{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T16:40:09Z","timestamp":1772556009467,"version":"3.50.1"},"reference-count":61,"publisher":"ASME International","issue":"7","license":[{"start":{"date-parts":[[2024,2,5]],"date-time":"2024-02-05T00:00:00Z","timestamp":1707091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.asme.org\/publications-submissions\/publishing-information\/legal-policies"}],"content-domain":{"domain":["asmedigitalcollection.asme.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,7,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Manufacturing industries are increasingly adopting additive manufacturing (AM) technologies to produce functional parts in critical systems. However, the inherent complexity of both AM designs and AM processes renders them attractive targets for cyber-attacks. Risk-based information technology (IT) and operational technology (OT) security guidance standards are useful resources for AM security practitioners, but the guidelines they provide are insufficient without additional AM-specific revisions. Therefore, a structured layering approach is needed to efficiently integrate these revisions with preexisting IT and OT security guidance standards. To implement such an approach, this paper proposes leveraging the National Institute of Standards and Technology\u2019s cybersecurity framework (CSF) to develop layered, risk-based guidance for fulfilling specific security outcomes. It begins with an in-depth literature review that reveals the importance of AM data and asset management to risk-based security. Next, this paper adopts the CSF asset identification and management security outcomes as an example for providing AM-specific guidance and identifies the AM geometry and process definitions to aid manufacturers in mapping data flows and documenting processes. Finally, this paper uses the open security controls assessment language (OSCAL) to integrate the AM-specific guidance with existing IT and OT security guidance in a rigorous and traceable manner. This paper\u2019s contribution is to show how a risk-based layered approach enables the authoring, publishing, and management of AM-specific security guidance that is currently lacking. The authors believe implementation of the layered approach would result in value-added, non-redundant security guidance for AM that is consistent with the preexisting guidance.<\/jats:p>","DOI":"10.1115\/1.4064128","type":"journal-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T08:43:25Z","timestamp":1700729005000},"update-policy":"https:\/\/doi.org\/10.1115\/crossmarkpolicy-asme","source":"Crossref","is-referenced-by-count":2,"title":["Layered Security Guidance for Data Asset Management in Additive Manufacturing"],"prefix":"10.1115","volume":"24","author":[{"given":"Fahad","family":"Ali Milaat","sequence":"first","affiliation":[{"name":"National Institute of Standards and Technology Engineering Laboratory, , Gaithersburg, MD 20899-8260"}]},{"given":"Joshua","family":"Lubell","sequence":"additional","affiliation":[{"name":"National Institute of Standards and Technology Engineering Laboratory, , Gaithersburg, MD 20899-8260"}]}],"member":"33","published-online":{"date-parts":[[2024,2,5]]},"reference":[{"key":"2024020518581525400_CIT0001","article-title":"ISO\/ASTM 52900:2021 Additive Manufacturing \u2013 General Principles \u2013 Fundamentals and Vocabulary"},{"key":"2024020518581525400_CIT0002","doi-asserted-by":"publisher","first-page":"108087","DOI":"10.1016\/j.ijpe.2021.108087","article-title":"The Economics of Additive Manufacturing: Towards a General Cost Model Including Process Failure","volume":"237","author":"Ding","year":"2021","journal-title":"Int. J. Prod. Econ."