1 Introduction
1.1 Existing Works
1.2 Research Challenge and Motivation
1.3 Contribution
-
Literature Review: We conduct a comprehensive literature review to identify categories of threats in AM and identify twenty-two potential cyber-physical and cybersecurity threats in the AM supply chain.
-
Threat Analysis: We perform meticulous threat analysis, including identification and categorization. The framework defines five crucial threat characteristics for assessing impact: target precision, area of impact, collateral damage, stealth, and attack repeatability. Threat severity is estimated qualitatively and quantitatively based on these characteristics.
-
Likelihood Estimation: We estimate threat likelihood based on factors such as the source’s severity level and frequency of occurrence.
-
Risk Analysis and Threat Prioritization: Utilizing threat severity and likelihood metrics for comprehensive risk analysis and prioritization. This step ensures strategic prioritization of threats based on their assessed severity and likelihood, facilitating effective resource allocation.
-
Testing and Validation: The framework is tested and validated on standard benchmark dataset of Common Vulnerabilities and Exposures (CVEs) managed by MITRE.
1.4 Organisation
2 Conceptual Background
2.1 AM Life Cycle
2.2 Cyberattacks in AM Industry
2.3 Attack Classification in Additive Manufacturing
3 Proposed Framework
4 Threat Analysis
4.1 Threats Identification and Categorisation
4.2 Threat Characteristics
Targeting | Area of | Collateral | Stealth | Attack | Value |
---|---|---|---|---|---|
precision | Impact | damage | Stealth | repeatability | Value |
Unknown | Unknown | Unknown | Unknown | Unknown | 0 |
Low | Low | Low | Low | Low | 1 |
Medium | Medium | Medium | Medium | Medium | 10 |
High | High | High | High | High | 50 |
Critical | Critical | Critical | Critical | Critical | 100 |
4.3 Qualitative Analysis
Threats | Targeting precision | Area of Impact | Collateral damage | Stealth | Attack repeatability |
---|---|---|---|---|---|
Altering Physical properties to Object | High | Critical | Critical | Medium | Critical |
NBC contamination to object | Low | High | High | Low | High |
Alteration in Electronic circuit | High | High | Low | High | High |
Ageing or Outdated 3D Equipment | Medium | Low | Low | Medium | Medium |
Irreparable damage threat to 3D equipment | Medium | Low | Low | Medium | Medium |
E/I threat to 3D equipment | Medium | Medium | Medium | Low | Low |
E/I threat to the environment | Low | Medium | Medium | Low | Low |
Fire threat to the environment | Low | Medium | Medium | Low | Medium |
NBC’s contamination to the environment | Low | Medium | Medium | Medium | Medium |
Unauthorised access to CAD model | High | High | High | Medium | Medium |
Unauthorised access to .STL file | High | High | Low | Medium | Low |
Unauthorised access to Toolpath | High | High | Medium | Low | Low |
Unauthorised access to the physical machine | High | High | Low | Medium | Low |
Defective design | Medium | Critical | High | Medium | High |
Defects during the manufacturing process | High | Critical | Critical | Medium | High |
Exposure to ultrafine particle | High | High | High | Low | Low |
Ineffective training plan | High | High | Medium | Low | Low |
Insufficient management support | High | High | Low | Medium | Low |
Poor communication | Medium | Critical | High | High | Low |
Inflation threat | Medium | Medium | High | Low | Low |
Foreign exchange rate fluctuation | High | High | Low | Medium | Low |
Insufficient financing | High | High | High | Medium | Low |
Threat level | Interpretation | Threat level value |
---|---|---|
Unknown | The impact of threat characteristics is negligible | 0 |
Low | The impact of threat characteristics is low | 1 |
medium | The impact of threat characteristics is medium | 10 |
high | The impact of threat characteristics is high | 50 |
Critical | The impact of threat characteristics is critical | 100 |
4.4 Threat Impact Decay
Lifespan level | Interpretation | Lifespan value (\(\tau\)) | Decay rate (\(\delta\)) |
---|---|---|---|
Unknown | Threat impact weakened immediately | 0 | 1 |
Low | The threat remains active for a few periods | 1 | 1 |
Medium | The threat remains active for a short time | 5 | 0.5 |
High | The threat remains active for a long time | 8 | 0.25 |
Critical | The threat remains active for a very long time | 21 | 0.25 |
4.5 Impact Agrregation
Level Sum | Impact Level | Impact level value |
---|---|---|
0 | Unknown | 0 |
1-199 | Low | 1 |
200-999 | Medium | 2 |
1000-9999 | High | 3 |
10000+ | Critical | 4 |
5 Threat Likelihood
5.1 Reliability
Level Sum | Impact Level | Impact level value |
---|---|---|
0.9+ | Unknown | 0 |
0.7\(-\)0.9 | Low | 1 |
0.4\(-\)0.6 | Medium | 2 |
0.2\(-\)0.3 | High | 3 |
0\(-\)0.1 | Critical | 4 |
-
Extensiveness: It describes how much context an intelligence feed provides to assist the IOC in describing specific characteristics of the information. The context can be how many optional and required properties are filled by the data source as defined by the CTI sharing standards. The estimation of the extensiveness parameter is computed as \(\sum _{i=0}^z{\frac{o_i}{max(y_i)}}\), where \(o_i\) denotes the number of filled-in optional properties in a specific IOC, and \(max(y_i)\) represents the maximum number of contextual properties.
