Engineering Cybersecurity

2025-06-26

Cyber threats are increasing. How can you safeguard engineering data?

As the world becomes increasingly interconnected, engineers and manufacturers face a number of security challenges. Sharing design and engineering data with far-flung associates around the world, along with customers, suppliers and third-party manufacturing firms can put intellectual property (IP) at risk. At the same time, cyberattacks like phishing and ransomware are increasing in frequency, which can endanger a firm’s data and reputation.

We spoke to experts at a number of firms with different perspectives on how to secure engineering data in this environment. Assembrix offers a platform (VMS) to help companies outsource manufacturing to partners around the globe while securing their IP and maintaining quality control. Xometry is an on-demand industrial parts marketplace that recently achieved Cybersecurity Maturity Model Certification (CMMC). IMAGINiT (a division of Rand Worldwide) is an Autodesk reseller and consultancy. Accenture recently formalized a partnership with Siemens to create the Accenture Siemens Business Group to “co-develop and jointly market solutions to clients that combine automation, industrial AI and software from the Siemens Xcelerator portfolio with Accenture’s data and AI capabilities,” as well as managed security services.

What are the key security concerns/threats when it comes to engineering and manufacturing data?

Lior Polak, CEO, Assembrix: A digital twin in additive manufacturing (AM) is a virtual model of a physical object or process, integrating real-time data from AM build files, sensors and IoT devices to mirror production. These files, embodying significant time and expertise, are critical to the digital twin’s value, making them prime targets for IP theft, especially by rogue actors in trusted supply chain organizations. The key security concerns are:

Rogue Actors: Insiders with access to digital twin data (e.g., AM build files) can steal IP for personal gain, espionage or coercion, exploiting trust within the supply chain.
Cyber Threats: Digital twins are vulnerable to ransomware, phishing and supply chain attacks due to their reliance on interconnected systems (cloud, IoT) and the digital thread’s vast data.
IP Theft: The proprietary nature of digital twin data, including AM parameters, risks competitive advantage loss or counterfeiting.
Supply Chain Complexity: Interconnected stakeholders increase breach risks, especially from insiders, complicating detection and response.
Legacy Systems and IoT Vulnerabilities: Outdated systems and insecure IoT devices expand the attack surface.

Mark Flayler, Engagement Engineer in the Manufacturing Service Division, IMAGINiT Technologies: Engineering and manufacturing data are critical assets for organizations, and their compromise can lead to significant financial, operational and reputational damage. Key security concerns and threats in this context include:

Intellectual Property (IP) Theft: Engineering designs, CAD files, proprietary manufacturing processes and product blueprints are highly valuable and often targeted by competitors, nation-states and cybercriminals.
Industrial Espionage: Attackers may target sensitive R&D or prototype data to gain a competitive advantage or disrupt innovation.
Data Integrity Attacks: Tampering with design or manufacturing data can result in defective or dangerous products, leading to recalls, safety issues or legal consequences.
Ransomware and Data Sabotage: Disruption of manufacturing operations by encrypting or corrupting essential data (e.g., production line configurations, scheduling or design specs).
Supply Chain Vulnerabilities: Engineering and manufacturing often involve third-party suppliers, making the broader ecosystem a target.
Inadequate Access Controls: Excessive or poorly managed user privileges can lead to accidental leaks or intentional data exfiltration.
Insecure Collaboration and Data Sharing: Engineering teams often share files across geographies or with contractors, sometimes using unsecured methods.
Outdated or Unpatched Systems: Legacy systems commonly found in manufacturing environments may lack modern security protections.
Digital Twin & IoT Device Vulnerabilities: Increasing use of digital twins and IoT devices in smart manufacturing introduces new attack surfaces.
Regulatory Non-Compliance: Engineering and manufacturing sectors may be subject to industry regulations (e.g., ITAR, NIST, GDPR). Noncompliance due to poor data security can result in penalties.

Piyush Jain, Products Security Lead, Accenture: Due to the increasing IT/OT convergence and the rise of cloud-based services, the exposure of industry plants to the internet is ever-increasing. This increases attack vectors dramatically and even more facilitates APTs [advanced persistent threats] like state-sponsored groups to attack our critical production infrastructure.

