CNC Machines on the network
Close
Login to Your Account
Results 1 to 14 of 14
  1. #1
    Join Date
    Jan 2008
    Location
    California
    Posts
    19
    Post Thanks / Like
    Likes (Given)
    1
    Likes (Received)
    3

    Default CNC Machines on the network

    Do most people just leave their networked machine tools on the general network? Do they have internet access?

    Or is the shop floor network isolated from the internet/general building network?

    I recently purchased a VMC and have been poking at it from a network security perspective, and if it were a printer I probably wouldn't allow it on the office network.

    I don't really have access to place with many new machines, all the shops I used to hang out at, were still using USB (and some floppies) to move files around. So would be nice to hear from people in more modern shops.

  2. #2
    Join Date
    Dec 2010
    Location
    NE PA
    Posts
    21
    Post Thanks / Like
    Likes (Given)
    5
    Likes (Received)
    1

    Default

    We have a segregated machine network, CAD/CAM station also. It's amazing to see how well windows systems do when they are not updated and have no internet access. Main network and machine network do not connect. We operate a few mobile workstations on both sides, but when connected to the machine network they also do not have internet access. 15 years, never had a problem but if you need to find something in the world or place an order, move to a different computer on the main network, that's a little annoying sometimes.

  3. #3
    Join Date
    Jan 2016
    Country
    UNITED STATES
    State/Province
    California
    Posts
    208
    Post Thanks / Like
    Likes (Given)
    39
    Likes (Received)
    100

    Default

    Quote Originally Posted by mmca View Post
    Do most people just leave their networked machine tools on the general network? Do they have internet access?
    I have the entire workshop space in a private subnet. It is not trusted to the general-purpose network, and vice-versa.

    It has strictly controlled access to the public Internet. All inbound connections are dropped at the router and only specified connections are allowed outbound (the default policy is to drop traffic). I don't think any of the machine tools needed anything but I have some other stuff on that network that does.

    Stuxnet should scare the crap out of everyone with a network-connected machine tool, IMHO.

  4. Likes cameraman, DouglasJRizzo liked this post
  5. #4
    Join Date
    Jun 2011
    Country
    UNITED STATES
    State/Province
    New Jersey
    Posts
    1,708
    Post Thanks / Like
    Likes (Given)
    932
    Likes (Received)
    749

    Default

    This month's issue of Modern Machine Shop has an article on this very topic.
    One thing, I've been noticing that more and more controls have some form of PC software/OS/drive on them and that leaves them vulnerable.

    Perhaps a sub-net like mentioned above, but I wouldn't hook my CNCs to the outside world. Nope.

  6. Likes cameraman liked this post
  7. #5
    Join Date
    Jan 2005
    Country
    CANADA
    State/Province
    Saskatchewan
    Posts
    10,403
    Post Thanks / Like
    Likes (Given)
    1421
    Likes (Received)
    3825

    Default

    I use a Moxa Wireless Nport from my office PC to a Haas VF3 (1996). The configuration mimics a serial port connection, and is as 'safe' as a wifi network would be, which may not be provably safe. But AFAIK, you can't really invade an old CNC control without initiating some sort of transfer from the control end of things. Any controls with actual Windows on them, well, I just don't trust those to be on any LAN because you cannot trust Windows. I have one PC based cnc running a windows control, but it gets its programs by sneaker-net.

  8. Likes DouglasJRizzo liked this post
  9. #6
    Join Date
    Jun 2011
    Country
    UNITED STATES
    State/Province
    New Jersey
    Posts
    1,708
    Post Thanks / Like
    Likes (Given)
    932
    Likes (Received)
    749

    Default

    Quote Originally Posted by HuFlungDung View Post
    I have one PC based cnc running a windows control, but it gets its programs by sneaker-net.
    There's something to be said for USB's and PC cards..

  10. #7
    Join Date
    Jan 2007
    Location
    Flushing/Flint, Michigan
    Posts
    10,881
    Post Thanks / Like
    Likes (Given)
    640
    Likes (Received)
    8738

    Default

    Quote Originally Posted by trochoidalpath View Post
    .....
    Stuxnet should scare the crap out of everyone with a network-connected machine tool, IMHO.
    Umm, did you mean non network connected machine tool?
    Bob

  11. Likes TeachMePlease, memphisjed liked this post
  12. #8
    Join Date
    Jun 2013
    Country
    UNITED STATES
    State/Province
    Washington
    Posts
    164
    Post Thanks / Like
    Likes (Given)
    2
    Likes (Received)
    36

    Default

    Quote Originally Posted by CarbideBob View Post
    Umm, did you mean non network connected machine tool?
    Bob
    google stuxnet scary but enlightening.

    An air gap between your shop floor and the real world is good. Wifi is at this time inherently weak on security but there are rumors about a very robust new standard.
    I like wire between machinnes !
    A firewall between the shop and the real world is a good idea but it requires maintenance and some expertise.
    Quite dated but read "The Cuckoo's Egg".

