Ransomware on CNC Machines
, ,

Building Resistance into Aged CNC Machines

How CNC program transfers can overcome the vulnerabilities of SMB1 for greater security and efficiency

It took mere hours. In May of 2017, a devastating ransomware cryptoworm called WannaCry impacted more than 200,000 computers across 150 countries, ultimately amassing over $4 billion in damages. Only months later, a variation of this worm spread to 10,000 machines in Apple’s single supplier of SoC components for iPads and iPhones, causing a production stoppage for a full day and shipment delays among its major tech customer base. The original worm was halted, but IT services management company Cloudflare asserts that WannaCry attacks continue today.

Ransomware on CNC Machines

The ransomware cryptoworm WannaCry notably affected TSMC, which manufactures processors and other silicon chips for major technology companies such as Qualcomm, AMD and Apple, due to a Windows SMB1 server vulnerability.

Starting with SMB1

What happened to the National Health Service (NHS), FedEx, Taiwan Semiconductor Manufacturing Company (TSMC) and so many others? The WannaCry worm exploited “vulnerabilities in the Windows SMB v1 server to remotely compromise systems, encrypt files and spread to other hosts,” explains a fact sheet from the National Cybersecurity and Communications Integration Center (NCCIC). While patches have since been issued by Microsoft, the software company admits there are still instances in which manufacturers may need to run SMB1:

    1. Your company is running XP or Windows Server 2003 under a custom support agreement
    2. You have old management software that demands admins browse via the “network,” also known as the “network neighborhood” master browser list
    3. You run old multi-function printers with antiquated firmware in order to “scan to share”

For manufacturers experiencing such cases, there are workarounds. SMB1 could be disabled on every system connected to the network, recommends the NCCIC. You can block port 445 (Samba). You can verify that there isn’t any unexpected SMB1 network traffic. You can isolate vulnerable embedded systems. But these options may not necessarily be viable for efficient and protected CNC file transfers among aged equipment.

Transfer CNC Programs on SMB1 Machines

Manufacturers can struggle to disable SMB1 on every machine and still transfer CNC programs efficiently, effectively and securely.

Simplifying Network Setups

An alternate route is to simplify network setups altogether. A modern DNC software, like Predator Secure DNC, enables you to remove Windows shares, corporate domains, workgroups, homegroups, Microsoft SMB, CFS, FTP, DNS, WINS, NETBUI and IPX/SPX within shop floor VLANs, WANs or subnets for DNC or file transfers. This can be especially useful for manufacturers running older CNC equipment with Windows-based controls that lack compatibility with newer operating systems. It can also alleviate the need for system upgrades and service packs to maintain the older versions of Windows.

The original WannaCry worm was halted, but Cloudflare asserts that WannaCry attacks continue today.

In other cases, controllers like Haas classic controllers can be upgraded to another SMB version by contacting the machine tool builder or segmenting the network to address CNC machines that are not upgradable or do not run a Windows operating system. The point is, regardless of your SMB1-dependent machinery environment, you can reduce your ransomware risk while gaining the latest benefits in efficiency and productivity.

An experienced manufacturing integrator possesses the technical expertise to properly assess, assign and execute custom solutions for your company. Contact Shop Floor Automations to understand your full scope of SMB1 options today.

DoD contract manufacturing
, ,

Upgrade DNC Software & Streamline Your CMMC 2.0 Compliance

In an effort to ensure defense contractors are following best practices to protect sensitive data, Cybersecurity Maturity Model Certification Program (CMMC) rulemaking is inching closer and closer to finalization, with rules proposed by the U.S. Defense Department (DoD) on December 26, 2023. While these rules are published for comment, the codified version isn’t expected to change too drastically, however, DNC software upgrades may be something to consider, and Shop Floor Automations can help.

Townsend Bourne, partner at Sheppard Mullin, noted during an interview with Federal News Network. “Personally, I don’t know that we’re going to see significant changes from the proposed rule that came out at the end of December and the way the final rule is drafted,” said Bourne. “Most importantly, because DoD has been working on this program for so long, and I think they’re at the point where they think it’s pretty close to final.”

