Hi Feign, thanks for answering.

Quote Originally Posted by Feign View Post
While both of those are possibilities, they are unlikely for other reasons. The first because for both the mad hacker and the terrorist, introducing a flaw that will fail someday isn't terribly productive. No thrill in it for the hacker, and no sense of immediacy or attack in it for the terrorist.
You assume hackers are like the kids of the nineties, coding to have a thrill. We are not talking about those, not anymore. Hackers today are professional teams that seek either a financial or a political goal. Being able to tamper with a production process and then try to draw benefits from it is far from being unlikely: it's being attempted every day. Introducing poison into food or medicine production factories is just one of many examples. 3D printing just brings the process a little closer to hackers' "core competences" than before.

Criminals, terrorists or enemy Governments constantly scout for new vulnerabilities. Adding 3D printing capabilities to a production process without thinking thoroughly about possible tampering scenarios introduces the proverbial weakest link.

Quote Originally Posted by Feign View Post
In the case of the medical implant, there's no competent medical device manufacturer that would just go without continuous testing their product because they trust their printing process.
The question is simply about two aspects of this testing: 1) how many devices per production batch will be tested and 2) what will be tested.

If the answer to 1) is 100% then you go straight to 2). However, in many production processes only a sample of produced equipment gets tested. In that case, the attacker only needs to tamper with the program so that a percentage of the items are faulty. If, for example, 10% of the produced items get tested, the attacker would need to introduce the flaws in 1% of the production and only a fraction of defective material will be discarded, while the rest will be shipped.

2) Someone familiar with the way products are being tested might very well introduce flaws that circumvent those tests.

Quote Originally Posted by Feign View Post
Also, if someone is getting into your facility with hard copies of malware to put on your machines, you have a bigger problem than the malware itself.
I think you shouldn't concern yourself with that part of the security problem. Let others handle the "how-the-heck-did-he-enter-the-compound" issue. Security should be present at all layers, in order to make the cost of the attack higher. Here - if I'm not mistaken - we are discussing the security of 3D printers, or in other words the "okay-he-got-through-and-he-accessed-the-printer-now-what" issue. What measures should the 3D printing industry develop in order to minimise the attacks? Digitally signing the models perhaps?

I am unfamiliar with 3D printing, but I am very familiar with cybersecurity (>25 years in the field), and I'm telling you the "it's not a problem now" is not the right attitude.
People fifteen years ago wouldn't believe their mobile phone could be attacked by malware or hackers. Now more than 15,000 new Android malware gets added every three months, and hacking your phone is the favourite way for cybercriminals and law enforcement alike to track you and spy on you.
People today don't believe their future car will be attacked by malware or hackers. It will be, and if the automotive industry doesn't do something soon it's going to get ugly.
Finally, I see 3D printing industry members today that are similarly sceptical about 3D printers being attacked by malware or hackers. Hackers are going to get there, eventually. The choice to prepare for them is yours.

L.