},{"key":"2024020518581525400_CIT0003","article-title":"Wohlers Report 2022: 3D Printing and Additive Manufacturing Global State of the Industry"},{"key":"2024020518581525400_CIT0004","doi-asserted-by":"publisher","first-page":"103833","DOI":"10.1109\/ACCESS.2019.2931738","article-title":"Characteristic Aspects of Additive Manufacturing Security From Security Awareness Perspectives","volume":"7","author":"Graves","year":"2019","journal-title":"IEEE Access"},{"key":"2024020518581525400_CIT0005","first-page":"169","volume-title":"Security Challenges of Additive Manufacturing With Metals and Alloys","author":"Yampolskiy","year":"2015"},{"key":"2024020518581525400_CIT0006","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-175Br1","article-title":"Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms","author":"Barker","year":"2020"},{"key":"2024020518581525400_CIT0007","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-82r3","article-title":"Guide to Operational Technology (OT) Security","author":"Stouffer","year":"2023"},{"key":"2024020518581525400_CIT0008","first-page":"3","article-title":"Myths and Misconceptions in Additive Manufacturing Security: Deficiencies of the CIA Triad","author":"Yampolskiy","year":"2021"},{"key":"2024020518581525400_CIT0009","first-page":"431","article-title":"Security of Additive Manufacturing: Attack Taxonomy and Survey","volume":"21","author":"Yampolskiy","year":"2018","journal-title":"Addit. Manuf."},{"issue":"1\u20134","key":"2024020518581525400_CIT0010","doi-asserted-by":"publisher","first-page":"527","DOI":"10.1007\/s00170-017-1172-6","article-title":"Common Defects and Contributing Parameters in Powder Bed Fusion AM Process and Their Classification for Online Monitoring and Control: A Review","volume":"95","author":"Malekipour","year":"2018","journal-title":"Int. J. Adv. Manuf. Technol."},{"key":"2024020518581525400_CIT0011","doi-asserted-by":"publisher","first-page":"47322","DOI":"10.1109\/ACCESS.2020.2978815","article-title":"Additive Manufacturing Cyber-Physical System: Supply Chain Cybersecurity and Risks","volume":"8","author":"Gupta","year":"2020","journal-title":"IEEE Access"},{"key":"2024020518581525400_CIT0012","first-page":"61","article-title":"Defining and Addressing the Cybersecurity Challenges of Additive Manufacturing Platforms","author":"Adkins","year":"2021"},{"key":"2024020518581525400_CIT0013","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1109\/TASE.2023.3243147","article-title":"Digital Twin-Based Cyber-Attack Detection Framework for Cyber-Physical Manufacturing Systems","author":"Balta","year":"2023","journal-title":"IEEE Trans. Autom. Sci. Eng."},{"key":"2024020518581525400_CIT0014","first-page":"192","article-title":"State of Security Awareness in the Additive Manufacturing Industry: 2020 Survey","author":"Yampolskiy","year":"2022"},{"key":"2024020518581525400_CIT0015","article-title":"Framework for Improving Critical Infrastructure Cybersecurity","author":"National Institute of Standards and Technology","year":"2018"},{"key":"2024020518581525400_CIT0016","article-title":"ISO\/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection \u2013 Information Security Management Systems \u2013 Requirements"},{"issue":"4","key":"2024020518581525400_CIT0017","doi-asserted-by":"publisher","first-page":"332","DOI":"10.1049\/iet-cps.2018.5079","article-title":"Assets Focus Risk Management Framework for Critical Infrastructure Cybersecurity Risk Management","volume":"4","author":"Kure","year":"2019","journal-title":"IET Cyber-Phys. Syst.: Theory Appl."