  13. #9
    Join Date
    Feb 2014
    Location
    FL
    Posts
    4,577
    Post Thanks / Like
    Likes (Given)
    13931
    Likes (Received)
    5594

    Default

    Quote Originally Posted by ss_user View Post
    google stuxnet scary but enlightening.

    An air gap between your shop floor and the real world is good. Wifi is at this time inherently weak on security but there are rumors about a very robust new standard.
    I like wire between machinnes !
    A firewall between the shop and the real world is a good idea but it requires maintenance and some expertise.
    Quite dated but read "The Cuckoo's Egg".

    Umm... YOU google Stuxnet.

    Stuxnet jumped the air gap and was installed via USB thumb drive.

  14. #10
    Join Date
    Jan 2007
    Location
    Flushing/Flint, Michigan
    Posts
    10,881
    Post Thanks / Like
    Likes (Given)
    640
    Likes (Received)
    8738

    Default

    How many if any here have a had a virus or other infect their machine tool machine tool and what did it do?

    Stuxnet was masterful in implementation. The deep details and methods for sure a case study if you like such things. A long time not discovered.
    Every large manufacturing facility using these PLCs that I know of got infected. But it did nothing to them. It was in search of a specific process ID and code.

    All of my cnc controls since mid 80's DOS or Windows based. At one time we found "empire monkey b" virus on everything and just about every floppy disc.
    Hundreds of infections yet did nothing of harm. USB sticks added a whole new back door.

    Biggest problem by far I have had with internet connected machines is second and third shift finding a way to the net and searching porn or playing games.
    Personally if worried about such I'd fear a USB much more than a Wi-Fi or direct cable net connection.

    But, and here it is... Who wants to "own" your cnc machine control or your CAD/CAM?
    So lets hear some actual real world net connected problems that you have had in machine tools.
    Is this a "the sky is falling" thing fed by media hype and computer security people?
    I think some worry too much.
    Bob

  15. #11
    Join Date
    May 2017
    Country
    UNITED STATES
    State/Province
    Minnesota
    Posts
    2,098
    Post Thanks / Like
    Likes (Given)
    2869
    Likes (Received)
    1497

    Default

    This is second hand (now third) so take it for what it's worth, but I heard of a night shift guy watching certain non work appropriate things on the multimedia capable Windows based control. Control had to be completely wiped and reinstalled.

  16. Likes CarbideBob liked this post
  17. #12
    Join Date
    Mar 2012
    Location
    Minnesota, USA
    Posts
    9
    Post Thanks / Like
    Likes (Given)
    3
    Likes (Received)
    5

    Default

    Quote Originally Posted by mhajicek View Post
    This is second hand (now third) so take it for what it's worth, but I heard of a night shift guy watching certain non work appropriate things on the multimedia capable Windows based control. Control had to be completely wiped and reinstalled.
    well that sounds like a poorly implemented content filter on the network. Ours is pretty open, but there's definitely a few things that get blocked.

    I know our machines are connected to the local network since all the files are saved to our servers, but I don't know if it's possible to get outside the local network with them.

  18. #13
    Join Date
    Jan 2007
    Location
    Flushing/Flint, Michigan
    Posts
    10,881
    Post Thanks / Like
    Likes (Given)
    640
    Likes (Received)
    8738

    Default

    Quote Originally Posted by maf1909 View Post
    well that sounds like a poorly implemented content filter on the network. Ours is pretty open, but there's definitely a few things that get blocked.
    .
    I have no content filters and will not spend time and money on it. What I do have is the ability to terminate employee for any reason.
    Such gets one a stern warning, second and then do not let the door hit your ass on the way out.
    At break or lunch time on your phone or provided computers on my net..... This is your time and not mine to invade, control, or judge.
    Bob

  19. #14
    Join Date
    Jan 2008
    Location
    California
    Posts
    19
    Post Thanks / Like
    Likes (Given)
    1
    Likes (Received)
    3

    Default

    Quote Originally Posted by CarbideBob View Post
    But, and here it is... Who wants to "own" your cnc machine control or your CAD/CAM?
    So lets hear some actual real world net connected problems that you have had in machine tools.
    Is this a "the sky is falling" thing fed by media hype and computer security people?
    I think some worry too much.
    Bob
    I agree that there is no real benefit for a bad guy to mess with machine tools at this time. I mean how much state do they really hold? What would you lose on the machine that isn't backed up in several different places. If they encrypt and lock your VMC, it's gonna be cheaper to call up the local tech to reinstall the firmware than send 0.1BTC to some random address that may or maynot unlock my machine.

    But I am really surprised with the complete lack of concern with network security from the major MTBs. Even home appliance manufacturers pay some lip service to security. I would think the MTBs would secure the machines better, even if its just to protect their own intellectual property.

    So there may not be any ransomware for cnc machines today, but considering how complex the systems are becoming and how long machines stay in service I think it would be prudent to start best practices on network security sooner, rather than later.

    -M


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •