3D Printers: IT's Next Great Data Challenge3D Printers: IT's Next Great Data Challenge
Many tech professionals think of 3D printing as little more than a toy, even though it's in full production swing in manufacturing operations. Gartner and other researchers predict major growth for 3D printing in the enterprise, raising a host of data protection issues for IT professionals. Here's what you need to know.
August 27, 2015
(continued from preceding page)
companies, "modern 3D printers, even low-cost devices, are capable of printing items that are difficult to describe using existing formats. The 3MF specification eliminates the problems associated with currently available file formats, such as STL, which was designed in 1989. It resolves interoperability and functionality issues, enabling companies to focus on innovation in this growing field."
The consortium is making its open source 3MF specification available for free download, and it will soon be on GitHub.
Intellectual property protections and 3D printer monitoring are not baked into the new standard. Indeed, there isn't so much as a snippet of security support in the core spec. However, there is a way to add it on as an extension.
"3MF is designed to support existing and emerging scenarios in 3D printing," Adrian Lannin, executive director at 3MF Consortium, told InformationWeek. "As new scenarios become important, or as features that are specific to a particular workflow or use case become necessary, they can be implemented as extensions to the standard."
Protecting IP On 3D Printers
Manufacturers such as GE Power & Water are giving serious consideration to protecting intellectual property on 3D printers. InformationWeek interviewed Clay Johnson, the company's CIO, and its CISO, Teresa Zielinski, earlier this year about how they're approaching 3D printing.
"Inside our walls we treat 3D printers as another asset in our network," said Johnson. "We used to post pictures and drawings of our product designs on physical boards in the office. We actually think we can protect all that data a little better now on 3D printers."
Zielinski added: "We have extensive logging and monitoring of where our data is sent, and who had access to it. There's less touching of the information, and it's no longer laying around in the offices exposed."
What happens when a manufacturer ships code to a customer or another external 3D printer instead of shipping an actual product? "We will evaluate shipping code to customers in careful stages," Johnson said.
"This is new to everybody," Zielinski added. "There will need to be processes to protect the data, and to assure buyers that what is delivered to their 3D printer is actually from the manufacturer."
How to protect intellectual property in the process is a work in progress. "At the moment, there is not a lot being done," said David Alan Grier, IEEE Fellow and principal for Djaghe consulting, in an interview with InformationWeek. Grier cited Shapeways and other "maker" websites as examples of how IP is currently handled.
Shapeways, an online 3D printing service and marketplace based in New York City, is aiming to help independent designers worldwide create and sell their products. Makers use a 3D printing app and a range of modeling software to design their products, and can work with a Shapeways designer on fine-tuning the product. Once the product design is complete, it's uploaded to the Shapeways site, and Shapeways will produce it using its 3D printing capabilities. The product can then be sold to others using the online Shapeways marketplace.
Where the IP challenge arises is in the fact that the code that a maker sends to Shapeways for printing may be stolen from someone else or be an adaptation of someone else's code that was made without their permission and in violation of copyrights and patents. Shapeways is one of the few 3D printing service companies that tries to check for such infringements and illegal activity prior to printing a product and shipping it back to the user. Keep in mind that users can order more than one unit – they can order many units printed – and resell them. That resell is known as a "second sale," and if the practice is done using stolen IP, it can be devastating to a company's profits by filling a marketplace with counterfeit goods.
According to Grier, websites such as Shapeways "do at least a quick scan on design files that are uploaded to their sites to make sure that the files are not copies of material that they are circulating. All of them control the first sale of the files, but none control the second sale."
According to Grier, "For now, there are three technical ways for protecting files: encrypting them, circulating them from a secure server, or circulating hamstrung files – files that don't work without additional information. None of them is perfect, since the printers don't have an encryption feature." Rather, according to Grier, encryption/decryption has to be handled by an external program or application. "If you are able to capture an unencrypted file, you can circulate [it] indefinitely," he said, comparing the current state of 3D printing with that of the music business in 1998.
Indeed, the 40 or so professionals queried as background for this story all pointed to older distributed media as illustration of the current problems in 3D printing – and as possible shared solutions. "Look at all the counterfeiting in DVD copies earlier," GE's Johnson said. "Maybe we don't need DRM exactly, but we will need something similar. We can learn from the past and perhaps use that knowledge in digital threads, digital DNA, microdots, quantum dots, or some other protections. In any case, it is the same evolution."
Not everyone agrees that the DRM developed to protect entertainment files can be adapted to 3D printing. "Given the track record with color scanners and printers in the area of counterfeiting money, for example, the theft and counterfeit issue cannot be prevented to a large degree," attorney Richard Santalesa, founding member of the SmartEdgeLaw Group, said in an interview. According to Santalesa, this is particularly true for small objects that have no moving parts and are simple designs, such as small parts, jewelry, and toys.
"There will be technical approaches," he said, citing advanced scanners and copiers that contain code to recognize currency and prevent copying of U.S. currency. But, ultimately, "The burden will be on the IP owner to police and squash such items from being sold or entering the country."
CIOs and IT leaders can begin preparing today to protect company data in 3D printing in much the same way as they seek to govern and protect devices and data in their BYOD policies and processes. Look there for clues on how to structure policies and processes in 3D printing both on-site and off. Additionally, begin crafting protective extensions for the open source 3MF specification now, and pressure 3D printer vendors and manufacturers to add encryption and other security features directly on printers. Stay vigilant and proactive. According to Gartner, you can expect to see 3D printer use inside and outside your company walls as early as next year, if you don't already have them now. You can also expect to see their use increase over the next five to 10 years and a corresponding increase in demand. Prepare accordingly.
About the Author(s)
You May Also Like