad actors from being able to massively exploit their systems,” explains Stricklan.
Many software providers collaborate to help with security. For example, Authentise is part of a government-funded CYMANII project. “It proves that, by combining integrated end-to-end workflow software with separate in-process monitoring suites—we work with Addiguru in this case—we can radically reduce the errors inserted in the process thanks to triangulation of machine data, monitoring data, and Authentise’s workflow data,” explains Wagner.
Stricklan points out that the responsibility of security should be on the printer manufacturers, however consumers can also take ownership. “Consumers can employ network intrusion detection software, firewalls, and anti-virus products. These solutions are reactive and not proactive, but provide some level of protection and situational awareness. The downside is that they can be expensive, difficult for consumers to deploy, or not supported by the AM platforms. The two most important things a consumer can do is to make sure to perform regular firmware updates when they are provided by the manufacturer and choose a manufacturer that is dedicated and proactive in providing secure products.”
The 3D printer’s firmware should support secure protocols for full traceability. “Ideally, 3D files are decrypted by the printer just before the print. That way, it should not be possible to alter the file or reprint the file without authorization. However, there are some challenges with that. Currently, print vendors lack a standard for secure protocols. In addition, 3D files often need to be pre-processed before the print. To ensure full security, the print preparation must be performed by the IP owner and not by the print operator, which can be a challenge,” admits Bauer.
Security Musts
Every 3D printing solution should regularly maintain certain security standards.
According to Buchheit it is important to balance between integrating layers of security versus ease of use for the operator. “Achieving the optimal level of security will provide the necessary protections for the application while not overly restricting the end user processes. Ideally, built-in security solutions should provide end-to-end encryption of the digital print file, from design to printed object, as well as ensuring secure transmission of the encryption keys required to decrypt the file for printing.”
Wagner says standards like ISO/IEC 27001:2022 or NIST SP 800-53 must be followed. CMMC is necessary. Furthermore, he states that a software solution in his opinion isn’t viable unless SSO and on-premise compatibility are standard.
Stucker lists role-based access control, secure file transfer protocols, audit trails and logs, encrypted storage and communication, real-time anomaly detection, and firmware validation as important considerations.
Bharadwaj’s must haves are authentication of usability, data encryption, integrity checks, and end point security. He says also helpful is a feature that can limit the number of times a particular part can be built. This prevents unauthorized manufacturing of certain components and limits growth of grey market.
Files encrypted both at rest and in transit, a permission system to allow only authorized personnel to access the files, and software protected using industry standards and practices are all things Bauer recommends as necessary.
For nice-to-have security features, Stucker suggests biometric authentication, air-gapped printing capabilities, integration with enterprise cybersecurity systems, self-healing software that can isolate compromised modules, and automated alerts with artificial intelligence (AI)-based prioritization.
Also on the wish list, “a zero-trust production chain with end-to-end encryption from CAD tool to printer. However, this is difficult to achieve. In reality it is still often the printer operator or service bureau that need to be trusted by the IP owner,” continues Bauer.
Manufacturers of AM platforms should conduct firmware updates to ensure security is up to date, according to Stricklan. “Manufacturers need to regularly perform red teaming assessments of AM platforms to identify any vulnerabilities. They should provide firmware updates as needed to close known vulnerabilities reported to the cyber vulnerability enumeration database or ones they found internally during their red team assessment process.”
AI in Security
AI plays many roles, and one of them is in security. It’s helpful in quickly detecting when something is amiss.
“AI helps identify intrusion events by detecting anomalies,” suggests Wagner.
Ideally, AI functions in a proactive role. “By analyzing vast streams of machine behavior, user activity, and data flow, AI can identify subtle deviations that might escape traditional rule-based systems. For example, a shift in laser parameters that doesn’t match the original build file, or access from an unusual IP address, can be flagged instantly,” explains Stucker.
Bharadwaj agrees. “AI can be a boon in terms of identifying threats such as anomaly detection, predictive threat detection, and even automated action.”
Furthermore, “AI-driven behavioral analysis and predictive analytics can flag deviations in typical user behavior, such as unusual login locations, access times, or activity patterns that may indicate data compromises. AI models based on historical data are used to predict future threats and vulnerabilities, allowing organizations to proactively strengthen defenses before an attack occurs,” says Buchheit.
“Using AI to augment our ability to solve problems faster will make developers and analysts faster and more efficient,” asserts Stricklan.
Examples of this include vulnerability assessment and network intrusion detection. “Teams have performed custom training of neural network, tensor flow, and large language models to help identify vulnerabilities in source code and machine code to aid in the discovery of vulnerabilities before software is released. Network intrusion detection is an area where AI excels by quickly identifying patterns of network communications that differ from the norm. Both of these capabilities augment a human’s ability to identify errors early to help prevent exploitation of systems and networks,” adds Stricklan.
“Manufacturers should employ AI models to assess their platforms for possible vulnerabilities, determine if bad actors are attempting to infiltrate a network, and use sidecar capabilities to help improve the security of their software. The proper use of AI can be a significant benefit when used effectively,” says Stricklan.
Software Security
Vulnerabilities range from bad actors to ransomware. They are now all common in 3D printing. Implementing software with real-time monitoring, authentication, encryption, and other security features helps proactively manage any risk. It’s up to both the user and hardware provider to stay vigilant as AM becomes more reliant on the internet.
Jun2025, Industrial Print Magazine