In today’s hyper-connected manufacturing ecosystem, securing engineering data is not just an IT concern—it’s a business imperative. Securing engineering and manufacturing data is critical to preventing intellectual property (IP) theft, unauthorized modifications, industrial espionage and cyberattacks that could disrupt operations. Data integrity attacks, where specifications or models are tampered with, can lead to flawed or unsafe products. Insider threats, employees or contractors misusing their access, pose risks of data theft, alteration or leakage. Weak access controls, and outdated legacy systems, further increase exposure. Lastly, the use of collaboration tools and remote access platforms can lead to IP leakage if not properly secured. For example, sensitive design files or documents shared over unencrypted channels or with improperly configured access settings may be accessed by unauthorized users. We have also often seen that employees unknowingly share proprietary content through personal devices/cloud storage without appropriate controls, increasing the risk of data leakage.

Tarit Mitra, Head of Cyber and Information Security, Xometry: At Xometry, we take a proactive approach to cybersecurity, as demonstrated by our early adoption of CMMC Level 2 certification. We recognize that security is constantly evolving—yesterday’s cutting-edge technology becomes today’s standard and tomorrow’s legacy technology. That is why we’re constantly evaluating our technology stack against market innovations and emerging threats.

Here are just three examples of our security principles that we think are instructive for others.

They include:

1. Implementing a zero-trust model requiring continuous verification for all users and devices;

2. “Shifting left” in our development lifecycle to embed security testing from the earliest stages, and

3. Leveraging AI to detect and respond to increasingly sophisticated attacks.

How do your products and services help secure that data?

Polak, Assembrix: Assembrix’s platform is a cloud-based solution designed to virtualize and secure the AM digital thread, including digital twin data critical for AM processes. The platform includes multiple features and capabilities that have been developed over years and [are] tailored to the AM process so that they address customers’ needs and risk factors.

Assembrix VMS uses state-of-the-art blockchain-based encryption to secure digital twin data, ensuring that even insiders cannot access or misuse files without authorization. The platform implements strict role-based access controls, limiting who can view or modify AM build files, reducing the risk of insider theft.

In addition to providing secure transfer of manufacturing data, Assembrix also provides real-time monitoring. Image courtesy of Assembrix.

VMS virtualizes the AM process, enabling secure remote printing while maintaining control over the digital thread. Its cloud-based architecture incorporates robust cybersecurity measures, such as encryption and real-time monitoring, to protect against ransomware and phishing attempts. The platform oversees the entire AM workflow—from design to verified part—reducing vulnerabilities in data transmission that could be exploited in phishing or ransomware attacks.

VMS ensures IP protection through advanced encryption, preventing unauthorized access or copying of digital twin data, such as proprietary AM parameters. The platform provides a real-time data feed for monitoring print status, coupled with blockchain for an auditable transaction trail, ensuring no excess parts are produced or designs misused.

VMS applies digital twin-in-context to store and analyze data points and relationships within print batches, streamlining the management of complex digital twin datasets. The platform also uses machine learning to provide recommendations for quality control and cost reduction, handling large data volumes efficiently.

Jain, Accenture: Accenture’s Managed Security Services address threats to engineering and manufacturing data through a comprehensive, industry-focused approach. Leveraging deep expertise in both information technology (IT) and operational technology (OT) cybersecurity, Accenture provides 24/7 threat monitoring and response, tailored to protect IP, secure design files and safeguard operational technologies like PLCs [programmable logic controllers] and CNC [computer numeric control] systems. The offering includes advanced identity and access management to prevent unauthorized access, insider threat detection using behavioral analytics and robust protection of collaboration tools to avoid accidental IP leakage. Accenture also helps secure legacy systems through vulnerability management and network segmentation leveraging zero trust, thus isolating critical systems like CAD servers, PLCs or manufacturing execution systems.

Accenture is working with Siemens to offer new cyber protection for manufacturing environments at the intersection where engineering data and production execution meet—securing innovation from design through delivery. This joint IT/OT cybersecurity approach leverages Siemens’ Remote Industrial Operations Services (RIOpS) and Accenture’s managed security services, including the Managed Extended Detection and Response (MxDR) platform, to detect and respond to cyber threats. We are combining Siemens’ Automation, IT and service domain knowledge with Accenture’s ability to offer best-in-class cybersecurity services, 24/7/365, connected worldwide.