},{"key":"2024020518581525400_CIT0018","doi-asserted-by":"publisher","first-page":"88506","DOI":"10.1109\/ACCESS.2020.2993614","article-title":"Bayesian Network Based C2P Risk Assessment for Cyber-Physical Systems","volume":"8","author":"Lyu","year":"2020","journal-title":"IEEE Access"},{"key":"2024020518581525400_CIT0019","article-title":"OSCAL"},{"key":"2024020518581525400_CIT0020","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1016\/B978-0-12-824552-1.00006-2","volume-title":"3D Bioprinting and Nanotechnology in Tissue Engineering and Regenerative Medicine","author":"Ferrill","year":"2022"},{"key":"2024020518581525400_CIT0021","doi-asserted-by":"crossref","DOI":"10.2172\/1635763","article-title":"Additive Manufacturing and Nuclear Security: Calibrating Rewards and Risks","author":"Goodwin","year":"2019"},{"key":"2024020518581525400_CIT0022","first-page":"1","article-title":"Acoustic Side-Channel Attacks on Additive Manufacturing Systems","author":"Al Faruque","year":"2016"},{"key":"2024020518581525400_CIT0023","first-page":"135","article-title":"Encryption is Futile: Reconstructing 3D-Printed Models Using the Power Side-Channel","author":"Gatlin","year":"2021"},{"key":"2024020518581525400_CIT0024","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1016\/j.jmsy.2020.05.014","article-title":"A Physical Hash for Preventing and Detecting Cyber-physical Attacks in Additive Manufacturing Systems","volume":"56","author":"Brandman","year":"2020","journal-title":"J. Manuf. Syst."},{"key":"2024020518581525400_CIT0025","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2022.24298","article-title":"Hiding My Real Self! Protecting Intellectual Property in Additive Manufacturing Systems Against Optical Side-Channel Attacks","author":"Liang","year":"2022"},{"key":"2024020518581525400_CIT0026","first-page":"16","article-title":"dr0wned \u2013 Cyber-Physical Attack With Additive Manufacturing","author":"Belikovetsky","year":"2017"},{"key":"2024020518581525400_CIT0027","article-title":"Evaluation of a Cyber-Physical Attack Effectiveness in Metal Additive Manufacturing by Selectively Modifying Build Layer Thickness","author":"Carrion","year":"2021"},{"key":"2024020518581525400_CIT0028","doi-asserted-by":"crossref","DOI":"10.1145\/3494107.3522776","article-title":"3D-Mold\u2019ed In-Security: Mapping Out Security of Indirect Additive Manufacturing","author":"Parker","year":"2022"},{"issue":"3","key":"2024020518581525400_CIT0029","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1109\/LES.2021.3129108","article-title":"Needle in a Haystack: Detecting Subtle Malicious Edits to Additive Manufacturing G-Code Files","volume":"14","author":"Beckwith","year":"2022","journal-title":"IEEE Embedded Syst. Lett."},{"issue":"4","key":"2024020518581525400_CIT0030","doi-asserted-by":"publisher","first-page":"1815","DOI":"10.1007\/s10845-021-01879-9","article-title":"An LSTM-Autoencoder Based Online Side Channel Monitoring Approach for Cyber-Physical Attack Detection in Additive Manufacturing","volume":"34","author":"Shi","year":"2023","journal-title":"J. Intell. Manuf."},{"key":"2024020518581525400_CIT0031","doi-asserted-by":"publisher","first-page":"429","DOI":"10.1016\/j.jmsy.2021.12.007","article-title":"Securing Cyber-Physical Additive Manufacturing Systems by In-Situ Process Authentication Using Streamline Video Analysis","volume":"62","author":"Mamun","year":"2022","journal-title":"J. Manuf. Syst."},{"key":"2024020518581525400_CIT0032","first-page":"102029","article-title":"Sabotaging Metal Additive Manufacturing: Powder Delivery System Manipulation and Material-Dependent Effects","volume":"46","author":"Graves","year":"2021","journal-title":"Addit. Manuf."},{"issue":"6","key":"2024020518581525400_CIT0033","doi-asserted-by":"publisher","first-page":"5361","DOI":"10.1109\/TMECH.2022.3179713","article-title":"FLAW3D: A Trojan-Based Cyber Attack on the Physical Outcomes of Additive Manufacturing","volume":"27","author":"Pearce","year":"2022","journal-title":"IEEE\/ASME Trans. Mechatron."