CMMC 2.0 Level 1 Sneak Preview

USB CNC program transfer cybersecurity

Transferring CNC programs via USB can not only require hefty management of manual user authorizations, device logs and documentation, but they can risk USB CNC program transfer attacks and noncompliance with CMMC 2.0.

The progression of this rulemaking process is quickly advancing the impact of CMMC 2.0 to manufacturers of all sizes, especially small-to-medium sized businesses (SMBs) that will need to carefully manage finite resources to absorb added costs, personnel and training to meet and maintain compliance.

One aspect of CMMC 2.0 that will deliver a layer of complexity is the proper storage and control of removable media, like USBs and CDs, which many defense contract manufacturers utilize today to transfer CNC programs, images and other Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to and from computers and machines. Let’s review a few aspects of the Level 1 requirements clause of 52.204-21, Basic Safeguarding of Covered Contractor Information Systems, to illustrate some of the necessary steps to store and control sensitive data appropriately on these devices.

  • Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).

There should be a clear set of procedures regarding who is permitted access to removable media, their accountabilities related to this access, and how often these procedures are reviewed, validated and updated. Programmers, engineers and others involved in the CNC program transfer process should have unique credentials and the correct identity or role-based permissions across devices and systems.

Credentials and keys should be properly managed and rotated to enhance the security of sensitive information. If you’re manually managing user security and authorization related to CNC program transfers via paper or spreadsheets, for example, it can be a time-consuming and involved endeavor that may be prone to errors and noncompliance.

  • Limit information system access to the types of transactions and functions that authorized users are permitted to execute.

It’s necessary to have documentation of the transactions roles and personnel who are authorized to execute, so that sensitive data is not processed by those lacking permissions to do so. But do you also have the safeguards to block unauthorized transactions and track those attempts? Again, a manual means to meet this requirement can not only be labor-intensive and riddled with inaccuracies, but near impossible for some DoD contract manufacturers with complex operations.

USB CNC program transfer attacks

  • Verify and control/limit connections to and use of external information systems.

Even limiting the use of removable media can still leave data susceptible, as USBs are re-gaining popularity in cyberattacks. Daniel Wiley, the head of threat management at Check Point, relayed an instance in which a power company employee received a sealed USB device from an Amazon package, complete with Amazon tape. “He thought his wife ordered it. So he opened it up, plugged it in. Everything else was a chain reaction. It was able to break in across their VPN. Let’s just say the power company was not in a good place.”

It is imperative for defense contractors to have the proper controls set up to protect your CUI against USB CNC program transfer attacks – but no controls will be completely failsafe.

Roll Credits

It’s estimated that a CMMC Level 1 self-assessment will cost a small entity about $6,000, according to DefenseScoop. For SMBs, this cost could be significantly more depending upon the existing IT infrastructure, processes and know-how of your staff.

An ideal DNC software, which is a system that leverages Industrial Internet of Things (IIoT) and connects your shop floor equipment on one network, could be hugely beneficial. An upgraded DNC system can reduce or eliminate manual user authorizations, device logs and documentation for more streamlined CMMC 2.0 compliance and the prevention of USB CNC program transfer attacks.

 

Not only does this allow for CMMC 2.0 compliance, but DNC software upgrades also can streamline your entire operation. For instance, with Predator DNC software, you can network all CNCs, EDMs, PLCs and robots with a singular DNC package. At Shop Floor Automations (SFA), we have been the top Predator reseller for 20 years, and we also are a top provider of proven software from Scytec and Ascendant Technologies.

 

The team at SFA can provide you with DNC solutions for any brand, connection type or age of CNC machine. Additionally, we offer hardware solutions that can revolutionize your shop floor. To learn more about our machine monitoring solutions or how DNC software can aid your CMMC 2.0 compliance, contact an SFA representative today.

Predator Software Inc logo, which is a blue gear with a bear pawprint in the center.
, , , , ,

SFA: Your Top Predator Software Reseller For 20+ Years

PDM, MDC and DNC software are among the highest-sought Predator solutions supported by the manufacturing integrator

Shop Floor Automations (SFA), a manufacturing integrator specializing in digitally transformative hardware, software and support solutions, announces its exclusive achievement as the top reseller of Predator software since 2004. This significant milestone represents the integrator’s deep industry and technical expertise and unwavering commitment to customer success by serving thousands of North American manufacturers of aerospace and defense, automotive, oil and gas, heavy equipment and medical device products.