-
Timeliness: It is the time between the occurrence of an attack vector and the indicators associated with it in the feed [31]. Some authors termed it latency or speed [32]. The value of a feed used in active defence equipment, such as an intrusion detection mechanism, can be determined by its timeliness. Timeliness depends on how fast a data source shares its IOCs compared to other data sources. If a specific data source is slow in sharing and provides the same IOCs later than another, they could be obsolete, and we assign less source reliability to it. The timeliness is evaluated as \(p_T=\frac{1}{z} \sum _{i=0}^{z} \frac{min(t_i)}{ts_i}\), where \(min(t_i)\) is the timestamp at which the fastest data source sighted IOC, \(ts_i\) is the time that data source s has sighted IOC and is the number of IOCs shared by the data source.
-
Completeness: It states how much a data source contributes to the total set of IOCs, including all distinct IOCs provided by the data source [33]. A big part of the IOC set provided by a single data source indicates that the source is precious for the final score evaluation. Instead of focusing on data source quality, this parameter focuses more on the quantity of a data source. The completeness parameter is evaluated \(p_C=\frac{z_s}{z_{total}}\), where \(z_s\) is the total number of IOCs shared by data source s and \(z_{total}\) is the total number of distinct IOCs of all data sources.
5.2 Threat severity
Threat Severity level | Interpretation | Qualitative value |
---|---|---|
Unknown | Source assigns that the threat impact on AM industry is unknown | 0 |
Low | Source assigns that the threat impact on AM industry is low | 1 |
medium | Source assigns that the threat impact on AM industry is medium | 2 |
high | Source assigns that the threat impact on AM industry is high | 3 |
Critical | Source assigns that threat critically impacts the AM industry | 4 |
5.3 Occurrence
Likelihood | Interpretation | Qualitative value |
---|---|---|
0 | Attack is very unlikely to occur | 0 |
2 | Attack is unlikely to occur | 1 |
5 | Certain likelihood that a risk will occur | 2 |
7 | Attack is likely to occur | 3 |
10+ | Attack is very likely to occur | 4 |
Level Sum | Impact Level | Impact level value |
---|---|---|
0-1 | Unknown | 0 |
2-4 | Low | 1 |
5-7 | Medium | 2 |
8-10 | High | 3 |
11+ | Critical | 4 |
6 Risk Estimation
Risk level | Threat level | |||||
---|---|---|---|---|---|---|
Threat impact | 0 | 1 | 2 | 3 | 4 | |
0 | Unknown | Unknown | Unknown | Unknown | Low | |
1 | Unknown | Low | Low | Low | Medium | |
2 | Unknown | Low | Medium | Medium | High | |
3 | Unknown | Low | Medium | High | High | |
4 | Low | Medium | High | High | Critical |
7 Experimental Result and Validation
7.1 Experiments results
Identified Risks | Impactscore | Impact value | Likelihood score | Likelihood value |
---|---|---|---|---|
Altering Physical properties to Object | 28404 | 4 | 11 | 4 |
NBC contamination to object | 13833.8 | 4 | 11 | 4 |
Alteration in Electronic circuit | 4026 | 3 | 8 | 3 |
Outdated 3D equipment | 50 | 1 | 5 | 2 |
Irreparable damage threat to3D equipment | 50 | 1 | 5 | 2 |
E/I threat to 3D equipment | 657.2 | 2 | 6 | 2 |
E/I threat to theenvironment | 629.3 | 2 | 6 | 2 |
Fire threat to theenvironment | 657.2 | 2 | 6 | 2 |
NBC contamination to theenvironment | 685.1 | 2 | 8 | 3 |
Unauthorised access to the CADmodel | 14070.5 | 4 | 11 | 4 |
Unauthorised access to .STL file | 3483.1 | 3 | 9 | 3 |
Unauthorised access to Toolpath | 3977.2 | 3 | 9 | 3 |