},{"key":"2024020518581525400_CIT0034","doi-asserted-by":"publisher","first-page":"133421","DOI":"10.1109\/ACCESS.2019.2928005","article-title":"Detecting Sabotage Attacks in Additive Manufacturing Using Actuator Power Signatures","volume":"7","author":"Gatlin","year":"2019","journal-title":"IEEE Access"},{"key":"2024020518581525400_CIT0035","doi-asserted-by":"publisher","first-page":"27218","DOI":"10.1109\/ACCESS.2020.2971947","article-title":"Sabotage Attack Detection for Additive Manufacturing Systems","volume":"8","author":"Yu","year":"2020","journal-title":"IEEE Access"},{"key":"2024020518581525400_CIT0036","doi-asserted-by":"crossref","first-page":"171","DOI":"10.1007\/978-3-030-71061-3_11","volume-title":"Industrial IoT Technologies and Applications","author":"Rott","year":"2021"},{"key":"2024020518581525400_CIT0037","first-page":"15","article-title":"Spooky Manufacturing: Probabilistic Sabotage Attack in Metal AM Using Shielding Gas Flow Control","author":"Zinner","year":"2022"},{"key":"2024020518581525400_CIT0038","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1007\/978-3-031-20137-0_7","volume-title":"Critical Infrastructure Protection XVI","author":"Kurkowski","year":"2022"},{"key":"2024020518581525400_CIT0039","doi-asserted-by":"publisher","first-page":"108318","DOI":"10.1016\/j.compscitech.2020.108318","article-title":"Reverse Engineering of Additive Manufactured Composite Part by Toolpath Reconstruction Using Imaging and Machine Learning","volume":"198","author":"Yanamandra","year":"2020","journal-title":"Compos. Sci. Technol."},{"issue":"1","key":"2024020518581525400_CIT0040","doi-asserted-by":"publisher","first-page":"85","DOI":"10.3390\/ma15010085","article-title":"How Can We Provide Additively Manufactured Parts With a Fingerprint? A Review of Tagging Strategies in Additive Manufacturing","volume":"15","author":"Sola","year":"2021","journal-title":"Materials"},{"key":"2024020518581525400_CIT0041","first-page":"1","article-title":"Embedding Anti-Counterfeiting Features in Metallic Components Via Multiple Material Additive Manufacturing","volume":"24","author":"Wei","year":"2018","journal-title":"Addit. Manuf."},{"issue":"7","key":"2024020518581525400_CIT0042","first-page":"25","article-title":"Embedding Information Into Or Onto Additively Manufactured Parts: A Review of QR Codes","volume":"15","author":"Usama","year":"2022","journal-title":"Steganograph. Watermark. Meth. Mater."},{"key":"2024020518581525400_CIT0043","first-page":"266","article-title":"What Did You Add to My Additive Manufacturing Data?: Steganographic Attacks on 3D Printing Files","author":"Yampolskiy","year":"2021"},{"issue":"6","key":"2024020518581525400_CIT0044","doi-asserted-by":"publisher","first-page":"060904","DOI":"10.1115\/1.4055855","article-title":"STEP-NC Process Planning for Powder Bed Fusion Additive Manufacturing","volume":"22","author":"Milaat","year":"2022","journal-title":"ASME J. Comput. Inf. Sci. Eng."},{"issue":"2","key":"2024020518581525400_CIT0045","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1109\/MSEC.2022.3142338","article-title":"Top Five Challenges in Software Supply Chain Security: Observations From 30 Industry and Government Organizations","volume":"20","author":"Enck","year":"2022","journal-title":"IEEE Secur. Priv."},{"key":"2024020518581525400_CIT0046","article-title":"ISO 14649-17:2020 Industrial Automation Systems and Integration \u2013 Physical Device Control \u2013 Data Model for Computerized Numerical Controllers \u2013 Part 17: Process Data for Additive Manufacturing"},{"key":"2024020518581525400_CIT0047","article-title":"ISO\/ASTM 52915:2020, Specification for Additive Manufacturing File Format (AMF) Version 1.2"},{"key":"2024020518581525400_CIT0048","article-title":"Specification \u2013 3MF Consortium"},{"issue":"11","key":"2024020518581525400_CIT0049","doi-asserted-by":"publisher","first-page":"1141","DOI":"10.1080\/0951192X.2018.1509130","article-title":"STEP-NC Digital Thread for Additive Manufacturing: Data Model, Implementation and Validation","volume":"31","author":"Bonnard","year":"2018","journal-title":"Int. J. Comput. Integr. Manuf."