 

“Predator software is a renowned provider of manufacturing automation solutions and leader in Industry 4.0, Industrial Internet of Things (IIoT), digital factory and lean manufacturing,” says Greg Mercurio, president and founder of SFA. “By coupling these solutions with the excellent service, skillset and knowledge of our technical team, our customers realize tangible gains and have come to rely on us for all their automation needs.”

Engineer working with DNC Software at his desk.

Shop Floor Automations has served manufacturers as their premier Predator Software reseller for 20 years.

 

Robert Jackson, a manufacturing engineer at Flowco Production Solutions, shared his DNC experience in an SFA customer success story.

 

“I’m responsible for helping to design high-quality parts and manage all the planning for manufacturing,” reported Jackson. “Predator DNC gives me the ability to spend my day doing what I’m supposed to be doing.”

 

Today SFA offers the following suite of Predator Software solutions:

 

  1. Predator DNC (Direct Numeric Control) is a robust DNC solution designed to simplify and automate the process of managing CNC programs to ensure secure, reliable and efficient program transfer to CNC machines.
  2. Predator MDC (Machine Data Collection) is an advanced manufacturing data collection system that enables real-time monitoring and analysis of machine performance, production metrics, and downtime, thus empowering manufacturers to optimize processes and maximize productivity.
  3. Predator PDM (Product Data Management) is a comprehensive solution for managing and controlling manufacturing documentation, including CAD/CAM files, setup sheets, work instructions and more, to streamline collaboration, version control, and compliance.
  4. Predator CNC Editor is a powerful editor for CNC program editing, revision control, and backplotting, equipped with features such as syntax highlighting, intelligent search, and customizable templates to simplify programming tasks and ensure code accuracy.
  5. Predator Touch HMI (Human Machine Interface) is designed to enhance operator efficiency and productivity by providing easy access to machine status, job information, and process parameters via touch-enabled interfaces.

 

For more information about SFA and Predator Software to help give your business a competitive edge, call 619-461-4000 or visit www.shopfloorautomations.com.

 

ABOUT SHOP FLOOR AUTOMATIONS

Founded in 1998, Shop Floor Automations (SFA) is a manufacturing integrator specializing in digitally transformative hardware, software and support solutions to increase the productivity, efficiency and profitability of plant facilities throughout North America.

 

Shop Floor Automations has been a trusted reseller of Predator Software for 20 years, and we encourage you to contact our team at any time to find software solutions that give your business a competitive edge. For more information about SFA and Predator Software or to add intelligent automation to your shop floor for better communication, control and improvement, contact Shop Floor Automations at www.shopfloorautomations.com.

operator at cnc control
, , , ,

Avoid the Rabbit Hole of Fixes for Antiquated DNC Software

Your aged CNC machines and legacy DNC software can work fine…until they don’t. Maybe the PC communicating to the machines starts dropping characters while transmitting the NC code, scrapping parts being machined if not caught by the operator. Or the hardware that has been in place for years fails, sending you on a painful and labor-intensive search for a fix.

You’re not alone. There are countless online machine forums in which IT, operations and engineers embark on such a mission to find the right parameters, mappings, connections or other ways to solve their problem stemming from an antiquated DNC software setup. This can often be the impetus for Original Equipment Manufacturers (OEMs), contract manufacturers and job shops to re-evaluate their entire DNC solution.

One professional wrote about their DNC issue on a Practical Machinist forum, “I am trying to set up communication between OKUMA LB15 OSP5000 and a PC…the machine was connected to an ancient PC with old DNC software running on DOS, and it worked fine until the PC had perished.”

The Power of DNC System Integration

But a lot has changed among Predator DNC systems over the past years that can make teams consider upgrading even before reaching a point of failure. Even more so, the integration of modern DNC with other solutions, such as Production Data Management, Manufacturing Data Collection and Touch HMI, can streamline manufacturing data across applications – something legacy DNCs typically cannot support.

The benefit of such a proactive approach is often improved CNC workflow efficiency and productivity. Here are a few recent DNC enhancements that have helped manufacturers realize these benefits by simplifying DNC CNC program management and manufacturing data control.

