Distributed manufacturing has long been a well understood advantage of Additive Manufacturing (AM) technology. With global supply chain issues, geo-political tensions and growing sustainability concerns, traditional centralized production is under pressure to evolve. This presents new opportunities for the AM industry to expand its global footprint to distributed small-scale manufacturing sites located closer to the customer.
However, security concerns such as IP theft, data integrity, and information leakage prevent many large enterprises from taking advantage of the distributed AM production. Although there are various technologies available to address these issues in the digital thread, enterprises should not decide to deploy them before performing a thorough risk analysis to determine their need.
In this case study, a threat modeling and risk analysis process will be presented based on the real-world example of a large energy customer embracing a distributed manufacturing approach. The SANS Institute Threat Modeling approach is used to provide a full characterization of the most common distributed AM production risks use cases. The complete data flow will be modeled to highlight all data entry/exit points, identify assets in the system and define the trust boundary. Threats will be identified using the Spoofing, Tampering, Repudiation, Information discovery, Denial of service (STRIDE) model.
The risk of each threat will be assessed and scored based on the impact and likelihood according to the Damage potential, Reproducibility, Exploitability, Affected users, Discoverability (DREAD) model. The effect of mediation methods commonly used in the industry will then be shown.
The objective is to help enterprises develop a method for managing their risk when evaluating moving to a distributed AM production process. Additionally, service bureaus can use this method to proactively minimize the risk their process presents to those enterprise customers.
Learning Objectives:
- Upon completion, participants will be able to understand how to develop a method for managing risks when evaluating moving to a distributed AM production process
- Upon completion, participants will be able to conduct the STRIDE model and proactively minimize the most common distributed AM production risks