},{"key":"2024020518581525400_CIT0050","doi-asserted-by":"publisher","first-page":"9","DOI":"10.1016\/j.promfg.2020.01.002","article-title":"A STEP-NC Implementation Approach for Additive Manufacturing","volume":"38","author":"Rodriguez","year":"2019","journal-title":"Procedia Manuf."},{"issue":"18","key":"2024020518581525400_CIT0051","doi-asserted-by":"publisher","first-page":"8292","DOI":"10.3390\/app11188292","article-title":"Squashed-Slice Algorithm Based on STEP-NC for Multi-material and Multi-directional Additive Processes","volume":"11","author":"Um","year":"2021","journal-title":"Appl. Sci."},{"key":"2024020518581525400_CIT0052","article-title":"ISO 10303-238:2022 Industrial Automation Systems and Integration \u2013 Product Data Representation and Exchange \u2013 Part 238: Application Protocol: Model Based Integrated Manufacturing"},{"key":"2024020518581525400_CIT0053","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/j.cad.2015.04.002","article-title":"Conformance Checking of PMI Representation in CAD Model STEP Data Exchange Files","volume":"66","author":"Lipman","year":"2015","journal-title":"Computer-Aided Des."},{"key":"2024020518581525400_CIT0054","article-title":"ISO 10303-11:2004 Industrial Automation Systems and Integration \u2013 Product Data Representation and Exchange \u2013 Part 11: Description Methods: The EXPRESS Language Reference Manual"},{"key":"2024020518581525400_CIT0055","first-page":"V002T02A065","article-title":"SMART Standards: Modularization Approach for Engineering Standards","author":"Luttmer","year":"2022"},{"issue":"2","key":"2024020518581525400_CIT0056","doi-asserted-by":"publisher","DOI":"10.1299\/jamdsm.2020jamdsm0022","article-title":"Procedure for the Transfer of Standards Into Machine-Actionability","volume":"14","author":"Loibl","year":"2020","journal-title":"J. Adv. Mech. Des. Syst. Manuf."},{"key":"2024020518581525400_CIT0057","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-53r5","article-title":"Security and Privacy Controls for Information Systems and Organizations","author":"Joint Task Force Interagency Working Group","year":"2020"},{"key":"2024020518581525400_CIT0058","article-title":"Pro Git","author":"Chacon"},{"key":"2024020518581525400_CIT0059","article-title":"Additive Manufacturing Profile","author":"Lubell","year":"2023"},{"key":"2024020518581525400_CIT0060","article-title":"YAML Ain\u2019t Markup Language (YAML\u2122) Revision 1.2.2","author":"Ben-Kiki","year":"2021"},{"issue":"1","key":"2024020518581525400_CIT0061","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/s10207-020-00533-4","article-title":"Automatic Analysis of Attack Graphs for Risk Mitigation and Prioritization on Large-Scale and Complex Networks in Industry 4.0","volume":"21","author":"Stergiopoulos","year":"2022","journal-title":"Int. J. Inf. Secur."}],"container-title":["Journal of Computing and Information Science in Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/24\/7\/071001\/7238349\/jcise_24_7_071001.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/asmedigitalcollection.asme.org\/computingengineering\/article-pdf\/24\/7\/071001\/7238349\/jcise_24_7_071001.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,5]],"date-time":"2024-02-05T18:58:35Z","timestamp":1707159515000},"score":1,"resource":{"primary":{"URL":"https:\/\/asmedigitalcollection.asme.org\/computingengineering\/article\/24\/7\/071001\/1170884\/Layered-Security-Guidance-for-Data-Asset"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,5]]},"references-count":61,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2024,7,1]]}},"URL":"https:\/\/doi.org\/10.1115\/1.4064128","relation":{},"ISSN":["1530-9827","1944-7078"],"issn-type":[{"value":"1530-9827","type":"print"},{"value":"1944-7078","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,2,5]]},"article-number":"071001"}}