  1. Wide OS and Database Support: Modern DNC solutions, like Predator DNC, have added support for Windows 2019 Server, including x64 editions, and compatibility with Microsoft SQL Server 2022 and SQL Server 2022 Express. They should also work with Windows 10 and Windows 11 to ensure seamless integration with the latest operating systems and database technologies so you can avoid security risks, elevated IT costs and industry compliance concerns with CMMC 2.0 and other requirements.
  2. Enhanced CNC Equipment Support: Manufacturers migrating to a new DNC or upgrading their current version can take advantage of new protocols for Fanuc Focas and MoriSeiki to facilitate the serial transfer of Cincinnati Press Brake and Punch Press programs, for example, through one central server.
  3. Machine Error Log Centralization: Up-to-date DNC solutions provide access to all command errors in a single machine-specific error log to easily track errors and troubleshoot issues. This consolidation of errors provides transactional visibility across shifts to allow for consistent support on the floor.
  4. Greater Security and Control: For manufacturers in particularly security-sensitive industries, like aerospace, medical and defense, upgrading to a modern DNC solution can enable you to securely access and manage the “EditLock” key switch on a machine tool through the DNC to lock and unlock CNC memory so you can effectively:
    • Control edits of G-code on machine tools
    • Eliminate physical edit keys
    • Report lock, unlock, and sending activity
    • Enable maintenance control with an override switch to disable

At the same time, automatic compression, encryption, and batch file operations features of advanced DNC solutions grant heightened security and control over CNC communication – which is critical when CNC controllers that use outdated Windows OS are left behind when connecting them to the corporate network. A well-designed, secure DNC enables such CNC to remain on the network by installing a small executable on the CNC and bypassing the domain requirements.

  1. An Intuitive User Experience: Modern DNC systems tend to have refreshed user interfaces with color schemes and toolbar buttons that offer an intuitive user experience. Other enhancements, such as improved FTP support, including passive mode and automatic file deletion, simplify the file transfer processes for manufacturers, while comprehensive online help resources give users the self-directed guidance they need to maximize productivity.

The integration potential of modern DNC to other manufacturing applications streamlines data to improve CNC workflow efficiency and productivity, which is something legacy DNCs typically cannot support.

These developments of the latest DNC software can be reason enough to upgrade your existing setup. Through the integration of a modern DNC system with other manufacturing applications under one solution, however, manufacturers can experience even more efficiency and productivity on the floor.

 

Upgrade Your Predator DNC Software Today!

At Shop Floor Automations, we are proud to be the top distributor of Predator software in the United States. We strive to provide custom DNC software solutions that will streamline your operation and boost productivity. Contact us at any time to discuss your software, hardware and machine monitoring needs.

Ethernet CNC connectivity
,

Overcoming the Risks of Outdated Windows-based CNC Machines

Over the years, Windows-based CNC machines, robots, CMMs, test stands and other manufacturing equipment have proven popular, largely due to their Ethernet-based networking using the corporate network. But as Windows operating systems (OS) reach the end of their lifecycle, Microsoft technical assistance, software updates or security fixes no longer become available. The options, then, for manufacturers needing Ethernet CNC file transfers and running CNCs with Windows 2000, 2003 or older OS are limited: upgrading to a newer Windows OS can be cost prohibitive and involve a lack of support from the equipment manufacturer; or there’s no upgrade path available, thereby necessitating that the whole machine be replaced. 

The IT Imperative

To protect manufacturers from security risks associated with OS lifecycle completions, IT departments have led the initiative to remove older Windows OSs from corporate domains and discontinue support, while eliminating the use of FTP or Windows shares on untrusted VLANs altogether. This movement often relegates manufacturing operations to isolate a PC from the corporate network and go back to manually loading files through portable media – which presents its own set of security risks. TechAdvisory.org reports that 25 percent of malware is spread today through USB devices. Even the United States Computer Emergency Readiness Team (US-CERT) recommends banning portable media devices from the workplace. And for manufacturers subject to CMMC 2.0, the continued use of removeable media devices may involve severe restrictions or nonacceptance altogether.

Manufacturers needing Ethernet CNC file transfers and running CNCs on older Windows operating systems have limited, cost-efficient options. 

