Posts

CNC program transfers with Windows 10
, , , , , ,

The Extended Lifeline of Windows 10 is a Ticking Clock for Manufacturers

Last month Nucor, North America’s largest steel producer, acknowledged a cybersecurity incident involving unauthorized third-party access to certain IT systems, reported Reuters. As a precaution, Nucor temporarily halted production at multiple facilities while forensic teams and external cybersecurity experts investigated the breach and worked to contain its impact. Nucor’s incident is just one example of how cyber threats exploit aging digital infrastructure – and for many manufacturers, that infrastructure often includes Windows 10. But with Windows 10 reaching end of support on October 14, 2025, there is a deeper risk for shops that continue to rely on aging CNC infrastructure.

Aging CNC infrastructures impact cybersecurity and operational efficiency

This year, manufacturers that don’t upgrade their Windows 10 machines risk missing critical OS-level security updates and losing compatibility with third-party solutions.

The New Reality of Windows 10 End of Life on CNCs

This year Windows 10 will no longer receive critical OS-level security updates. While support for Microsoft 365 apps on Windows 10 has been extended until October 2028, it’s far from a solution for the shop floor. It still means legacy CNC systems and other production technologies running on Windows 10 will become more vulnerable, not less. Compounding the risk, third-party vendors are already phasing out software support, while next-generation manufacturing platforms – from IIoT to real-time analytics – require compatibility with newer operating systems like Windows 11 and Server 2022. The gap between resilient, future-ready IT strategies and older shop floor systems is widening. This blog post explores what manufacturers can, and must, do to close that gap before it spreads into a serious operational liability.

The USB Epidemic: When Compliance and Productivity Collide

For many manufacturers still operating CNC equipment running on Windows 2000, XP or early versions of Windows 10, network segmentation or USB-based file transfers have become the go-to workaround for such outdated systems. However, this tactic is increasingly risky.

CNC program transfers with Windows 10

Running USB-based CNC file transfers have become the go-to workaround using Windows 10 and other outdated systems. However, this tactic is increasingly risky, exposing manufacturers to ransomware events, CMMC noncompliance and operational inefficiencies.

According to Honeywell’s 2022 USB Threat Report, “52% of threats are specifically designed to utilize USB removable devices,” with the vast majority of those threats able to disrupt industrial systems. Pair these threat actors with unsupported software, says Virgina Tech associate professor Lee Vinsel in a recent BBC article, and “there are all kinds of opportunities for failure here, especially when…companies stop supporting old software. Cybersecurity is a huge worry around this issue.” The Department of Defense well understands this concern. Its Cybersecurity Maturity Model Certification (CMMC) 2.0 framework prohibits unmonitored file transfers and insecure endpoints – meaning non-compliance can result in disqualification from federal contracts.

Operational inefficiencies further intensify the risk. Poor CNC program version control and manual CNC program transfers can cost production hours and potentially lower quality output as a result of incorrect or outdated G-code files being loaded at the machine.

Closing the Gap

Rather than investing millions in full machine replacements, many manufacturers are turning to modern Distributed Numerical Control (DNC) systems to serve as their secure industrial network. Solutions like Predator Secure DNC offer targeted upgrades that align with industry compliance frameworks and cyber-hardening strategies. IT and operational leaders can isolate legacy equipment from domain threats, centralize logging across mixed-machine environments, like Fanuc, Okuma, Mazak and others, and meet NIST SP 800-171 encryption standards via FIPS 140-2 validated cryptography.

The Cost of Complacency

Doing nothing may be the most expensive option. The global average cost of a data breach soared to 4.88M, the highest total ever, according to a 2024 IBM report.

For a temporary and limited reprieve, Microsoft offers an Extended Security Updates (ESU) for Windows 10 that starts at $61 per device Year One, with pricing doubling every consecutive year for a maximum of three years after the end of support for Windows 10. Even so, there is no extended Microsoft ESU option after this time period.