Unauthorised access to the physical machine | 3239.1 | 3 | 9 | 3 |
Defective design | 21171.5 | 4 | 11 | 4 |
Defects occurring during the manufacturing process | 27746.5 | 4 | 9 | 3 |
Exposure to ultrafine particle | 6417.2 | 3 | 8 | 3 |
Ineffective training plan | 3977.2 | 3 | 9 | 3 |
Insufficientmanagement support | 3483.1 | 3 | 9 | 3 |
Poorcommunication | 20527.15 | 4 | 9 | 3 |
Inflation threat | 3733.2 | 3 | 7 | 2 |
Foreign exchange rate fluctuation | 3483.1 | 3 | 7 | 2 |
Insufficient financing | 6472.1 | 3 | 8 | 3 |
Identified risks | Impact score | Risk value | Risk level | Rank |
---|---|---|---|---|
Altering Physicalproperty threat to object | 28404 | 16 | critical | 1 |
Defective design | 21171.5 | 16 | critical | 2 |
Unauthorised access to the CAD model | 14070.5 | 16 | critical | 3 |
NBC contamination tomanufacturing object | 13833.8 | 16 | critical | 4 |
Defectsoccurring during the manufacturing process | 27746.5 | 12 | High | 5 |
Poor communication | 20527.15 | 12 | High | 6 |
Insufficientfinancing | 6472.1 | 9 | High | 7 |
Exposure to ultrafine particle | 6417.2 | 9 | High | 8 |
Alteration in Electroniccircuit threat | 4026 | 9 | High | 9 |
Unauthorised access to Toolpath | 3977.2 | 9 | High | 10 |
Ineffective training plan | 3977.2 | 9 | High | 11 |
Unauthorised access to STL file | 3483.1 | 9 | High | 12 |
Threat due toinsufficient management support | 3483.1 | 9 | High | 13 |
Unauthorised access to the physical machine | 3239.1 | 9 | High | 14 |
NBC’s contaminationto the environment | 685.1 | 6 | Medium | 15 |
Inflationthreat | 3733.2 | 6 | Medium | 16 |
Foreignexchange rate fluctuation | 3483.1 | 6 | Medium | 17 |
Fire threatto the environment | 657.2 | 4 | Low | 18 |
E/I threat tothe environment | 629.3 | 4 | Low | 19 |
E/I threat tomanufacturing equipment | 657.2 | 4 | Low | 20 |
outdated equipment | 50 | 2 | Low | 21 |
Irreparabledamage | 50 | 2 | Low | 22 |
7.2 Testing Setup
Dataset Information | Discription |
---|---|
Data Source | MITRE Corporation’s Common Vulnerabilities and Exposures (CVE) |
Time Period Covered | 1999 - 21 March 2023 |
Data Format | JSON |
Size | 1084 MB |
Total Number of CVEs | 249,816 |
Information Provided for Each CVE | Description, Severity Level, Impacted Systems, CVSS Base Score |
Associated Scoring System | Common Vulnerability Scoring System (CVSS) |
CVEs | Description | CVE score | Impact Level | Likelihood Value | Risk level |
---|---|---|---|---|---|
CVE-2021-21480 | Malicious code Injection | 9.9 | 4 | 4 | Critical |
CVE-2020-8479 | XML External Entity Injection vulnerability | 9.8 | 4 | 4 | Critical |
CVE-2020-8481 | Information Disclosure vulnerability | 10 | 4 | 2 | High |
CVE-2017-9632 | Missing Encryption of Sensitive Data | 9.8 | 4 | 2 | High |
CVE-2017-9630 | Improper Authentication | 9.4 | 4 | 3 | High |
CVE-2019-1590 | Insecure TLS client authentication | 8.1 | 3 | 3 | High |
CVE-2021-2238 | Unauthorised network access | 8.1 | 3 | 3 | High |
CVE-2018-13804 | Unauthorised network access | 8.1 | 3 | 3 | High |
CVE-2020-8471 | Weak File Permissions | 7.8 | 3 | 3 | High |
CVE-2022-2975 | Weak permissions | 7.7 | 3 | 3 | High |
CVE-2009-4046 | Multiple SQL injection vulnerabilities | 7.5 | 3 | 4 | High |
CVE-2009-4037 | Multiple SQL injection vulnerabilities | 7.5 | 3 | 4 | High |
CVE-2022-20817 | Unauthenticated, remote attacker impersonate another user’s phone | 7.4 | 3 | 3 | High |
CVE-2018-19436 | Blind SQL injection | 7.2 | 3 | 4 | High |
CVE-2021-27600 | Malicious code injection into HTTP parameter | 5.4 | 2 | 4 | High |