All of this leads to a collision course of lost productivity for the shop floor and some major challenges for IT, as programmers struggle to minimize time spent physically transferring files to equipment and maintain accurate version control and IT strives to minimize risk. The good news is that there are other Ethernet CNC file transfer options available than the common scenario above.

Ethernet CNC file transfers

CNC machines running on outdated operating systems lead to a collision course of lost productivity for the shop floor, as programmers struggle to minimize time spent physically transferring files to equipment and maintain accurate version control, and some major challenges for IT as it strives to minimize risk.

Fortified Ethernet Connectivity

A modern DNC networking system, for one, allows manufacturers to still take advantage of Windows 95 and newer OS, Ethernet as well as your existing network infrastructure, all while removing them from your corporate domain and eliminating the use of FTP, unsecure USB, Windows Administrator access and more. This secure version of DNC software, like Predator Secure DNC software, still enables you to transfer your CNC programs, CNC variables, offsets, parameters, PLC registers and other production data to and from your manufacturing equipment – but adds a layer of security with automatic authentication, encryption and data compression.

Machine tools with an RS232 connection, or those with an option for it, can be connected to Predator Secure DNC to avoid connectivity risks. You’ll need knowledge of your CNC machine’s communication parameters, including baud rate, data bits, stop bits and parity settings or the network connection, such as FTP, FileShare, etc. Consult with an expert manufacturing integrator to explore any other prerequisites to connect your CNC machines through a next-generation DNC networking system.

DNC manufacturing integrator for Legacy Equipment
, ,

The Appeal to Legacy: Retrofitting Aging CNCs for Longer-Lasting Profitability

Comparing your legacy, aging equipment – your die-hard lathe or CNC milling machine – to new machinery options is easy to do. In fact, there’s a term for it: “appeal to novelty.” Equating newness to superior quality, writes educator Academy 4SC, is a logical fallacy in which something is claimed to be better simply because it is modern. “This is because we assume that people will try to improve upon what came before them. Thus, when we hear about something that’s ‘revolutionary’ or ‘cutting edge,’ it can be tempting to think that this new product is better.”

Centralizing Control

But seasoned maintenance and operations professionals know that aging equipment can perform just as well, running the same hours per day and days per year if maintained properly. And that can translate into exceptional return on investment: one paper mill in Canada had the highest maintenance costs, but was the most profitable, reported Reliable Plant.

DNC for Manual Machines

Retrofitting your legacy equipment with the help of a DNC manufacturing integrator can keep manual machines profitable, longer.

The challenge then, can lie in centralizing control of your CNC program and legacy machines, largely due to the vast differences in communication protocols and technology. They may not have built-in networking capabilities or support for modern communications, for example. They will have different data formats and serial communication protocols. And there’s specific troubleshooting and debugging processes associated with older equipment that may require log file analysis, network traffic monitoring, diagnostic tool usage that could vary from machine to machine.

There are options, of course. An ideal Distributed Numerical Control (DNC) software, like Predator DNC, can support over 80 different equipment brands and hundreds of CNC control models to send and receive large NC programs. But software alone won’t be enough to drip feed your CNC programs, control file delivery to the proper CNC machine and monitor the activity of the file transfers to the equipment on the shop floor. There’s still the need to add additional hardware, like serial-to-Ethernet converters, to enable network connectivity.

Your Guide to DNC Manufacturing Integration

That’s where the value of a manufacturing integrator comes in. More than a reseller, a manufacturing integrator has extensive experience using protocols or networking experience that can translate between the protocols used by serial ports on legacy machines. They can provide the DNC software as well as the hardware needed to retrofit or upgrade equipment with newer control systems that interface with the DNC more easily. They have the technical support assistance and large knowledge base of resources, including documentation, FAQs and articles, for instant, on-demand access.

Essentially, a full-service manufacturing integrator has the comprehensive understanding of aging equipment, systems and their respective configurations to design an effective, industrial automation and system integration solution to keep your legacy machines adhering to current processes to keep them profitable longer. To start planning your DNC networking project with an expert DNC manufacturing integrator, contact Shop Floor Automations today.

