Digital Readout Kit for Mills, Lathes, & Grinding
Published

Cybersecurity for Job Shops

Small and medium-size machining job shops can take steps to protect computerized or networked assets such as CNC machines from cyber attacks. 

Ken Modeste, Leader, Cybersecurity Services, UL LLC

Share

Read Next

Managers of small and medium-size machining companies often wonder what precautions they can take to protect their computer networks from hackers and other online threats. Even with limited resources and capabilities, they should follow the following steps to create a workable cybersecurity plan.

Educate Your Workforce

A plethora of government resources are freely available and can provide a good overview of cybersecurity for manufacturing companies. A good document to start with is the National Institute of Standards and Technology (NIST) publication SP 800-82 Rev. 2 Guide to Industrial Control Systems. NIST provides other resources for shops through its Manufacturers Extension Partnership.

Featured Content

Should You Add Linear Scales to Your Machine?
Should You Add Linear Scales to Your Machine? READ MORE
Five Things You Get With Your Free Modern Machine Shop Subscription
Five Things You Get With Your Free Modern Machine Shop Subscription READ MORE
Registration Now Open for the Precision Machining Technology Show (PMTS) 2025
Registration Now Open for the Precision Machining Technology Show (PMTS) 2025 READ MORE

Another wealth of readily available information is provided by the Department of Homeland Security’s (DHS) Industrial Control System Cyber Emergency Response Team ICS-CERT program for addressing cybersecurity. DHS provides a series of online training resources that can be accessed at no charge through the ICS-CERT virtual training portal.

Assess Your Facility

Start by mapping your existing computer networks and their infrastructure in the shop. Use both the operations technology (OT) and information technology (IT) networks and their integration. Identify the components of the system and its different subcomponents. Once the map is completed, physically validate the “architecture” shown in the map. Include searches for wireless networks and access points that may not be on the map. Look for smart devices, virtual private networks (VPNs) and public access points that may be used for reporting, troubleshooting by supply-chain vendors and remote services (access and response). This search will help determine the boundaries of the system and the system resources (people, processes and technology components) it involves.

Implement Security Measures

Once you have a clear picture of system components, review vendor documentation and support systems to evaluate their cybersecurity claims and capabilities. The best place to begin this process is with your newest acquisitions.

It’s best to use vendors that offer products that have been tested and validated for their security claims. UL’s Cybersecurity Assurance Program (CAP) and its certification process based on the UL 2900 series of standards verifies the vendors’ cybersecurity claims and provides assurance that their products meet industry standards. Other basic steps should also be implemented:

  • Keep system architecture drawings, network diagrams and system maps in a confidential location with secure and limited access.
  • Remove any functionality, components and connections not needed for system operations.
  • Check the ICS-CERT portal for products in your system that have known weaknesses and vulnerabilities. Until you can patch them, check for ways to mitigate the weaknesses.
  • Take steps to prevent any circumvention of access controls that you have defined in your system. Remove or disable any remote connections that are not necessary for safe operations.
  • For any wireless technology that may have addressing and naming capabilities, change the names using a nonstandard naming convention that does not indicate the nature of the technology or its location. Document and secure your naming conventions in the same location as the architecture designs and network maps.
  • If you are using remote access and gateways for daily operations, ensure that the vendor’s technology uses authentication and encryption schemes that are robust and capable.
  • For user accounts and credentials for your system, remove any temporary or shared accounts and their passwords. If components have credentials and accounts that you cannot change to your facility’s specifications, contact the vendor and request alternatives, or seek solutions for your own site-specific accounts.
  • Develop a strict policy for visitors and the digital technology they may bring, including any kind of computer or device such as USB sticks, laptops or diagnostic tools. The parts of your system that require remote troubleshooting should be controlled by your site.
  • Develop a policy for detecting and disabling malware as recommended in the ICS-CERT portal.

These preliminary steps will create a basic level of cybersecurity that can be strengthened over time. Audit these practices regularly to keep them current and effective. Revise your procurement guidelines to be sure new equipment such as CNC machines are in line with security practices. Use third-party services such as UL’s CAP to ascertain that a baseline of security is in place.

High Accuracy Linear Encoders
JTEKT
World Machine Tool Survey
QualiChem Metalworking Fluids
TIMTOS
VERISURF
Innovative Manufacturing for the Medical Industry
Paperless Parts
DN Solutions
MMS Made in the USA
715 Series - 5-axis complete machining
KraussMaffei

Related Content

How this Job Shop Grew Capacity Without Expanding Footprint
Sponsored

How this Job Shop Grew Capacity Without Expanding Footprint

This shop relies on digital solutions to grow their manufacturing business. With this approach, W.A. Pfeiffer has achieved seamless end-to-end connectivity, shorter lead times and increased throughput.

Read More
5 Stages of a Closed-Loop CNC Machining Cell
Automation

5 Stages of a Closed-Loop CNC Machining Cell

Controlling variability in a closed-loop manufacturing process requires inspection data collected before, during and immediately after machining — and a means to act on that data in real time. Here’s one system that accomplishes this. 

Read More
Swiss-Type Control Uses CNC Data to Improve Efficiency
Sponsored

Swiss-Type Control Uses CNC Data to Improve Efficiency

Advanced controls for Swiss-type CNC lathes uses machine data to prevent tool collisions, saving setup time and scrap costs.

Read More
Easy-To-Install Data Acquisition System for Real-Time Monitoring Across Brands
Sponsored

Easy-To-Install Data Acquisition System for Real-Time Monitoring Across Brands

cnSEE from All World Machinery Supply combines easy installation and monitoring across multiple machines.

Read More

Read Next

5 Rules of Thumb for Buying CNC Machine Tools

5 Rules of Thumb for Buying CNC Machine Tools

Use these tips to carefully plan your machine tool purchases and to avoid regretting your decision later.

Read More
Rego-Fix’s Center for Machining Excellence Promotes Collaboration
Toolholders

Rego-Fix’s Center for Machining Excellence Promotes Collaboration

The new space includes a showroom, office spaces and an auditorium that will enhance its work with its technical partners.

Read More
The Future of High Feed Milling in Modern Manufacturing
Sponsored

The Future of High Feed Milling in Modern Manufacturing

Achieve higher metal removal rates and enhanced predictability with ISCAR’s advanced high-feed milling tools — optimized for today’s competitive global market.

Read More
CNC Turnkey Package for Knee Mills and Lathes