Plotting Your Path

To mitigate the risk of your manufacturing operations, IT and operations should take the following steps to prepare for the end of Windows 10 support:

Windows End of Life on CNCs

  1. Conduct a CNC Operating System (OS) and network audit before Q3 2025, identifying all legacy systems still running Windows 10 or earlier.
  2. Prioritize upgrades for machines processing sensitive IP or DoD-controlled projects.
  3. Implement secure DNC options along with Microsoft’s ESU to support phased migrations and DNC retrofits while maintaining compliance and uptime.

Maximizing Grace Periods

Microsoft’s 365 extension for Windows 10 is not a pardon, it’s simply a grace period. Manufacturers who fail to act may find themselves next in line for a costly ransomware event or compliance failure.

Manufacturing integrator Shop Floor Automations (SFA) has worked with hundreds of manufacturers to navigate such transitions securely and efficiently. The path to a resilient, connected shop floor doesn’t begin with rip-and-replace – it starts with informed decisions and trusted partners.

To receive technical guidance for your manufacturing operations, contact the experts at SFA now.

Ransomware on CNC Machines
, , ,

Building Resistance into Aged CNC Machines

How CNC program transfers can overcome the vulnerabilities of SMB1 for greater security and efficiency

It took mere hours. In May of 2017, a devastating ransomware cryptoworm called WannaCry impacted more than 200,000 computers across 150 countries, ultimately amassing over $4 billion in damages. Only months later, a variation of this worm spread to 10,000 machines in Apple’s single supplier of SoC components for iPads and iPhones, causing a production stoppage for a full day and shipment delays among its major tech customer base. The original worm was halted, but IT services management company Cloudflare asserts that WannaCry attacks continue today.

Ransomware on CNC Machines

The ransomware cryptoworm WannaCry notably affected TSMC, which manufactures processors and other silicon chips for major technology companies such as Qualcomm, AMD and Apple, due to a Windows SMB1 server vulnerability.

Starting with SMB1

What happened to the National Health Service (NHS), FedEx, Taiwan Semiconductor Manufacturing Company (TSMC) and so many others? The WannaCry worm exploited “vulnerabilities in the Windows SMB v1 server to remotely compromise systems, encrypt files and spread to other hosts,” explains a fact sheet from the National Cybersecurity and Communications Integration Center (NCCIC). While patches have since been issued by Microsoft, the software company admits there are still instances in which manufacturers may need to run SMB1:

    1. Your company is running XP or Windows Server 2003 under a custom support agreement
    2. You have old management software that demands admins browse via the “network,” also known as the “network neighborhood” master browser list
    3. You run old multi-function printers with antiquated firmware in order to “scan to share”

For manufacturers experiencing such cases, there are workarounds. SMB1 could be disabled on every system connected to the network, recommends the NCCIC. You can block port 445 (Samba). You can verify that there isn’t any unexpected SMB1 network traffic. You can isolate vulnerable embedded systems. But these options may not necessarily be viable for efficient and protected CNC file transfers among aged equipment.

Transfer CNC Programs on SMB1 Machines

Manufacturers can struggle to disable SMB1 on every machine and still transfer CNC programs efficiently, effectively and securely.

Simplifying Network Setups

An alternate route is to simplify network setups altogether. A modern DNC software, like Predator Secure DNC, enables you to remove Windows shares, corporate domains, workgroups, homegroups, Microsoft SMB, CFS, FTP, DNS, WINS, NETBUI and IPX/SPX within shop floor VLANs, WANs or subnets for DNC or file transfers. This can be especially useful for manufacturers running older CNC equipment with Windows-based controls that lack compatibility with newer operating systems. It can also alleviate the need for system upgrades and service packs to maintain the older versions of Windows.

The original WannaCry worm was halted, but Cloudflare asserts that WannaCry attacks continue today.

In other cases, controllers like Haas classic controllers can be upgraded to another SMB version by contacting the machine tool builder or segmenting the network to address CNC machines that are not upgradable or do not run a Windows operating system. The point is, regardless of your SMB1-dependent machinery environment, you can reduce your ransomware risk while gaining the latest benefits in efficiency and productivity.

An experienced manufacturing integrator possesses the technical expertise to properly assess, assign and execute custom solutions for your company. Contact Shop Floor Automations to understand your full scope of SMB1 options today.