Mitra, Xometry: Xometry achieved a perfect score on our CMMC Level 2 audit, making us an industry pioneer in meeting this rigorous standard. Given that we routinely handle sensitive and export-controlled data, we maintain strict protocols to ensure this information only resides on CMMC Level 2 compliant systems, such as FedRAMP authorized cloud providers, with access restricted to authorized personnel only.

What are some key best practices around engineering/product data that companies should follow when it comes to security? Are there any challenges specific to this type of data that companies should be aware of?

Assembrix provides a remote print platform that is designed to protect IP when using third-party manufacturing services. Image courtesy of Assembrix.

Polak, Assembrix: Among the best practices companies should follow when it comes to security are:

File Integrity Protection: Use blockchain-based encryption to ensure AM build files remain unaltered, preventing unauthorized changes to process parameters, materials or laser settings.
Real-Time Monitoring: Using in-situ monitoring to track production process and machine parameters, detecting anomalies that could indicate compromised files, reducing the risk of defective parts.
Access Controls: Strict role-based access controls limit who can modify build files, mitigating insider threats from rogue actors.
Supply Chain Security: Vetting partners and using secure data-sharing platforms to ensure file integrity across distributed manufacturing.
Quality Assurance: Post-print inspections, such as X-ray or ultrasonic testing, can identify defects caused by compromised files, though this adds cost.
Employee Training: Educating operators on cybersecurity risks helps prevent human error in handling compromised files.
Regulatory Compliance: Adhering to standards like ISO 27001 or AS9100 (as Assembrix partners do) ensures robust safety and security protocols.

Jain, Accenture: We support the customer in applying and operating a defense-in-depth approach, thus enabling them to protect their engineering data. With constant security monitoring we detect breaches early and can react before the attacker even reaches critical software assets like production or engineering data.

When dealing with engineering data, which typically includes CAD files, design schematics, simulation models, product lifecycle data and industrial process details, there are several security best practices we advise companies to follow. Some of the key best practices our clients are adopting are as follows:

Classify engineering data based on sensitivity and use metadata tagging to track the sensitivity level across systems
Use of Zero Trust Architecture (ZTA) to continuously verify access, segment networks
Adopt user and entity behavior analytics (UEBA) to spot anomalies in engineering environments
In addition to strong authentication, enforce principle of least privilege, especially for cross-functional teams
Use of data loss prevention (DLP) and digital rights management (DRM) to restrict critical file actions (view, print, edit) with DRM, important for CAD/3D assets

Engineering data presents unique security challenges due to its high value and complex lifecycle. It often contains IP, making it a prime target for competitors and nation-state actors. The large file sizes and proprietary formats typical of CAD, simulation and 3D modeling tools complicate secure storage, sharing and interoperability. With design and manufacturing increasingly distributed across global teams, organizations face varied regulatory environments and expanded attack surfaces. Compounding this is the need to integrate engineering data across legacy and OT systems, which frequently lack modern security controls. Security maturity is often inconsistent across engineering platforms like product lifecycle management (PLM) or supervisory control and data acquisition (SCADA), limiting the ability to enforce unified policies. The long lifespan of engineering data often retained for decades due to compliance needs further amplifies the risks to data integrity and confidentiality.

Mitra, Xometry: Engineering and product data security are core to our business at Xometry. We continuously evaluate and optimize our practices while looking holistically across all attack surfaces for any potential threats.

A significant challenge in our industry involves securing operational technology (OT) such as 3D printers and CNC machines. To secure these devices, network segmentation and the use of VLANs [virtual local area networks] is important, as is limiting USB access to any workstations connected to OT.

How can companies mitigate engineering data risk when sharing data with partners across the manufacturing chain or supply chain?

Jain, Accenture: Reducing the risk of engineering data exposure in manufacturing and supply chain collaboration requires a layered strategy that ensures robust cybersecurity without compromising operational agility. Organizations are taking different approaches depending on the data criticality, geography and usage.

Usage of specific clause in contact, i.e., contractual obligations to clear definition of handling rules, access limitations and liability in contracts, including clauses for data breach notification, retention and destruction
Adopting vetted platforms with encryption and watermarking
Applying DRM [digital rights management] rules to restrict file actions
Adopting federated identity to integrate partner identities via secure federation, such as Security Assertion Markup Language/ OpenID Connect (SAML/OIDC)
Zero trust for external access, i.e., treating external access as untrusted by default; enforce real-time, risk-based access decisions
Ensuring audit or partner to certify the secure disposal post-engagement as a part of end-of-life data handling policy

Mitra, Xometry: Partner adherence to standard security frameworks such as NIST 800-171 or ISO 270001 is a useful indicator of their ability to safely handle data. The CMMC framework, which builds on NIST 800-171 and requires a third-party audit, offers a high level of assurance for aerospace and defense work. It’s also important to implement technical controls to ensure that highly sensitive data such as export-controlled data flows exclusively to partners that are authorized to access it.