CVE-2019-0267 | XSRF attacks | 8.8 | 3 | 2 | Medium |
CVE-2016-2389 | Remote attackers read arbitrary files in the Path parameter | 7.8 | 3 | 2 | Medium |
CVE-2020-8475 | Denial of Service vulnerability | 7.5 | 3 | 2 | Medium |
CVE-2020-8476 | Elevation of privilege vulnerability | 7.5 | 3 | 2 | Medium |
CVE-2022-39802 | path traversal vulnerability | 7.5 | 3 | 2 | Medium |
CVE-2022-30467 | Denial of Service | 6.8 | 2 | 2 | Medium |
CVE-2007-5148 | Multiple PHP remote file inclusion | 6.8 | 2 | 2 | Medium |
CVE-2019-13945 | Unauthorised physical access | 6.8 | 2 | 3 | Medium |
CVE-2022-3432 | Vulnerability by driver | 6.7 | 2 | 3 | Medium |
CVE-2021-3972 | Vulnerability by driver | 6.7 | 2 | 3 | Medium |
CVE-2021-3971 | Vulnerability by driver | 6.7 | 2 | 3 | Medium |
CVE-2022-30466 | Replay attack | 6.5 | 2 | 2 | Medium |
CVE-2016-4016 | Cross-site scripting | 6.1 | 2 | 3 | Medium |
CVE-2021-27615 | Unavailability of HTTP security header | 5.4 | 2 | 2 | Medium |
CVE-2016-1561 | Password-less authentication | 5 | 2 | 2 | Medium |
CVE-2015-8329 | Weak encryption | 5 | 2 | 1 | Low |
CVE-2016-7157 | Denial of Service | 4.4 | 1 | 1 | Low |
CVE-2014-4820 | Cross-site scripting | 4.3 | 1 | 2 | Low |
7.3 Findings
7.4 Comparisons
8 Limitations and Future Scope
-
Scope Limitation: The framework identifies and evaluates potential threats based on a predetermined set of criteria, potentially overlooking emerging threats or those not covered within the defined scope. This could lead to gaps in threat coverage, leaving specific vulnerabilities to be addressed.
-
Data Source Dependency: The estimation of threat likelihood relies on data source analysis, which may introduce bias or inaccuracies depending on the quality and availability of the data sources. Over-reliance on specific data sources could skew the assessment results and impact the overall effectiveness of the framework.
-
Validation Methodology: While experimental validation with the MITRE CVEs dataset demonstrates the framework’s effectiveness in detecting severe vulnerabilities, it may not capture the full spectrum of threats encountered in real-world AM settings. The validation approach may need further refinement to ensure comprehensive coverage of potential threats.
-
Dependency on Third-Party Providers: Adopting cloud-based solutions often involves relying on third-party providers for infrastructure, platform, or software services. This dependency introduces additional risks related to service disruptions, vendor lock-in, and compliance with regulatory requirements [34, 35]. Organizations must carefully evaluate the security posture of cloud service providers and establish clear contractual agreements to mitigate these risks effectively. However, maintaining oversight and accountability over third-party providers can be challenging, especially in multi-tenant cloud environments.
-
Post-Processing Complexity: Post-processing in additive manufacturing (AM) involves various techniques such as cleaning, finishing, and surface treatment, each introducing its own set of risks. The complexity of these activities can make it challenging to identify and mitigate specific risks effectively [36]. The lack of standardized protocols and guidelines for post-processing further exacerbates this issue, making it challenging to address risks comprehensively. Therefore, it is essential to develop comprehensive risk mitigation strategies that account for the complexity of post-processing in AM.