Milaat, F.
and Lubell, J.
(2023),
Layered Security Guidance for Data Asset Management in Additive Manufacturing, ASME Journal of Computing and Information Science in Engineering, [online], https://doi.org/10.1115/1.4064128, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936809
(Accessed April 27, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Layered Security Guidance for Data Asset Management in Additive Manufacturing
Published
Author(s)
,
Abstract
Manufacturing industries are increasingly adopting additive manufacturing (AM) technologies to produce functional parts in critical systems. However, the inherent complexity of both AM designs and AM processes render them attractive targets for cyber-attacks. Risk-based Information Technology (IT) and Operational Technology (OT) security guidance standards are useful resources for AM security practitioners, but the guidelines they provide are insufficient without additional AM-specific revisions. Therefore, a structured layering approach is needed to efficiently integrate these revisions with preexisting IT and OT security guidance standards. To implement such an approach, this paper proposes leveraging the National Institute of Standards and Technology's Cybersecurity Framework (CSF) to develop layered, risk-based guidance for fulfilling specific security outcomes. It begins with an in-depth literature review that reveals the importance of AM data and asset management to risk-based security. Next, this paper adopts the CSF asset identification and management security outcomes as an example for providing AM-specific guidance and identifies the AM geometry and process definitions to aid manufacturers in mapping data flows and documenting processes. Finally, this paper uses the Open Security Controls Assessment Language to integrate the AM-specific guidance together with existing IT and OT security guidance in a rigorous and traceable manner. This paper's contribution is to show how a risk-based layered approach enables the authoring, publishing, and management of AM-specific security guidance that is currently lacking. The authors believe implementation of the layered approach would result in value-added, non-redundant security guidance for AM that is consistent with the preexisting guidance.Citation
ASME Journal of Computing and Information Science in Engineering
Pub Type
Journals
Download Paper
Keywords
Additive Manufacturing, Cybersecurity Framework, Asset Management, Open Security Controls Assessment Language, computer-aided design, computer-aided manufacturing, cyber-physical security for factories, Industrial Internet of Things, cyber-manufacturing
Citation
Created November 23, 2023, Updated December 1, 2023