CMMC Certification

The Department of Defense’s Cybersecurity Maturity Model Certification program (CMMC) is a cybersecurity framework targeted at Department of Defense contractors and subcontractors, in an effort to help protect them from cyberattacks. Earlier this year, Xometry became one of the first companies to achieve CMMC Level 2 certification.

The CMMC framework requires contractors to comply with strict cybersecurity requirements for protecting Controlled Unclassified Information (CUI), including ITAR-regulated export-controlled data, and to undergo an audit by a Certified Third-Party Assessor Organization (C3PAO).

According to Tarit Mitra, Xometry’s head of cyber and information security:

“Achieving CMMC certification involved a rigorous three-year process of reviewing and enhancing our security posture with specialized consultants. This was particularly challenging as the CMMC standard itself was evolving during our compliance journey.

“We recognized early the strategic importance of CMMC to our business and made the deliberate decision to be first to market with this certification. This underscores our commitment to cybersecurity excellence and data protection—a critical differentiator for our aerospace and defense customers. We’re also working closely with our partners to educate them about the CMMC certification process to better enable them to achieve this standard.”

Cybersecurity Best Practices

IMAGINiT provided a detailed list of cybersecurity best practices for engineering.

1. Classify and Prioritize Data

Define categories such as confidential IP, regulatory data, internal use or public.
Apply security controls based on classification (e.g., encryption, access limits).

2. Implement Role-Based Access Control (RBAC)

Grant access based on job functions (e.g., designers, vendors, QA).
Enforce least privilege: only the necessary level of access for each role.
Avoid email or unsecured file-sharing tools like public cloud drives (e.g., personal Google Drive).

3. Use Version Control and Change Tracking

Maintain audit trails, design history and revision control to track who changed what, when and why.
Use tools like Autodesk Vault, Git or PLM systems for structured versioning.

4. Secure Collaboration and File Sharing

Avoid email or unsecured file transfers.
Use secure, permission-based platforms (e.g., Autodesk Docs, SharePoint, Dropbox Business).
Share neutral file formats (e.g., STEP, IGES) instead of native CAD when full feature data is not needed.
Implement watermarking and access expiration for sensitive files shared externally.

5. Encrypt Data At Rest and In Transit

Ensure CAD files, simulations and BOMs [bill of materials] are encrypted on both endpoints and servers.
Enforce TLS 1.2+ for all data transmissions.
Use Digital Rights Management (DRM) to control access even after files are downloaded (e.g., restrict printing or copying).
Consider PDF conversion with watermarking for sensitive engineering drawings.

6. Centralize Data Storage and Backup

Use secure central repositories for CAD and product data.
Enable automated backups, version recovery and disaster recovery plans.

7. Secure the Supply Chain

Vet third-party vendors for cybersecurity maturity.
Limit their access to only essential design components or data sets.
Use NDAs and IP protection agreements.
Regularly audit and update supplier access.

8. Regularly Audit and Monitor Access Logs

Review system logs for unauthorized access or unusual activity.
Automate alerts for policy violations or sensitive data exfiltration attempts.

9. User Training and Insider Threat Awareness

Train engineers and drafters on secure data handling, phishing and sharing risks.
Implement DLP (data loss prevention) tools to flag risky behaviors.
Ensure engineers, designers and project managers know: Which platforms/tools are approved for data sharing; What not to send (e.g., source files, full assemblies); How to escalate security concerns

10. Secure Endpoints and Development Environments

Engineers often use powerful desktops or mobile workstations—secure them with: Endpoint protection; Disk encryption; Policy enforcement (e.g., USB restrictions, local admin rights)

11. Comply with Regulatory Requirements

For export-controlled or regulated data (e.g., ITAR, EAR, CMMC, GDPR):
Restrict access to authorized persons (e.g., U.S. citizens for ITAR).
Verify partners’ certifications and compliance frameworks.
Use platforms that support data residency and geo-fencing.

<< BACK TO ALL MEDIA