For golf enthusiasts, April is best known for the prestigious Masters Tournament held annually at Augusta National Golf Club in Augusta, Georgia, USA. Since 1934, the Masters Tournament has been home to some of golf’s greatest moments and golf’s greatest golfers from around the world who compete for the coveted Masters trophy and entrance into an elite club of winners. In the 2024 tournament, Bryson DeChambeau led the field after the 1st round with a 7 under par 65. A great opening round for sure, but not unusual for the professional golfer who is known to be one of the top golfers in the field.
However, what was highly unusual was that it was discovered that DeChambeau played with a new set of 3D printed irons. Known on the tour as a “gear nerd,” DeChambeau played the round with a custom set of single-length irons made by little-known club maker Avoda that are made with an additive manufacturing process. Based on DeChambeau’s requirements, the only way to produce the custom 2 piece club quickly was via 3D printing.
So now you may be asking why am I discussing a 3D printed set of golf clubs in a software licensing and security blog? Well, bear with me for a second. It is widely known that 3D printed parts are being used in a variety of areas from automotive and jet engine parts to industrial machine components. It is also generally accepted that the 3D printing process, given its reliance and digital design and printing files, opens many doors to potential vulnerabilities to IP theft, reverse engineering, and malicious tampering.
So, after reading about the 3D printed golf clubs being used in one golf’s most prestigious events, a ridiculous hypothetical situation occurred to me. What if one of DeChambeau’s competitors somehow gained access to the print file and made a few minor modifications to the design which would change the weight and balance of the club to make his shots less accurate, and thus limit DeChambeau’s chances of victory at the Masters. Granted, a highly unlikely scenario in the golf world. But sabotage and industrial espionage are a very real scenario in the industrial additive manufacturing world.
In an article published by researchers at the NYU Tandon School of Engineering, Polytechnic Institute, the authors “found that when they introduced sub-millimeter defects between printed layers, the defects were undetectable by common industrial monitoring techniques like ultrasonic imaging and, over time, the materials would weaken due to fatigue, heat, light, and humidity, becoming more vulnerable to these small defects.”
One of the researchers further noted “how simple it can be for an attacker to hack into any 3D printer that’s connected to the Internet and introduce internal defects at the printing stage that no one would discover until the part failed.”
Industrial sabotage and espionage are not new problems and case examples can take many forms: introducing malware or viruses into a network, stealing or damaging company property or confidential information, or tampering with equipment and machinery to cause it to malfunction or break down.
The same is true in the additive manufacturing world where sabotage and tampering can result in profound consequences for employees, equipment users, and other stakeholders as well as introducing negative economic impact on lost production time, inventory, and legal issues.
According to Automation Alley, a World Economic Forum Advanced Manufacturing Hub (AMHUB) for North America and a nonprofit Industry 4.0 knowledge center, there are several common cybersecurity threats associated with 3D printing:
- Product Failures: cybercriminals could insert defects into object design files that could cause them to fail or malfunction.
- IP Theft: Hackers can easily reverse engineer a product by scanning it and then recreate it using additive manufacturing, dealing significant economic blow to companies who have spent years developing their products and building their brand.
- Competitive disadvantage: The theft of 3D printing files can lead to the loss of competitive advantage and revenue. 3D printing digital files can be easily copied and shared online without the owner’s permission, enabling anyone with a printer to produce a copy of the product, which can be sold at a lower price than the original.
- Counterfeiting: While in-house design and prototyping are usually done in a secure environment, the outsourcing of production to higher-volume manufacturing facilities can introduce security risks. With stolen files, a thief could have the ability to produce and sell counterfeit products that could damage the company’s reputation and result in lost sales and revenue.
- Data Breaches: the digital nature of additive manufacturing means that data breaches are a serious security concern, which is increasingly critical in the medical field. For instance, implications of a data breach in this context are far more serious than mere lost sales and revenue. If confidential patient data falls into the wrong hands, it could be used for identity theft or fraud.
These are just some of the identifiable cyber threats and vulnerabilities associated with the additive manufacturing process. Fortunately, there are security measures that can be implemented to safeguard such cyberattacks. Even if you are not an avid golfer, you might find this article from our KEYnote magazine of interest: Protecting and Monetizing IP in Additive Manufacturing.
