Myths and Misconceptions in Additive Manufacturing Security: Deficiencies of the CIA Triad

Abstract

It is natural, as the demand for Additive Manufacturing (AM) Security grows, to adopt established approaches from other security research areas. However, such "imports,'' if not done carefully, can be misleading, and sometimes even counterproductive, and thus may negatively affect actual security of AM. We argue that this is the case for the CIA triad (Confidentiality, Integrity, Availability), a fundamental model of data security. To this end, we present arguments showing that the CIA triad cannot substitute concrete threat categories already established in AM. AM is an area which is not "pure data," but rather an area involving software, data files, and transforming data into physical artifacts, where established threats in this ecosystem include: Technical Data Theft, Sabotage, and Illegal Part Manufacturing.