CNC Access Security
In an age of compromised files and records, your CNC can be one safe place. There’s more than a password involved: soft keys, key switches and conventional keyboards alike can be used to structure CNC security levels, enabling machine operators, setup personnel, maintenance technicians, programmers and master control personnel varying degrees of access to programs, tool settings and more.
Compromised security sounds innocuous, but its consequences can be devastating. We’ve all see the disgruntled employee who changes passwords on computers and leaves, or downloads files and severely impacts proprietary information, or engages in industrial espionage on some level, stealing or even selling valuable information to the highest bidder.
In the CNC world, it is often necessary to isolate certain programs or portions thereof, in order to protect the machine, guard the proprietary nature of a contract or simply maintain an access heirarchy for your valuable machinery and intellectual property.
The data you input as an OEM doing a custom front end, or as an integrator doing a retrofit, or as an end user loading part programs and tool settings, must all be protected so the complete NC hardware and software on your CNC must be reliable. Look for an NCU that’s been type-tested for standard IT security configuration. Ask your supplier about virus and malware protection, “hardened” NC software and the reliability of the firewall or open source VPN.
On most modern CNC units, whether the HMI has soft keys, key switches or conventional keyboard, these components can be used effectively to layer the access for certain personnel. On some models, the soft keys can literally disappear to prevent access by those personnel with lower clearance. Externally, the USB, RS232 or Ethernet network must be similarly protected with lockouts to prevent unauthorized access.
In a typical shop scenario, the operator, setup, maintenance, programmer and master controller personnel might all require differing levels of access to the CNC programs and tool settings. While doing this is a good habit, it must be accompanied by a rigorous protocol of personnel entry tracking, program change logging and download notification. Overall improved shop or production department security will result from this activity. Programs should be similarly tagged by access level to indicate read-only or read-write, plus the latter can be segments so that certain critical elements cannot be changed by anyone but a master controller.
Likewise, machine builders and end users can and should change the passwords on the CNC. Doing so affords the shop an additional layer of security. To be honest, many of the standard passwords are already all over the Internet. For machine tool builders it is also worth noting that the interfaces between your software and the CNC embedded operating system can also be password-protected, again heightening the security level for your machine.
My best advice is to conduct a weak-point analysis in your shop or production department. Let me know if you need help asking the right questions. In the end, better data protection and the proper access to the CNC machine functions will occur if you keep a “level” head about you, when it comes to access security.