Military 3D Printing Systems Flagged for Cybersecurity Holes

  • Unsecured 3D printing risked technology theft, sabotage
  • Old operating systems, lack of updates among watchdog concerns
By Travis J. Tritten

Bloomberg Government subscribers get the stories like this first. Act now and gain unlimited access to everything you need to know. Learn more.

The Pentagon didn’t adequately protect its 3D printing facilities from foreign hackers who could have stolen defense designs or sabotaged parts, the Defense Department inspector general found in a report released Wednesday.

Five military sites that do the printing, also called additive manufacturing or AM, didn’t consistently examine cybersecurity risks or secure systems, and were running outdated versions of Microsoft Corp.‘s Windows, the inspector general reported.

The vulnerabilities “could allow an adversary to re-create and use DoD’s technology to the adversary’s advantage on the battlefield,” the IG said in a release. “If malicious actors change the AM design data, the changes could affect the end strength and utility of the 3D-printed products.”

The Pentagon uses 3D printing to create artificial limbs, body armor, vehicle parts, brackets for weapons systems, and medical implants. The process involves computer-aided machines that layer materials to create three-dimensional objects and can be done with a much smaller footprint than traditional manufacturing.

The concerns about 3D printing vulnerabilities come as U.S. government agencies and companies are increasingly under threat from cyberattacks and ransomware. President Joe Biden met with agency leaders Wednesday to discuss a wave of high-profile attacks.

Biden Elevates Ransomware Threat to National Security Priority

Photo: Senior Airman Dylan Gentile, U.S. Air Force via DVIDS
Tech. Sgt. Michael Resseguie, 919th Special Operations Maintenance Squadron metals technology craftsman, uses graphic modeling software to print a piece of air duct at Duke Field, Fla., on June 23, 2020.

Users of the Defense Department’s 3D printing systems viewed them as “‘tools’ to generate supply parts instead of information technology systems that required cybersecurity controls,” according to the audit report.

The systems weren’t regularly updated, and 35 of the 46 total 3D printing systems weren’t running Windows 10 as required by a 2016 Pentagon memorandum.

“For example, in 2019, Microsoft issued over 197 operating system updates to fix security vulnerabilities, one of which fixed a vulnerability that allowed attackers to gain unauthorized access to a single computer and then use that access to log into other computers,” the report found.

Pentagon leaders as well as the Navy, Air Force, Marine Corps, and Walter Reed National Military Medical Center agreed to inspector general recommendations to fix the security issues.

To contact the reporter on this story: Travis J. Tritten at ttritten@bgov.com

To contact the editors responsible for this story: Sarah Babbage at sbabbage@bgov.com; Loren Duggan at lduggan@bgov.com

Stay informed with more news like this – from the largest team of reporters on Capitol Hill – subscribe to Bloomberg Government today. Learn more.

Top