Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Layered Security Guidance for Data Asset Management in Additive Manufacturing

Published

Author(s)

Fahad Milaat, Joshua Lubell

Abstract

Manufacturing industries are increasingly adopting additive manufacturing (AM) technologies to produce functional parts in critical systems. However, the inherent complexity of both AM designs and AM processes render them attractive targets for cyber-attacks. Risk-based Information Technology (IT) and Operational Technology (OT) security guidance standards are useful resources for AM security practitioners, but the guidelines they provide are insufficient without additional AM-specific revisions. Therefore, a structured layering approach is needed to efficiently integrate these revisions with preexisting IT and OT security guidance standards. To implement such an approach, this paper proposes leveraging the National Institute of Standards and Technology's Cybersecurity Framework (CSF) to develop layered, risk-based guidance for fulfilling specific security outcomes. It begins with an in-depth literature review that reveals the importance of AM data and asset management to risk-based security. Next, this paper adopts the CSF asset identification and management security outcomes as an example for providing AM-specific guidance and identifies the AM geometry and process definitions to aid manufacturers in mapping data flows and documenting processes. Finally, this paper uses the Open Security Controls Assessment Language to integrate the AM-specific guidance together with existing IT and OT security guidance in a rigorous and traceable manner. This paper's contribution is to show how a risk-based layered approach enables the authoring, publishing, and management of AM-specific security guidance that is currently lacking. The authors believe implementation of the layered approach would result in value-added, non-redundant security guidance for AM that is consistent with the preexisting guidance.
Citation
ASME Journal of Computing and Information Science in Engineering

Keywords

Additive Manufacturing, Cybersecurity Framework, Asset Management, Open Security Controls Assessment Language, computer-aided design, computer-aided manufacturing, cyber-physical security for factories, Industrial Internet of Things, cyber-manufacturing

Citation

Milaat, F. and Lubell, J. (2023), Layered Security Guidance for Data Asset Management in Additive Manufacturing, ASME Journal of Computing and Information Science in Engineering, [online], https://doi.org/10.1115/1.4064128, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=936809 (Accessed May 28, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created November 23, 2023, Updated December 1, 2023