2023 manufacturing integration planning
, , , ,

3 Strategic Ways to Reallocate Excess Budget

As manufacturers across North America spend time reflecting, strategizing, planning and budgeting for the year ahead, leaders are debating how to defend against disruption and strengthen their offense. It’s a great time to ask yourself: How did my department stay on track with its goals? In what ways was my team successful? Where did we go astray, and why? Did we “make bold investments in talent, technology, and innovation?” Forbes stresses that those manufacturers who made the right decisions post-crisis can be on the road to major rewards.

Leverage the Present for Future Success

The good news is that you don’t need to limit your action to these responses to just 2023. There are three strategic ways you can reallocate excess budget now to get a head start on your future goals and positive economic indicators, while minimizing what Deloitte refers to as “historic labor and supply challenges.”

  1. Invest in your team. What opportunities have your shop floor teams identified for efficiency gains? Are you looking to reduce the amount of NC program transfer time and effort to CNCs? Is the ongoing maintenance and changing of RS232 serial cabling consuming already-limited resources? By factoring in valuable team input into your automation strategy early and leaning on your preferred manufacturing integrator for execution, you can invigorate crews while making inroads to continuous improvement initiatives.
  2. Lock in your support and services. Workforce limitations can impede project timelines, particularly as more and more companies are turning toward automation to complement skilled labor. By securing manufacturing integration support and services prior to year end, you can rest assured that your priorities will stay the course – and faster than your competition.
  3. Map out a phased approach. If you’re looking to increase communication on the shop floor or reduce programming waste in the new year, there are tasks that can be completed prior to year end for an efficient and effective start. The piloting of a few machines or setting up of a network connection can be relatively smaller undertakings that can position your organization for success in the year to come. Robert Jackson, a manufacturing engineer at artificial lift manufacturer Flowco, decided on a phased approach to bring on Predator DNC with Shop Floor Automations. “We didn’t have a network at the time, so we chose to start with four machines for the first phase of our implementation,” explained Jackson. It took two days to set up the network wirelessly. Flowco then added 12 machines. Six months later, the company had hooked up 11 more machines to the Predator DNC network and are expecting to do the same to five more in the near future as a result of significant growth.

While next year can hold a lot of promise for companies making the right moves, Deloitte predicts that “supply chain issues including sourcing bottlenecks, global logistics backlogs, cost pressures, and cyberattacks will likely remain critical challenges in 2023.” The remaining part of 2022 can set the stage for success if planned out strategically. Contact SFA for help designing a budget to fit your strategic automation plans for 2023 today.

,

What is DNC CNC Software?

A collage featuring a screenshot of DNC software and an above view of a shop floor with numerous CNC machines. At the bottom is clip art of an employee on a computer with the SFA logo.

Our article on DNC software functions and benefits was published by MoldMaking Technology recently. “A company’s programs are their livelihood on the shop floor. They make the parts that keep a business going.”

The three different DNC CNC benefits discussed were remote requests, compatibility (different machines and methods to use DNC), and program revision control.

We also wanted to discuss in this blog a rumor about certain DNC MACROs for manufacturing multitasking. We recommend you read the article for more in-depth information.

Operators with older machines may have limited memory and will need to drip-feed large programs with DNC. Machinists also like using DNC for remote requests or pull mode. While drip-feeding pushes the program (downloaded from the DNC server), the program can instead be requested from the CNC machine.

While remote requests and the diversity of drip-feeding make machinists jobs easier, there is also the added stress of incorrect programs being run at machines. CNC revision control controls this problem and prevents this issue from occurring.

Some operators say they can use DNC in order to perform very basic machine monitoring. Items sent via RS232 can be observed with a specific G-code function.

While this G-code function has been discussed on various machinist forums, we highly recommend you do not rely on it for monitoring CNCs. The information the MACRO provides alone is not good enough. For example – you can feel when your leg is injured, but you won’t know if it’s a sprain or a fracture until you have professional insight.

This G-code MACRO hack will not be able to tell you in-depth when machines are down, why, for how long, what processes can be improved upon, or overall efficiency of your equipment. It also can’t send notifications via email or text when machines are down. DNC can easily be integrated with OEE monitoring software for combined productivity uses.

Ready to start the conversation about DNC software? Call (877) 611-5825 or fill out a contact form.