PCB Design and Network Segmentation: Best Practices for Defense Companies
Ziv Cohen
Application Manager, Nano Dimension
Compliance and security are not the same, and companies in highly regulated industries—including the defense industry—must meet both goals without sacrificing productivity. Network segmentation is just one of many best practices defense companies can take to ensure network security, but it is not a cure-all for security concerns. Rather, it is one of many steps defense companies can take to protect sensitive information in an age where security breaches are common and manufacturing facilities are distributed.
Companies that design and manufacture PCBs for defense systems must maintain security over sensitive design data and their production capabilities from outside attacks. Even if you implement the best security measures in your own facility, you can still expose yourself to breaches if you use a subcontracted manufacturer for prototyping and new product introduction (NPI) processes. Instead, you’ll have more control over your own security, supply chain, and productivity when network segmentation best practices for defense electronics companies are combined with in-house additive manufacturing capabilities.
Network segmentation is one of many steps defense companies can take to protect sensitive information in an age where security breaches are common.
Balancing Security and Access to Production
If you’re designing electronics for defense systems, you’re likely familiar with the Defense Federal Acquisition Regulation Supplement (DFARS) data management and IT security provisions that can constrain operations. Add to that procurement and sourcing regulations, and defense companies have a difficult challenge getting their designs off of a computer screen and into the field.
Not all manufacturers can meet ITAR, standards for electronics manufacturing. Regarding electronic devices meant for sensitive systems that carry national security concerns, overseas manufacturers may be completely forbidden from touching the device. Production of mission-critical systems is typically kept onshore to comply with DFARS provisions. However, working with a subcontracted manufacturer puts you at the mercy of their cybersecurity and other security practices.
As subcontracted manufacturers may not require the same security clearances as primes, it may be best to keep prototyping capabilities in-house during the design phase, as well as full production capabilities. An in-house additive manufacturing system built specifically for PCBs, including multilayer PCBs and antennas, can help electronics and RF designers produce rapid prototypes and finished products while staying secure and compliant. These systems can be easily kept secure with network segmentation or used entirely off network.
Network Segmentation Best Practices for Defense Companies
With security breaches and hacking incidents becoming daily headline news, defense companies developing new electronics systems must segment their networks to prevent access to sensitive data in the event of a security breach. This takes more than just segmenting people and workstations into different departments or segmenting functions across different servers.
As a cybersecurity defense mechanism, network segmentation is gaining popularity among many well-known companies. This involves the process of splitting your network into subnetworks, in which each subnetwork has different security and performance requirements.
Electronics designers and manufacturers for defense companies should consider the following network segmentation best practices to protect their PCB designs and their manufacturing assets:
House design and production data on a separate network. The public-facing portions of the network, such as client-facing systems and guest WiFi access, should be separated from design data warehouses and production systems.
Filter traffic between networks and subnetworks. Routers or layer 3 switches can be used to divide a network into smaller subnetworks using measures such as access control lists (ACLs) or virtual local area networks (VLAN). Network traffic between segments can be filtered with firewalls. Additional security on the local area network (LAN) can be provided by filtering traffic with host-based firewalls.
Implementing traffic filtration measures helps ensure that manufacturing assets and design data can only be accessed by certain people within the overall network. This restricts the user base that has access to sensitive design data, reducing the risk of theft and making it easier to trace leaks back to specific members of the organization.
Isolate vulnerable subnetworks in the event of a breach. If a public-facing portion of the network is breached, the remaining portions of the network that store sensitive design information and personal data should be cut off from the vulnerable subnetworks. This prevents attackers from stealing sensitive design information and isolates critical systems, such as physical security and industrial control systems.
Segment your public-facing systems from your production assets
A network breach in a traditional manufacturing facility, where tasks are distributed across an assembly line, can cause an outage that brings down production for a significant period of time. Network segmentation can reduce the blast radius associated with a breach and hopefully isolate it away from critical production assets. As additive manufacturing systems are largely standalone systems and are not integrated into a larger manufacturing line, they naturally lend themselves to network segmentation and are inherently more secure.
How Additive Manufacturing Aids Security
As a no-human-in-the-loop PCB manufacturing technology, additive manufacturing for mission-critical electronics systems completely removes human interference from the manufacturing stage. This offers the following benefits when it comes to maintaining the security of your PCB designs and manufacturing assets:
Keeping manufacturing functions in-house rather than risking 3rd party or overseas production allows you to produce short-run prototypes securely at costs that are competitive with higher-volume prototyping runs.
Additive manufacturing systems can be naturally segmentedfrom the remaining portions of a network as they do not need to interface with the rest of your industrial control systems as part of a larger manufacturing line. If desired, they can also be used without a network connection.
More agile and productive prototyping and manufacturing steps also reduce logistical complexity in the creation of your PCB and allows you more control over your supply chain.
Manufacturing in-house eliminates the need for contracted manufacturers and the security risks that go along with them.
If you’re involved in defense research, the Defense Advanced Research Projects Agency (DARPA) has expressed serious interest in automating PCB manufacturing and bringing productivity up to par with manufacturing in other industries. PCB fabrication and assembly still lags far behind other industries in terms of automation. Additive manufacturing is sure to play a role in this area as it provides faster turnaround time while naturally fitting in with network segmentation practices.
If defense industry regulations and security practices make it difficult to work with traditional PCB manufacturers, you can solve both problems by bringing an additive manufacturing system in-house. Nano Dimension’s DragonFly Pro additive manufacturing system is built to print advanced multilayer electronics for any application. In addition, we are a certified U.S. Department of Defense vendor with a CAGE code. If you’re interested in learning more about the DragonFly Pro system, read a case study or contact us today.
Ziv Cohen has both an MBA and a bachelor’s degree in physics and engineering from Ben Gurion University, as well as more than 20 years of experience in increasingly responsible roles within R&D. In his latest position, he was part of Mantis Vision team—offering advanced 3D Content Capture and Sharing technologies for 3D platforms. The experience that he brings with him is extensive and varied in fields such as satellites, 3D, electronic engineering, and cellular communications. As our Application Manager, he’ll be ensuring the objectives of our customers and creating new technology to prototype and manufacture your PCBs.