Pentagon 3D-Printing Pilot Expands Supply Chain Risk

The pilot program, managed by the Defense Logistics Agency (DLA), is formally known as the Joint Additive Manufacturing Acceptance IDIQ Pilot Parts Program (JAMA). Its purpose is to establish a rapid and flexible contract vehicle for sourcing high-quality 3D-printed components, including parts deemed flight-safety-critical and essential for military missions. One of the 24 firms selected is Applied Rapid Technologies, a division of Obsidian Solutions Group, which has over 25 years of experience in the field. This initiative directly confronts the vulnerabilities of the "digital thread"—the entire data lifecycle from a component's initial CAD design to the final manufacturing instructions. A 2021 DoD Inspector General report found that additive manufacturing systems were often treated as simple "tools" rather than networked IT systems, leaving them without consistent security controls like vulnerability scanning or updated operating systems. This oversight created significant risks, as malicious actors could steal design data or alter it to compromise the structural integrity of printed parts. Many of the digital blueprints and technical files used in this program are considered Controlled Unclassified Information (CUI), which requires specific safeguarding measures under federal policy. Defense contractors handling CUI must comply with the security controls outlined in NIST SP 800-171, a standard that dictates how to protect sensitive information on non-federal systems. The technical data for a military part, from its design specifications to its material composition, falls squarely into this protected category. To counter these threats, the DoD is applying Zero Trust principles to its Operational Technology (OT) environments, which include these advanced manufacturing systems. This security model abandons the idea of a trusted internal network and instead operates on a "never trust, always verify" basis, mandating continuous authentication for every user and device. For 3D printers, this involves micro-segmenting the network to prevent unauthorized lateral movement and enforcing least-privilege access, ensuring a designer can edit a file but not send it to a printer, while a machine operator can only access a validated, final-version file for production. The DLA is also developing a common data framework called the Joint Additive Manufacturing Model Exchange (JAMMEX). This system is designed to enable the secure sharing of approved 3D-printable models and technical data across all DoD branches, ensuring data integrity from the source file to the point of need on the battlefield or at a depot.