Be safe in cyberspace

Those assuming they don’t need to worry about cybersecurity when it comes to machine tools need to think again. Machine tool supplier NCMT tells Machinery & Manufacturing why its new cybersecurity accreditations should instil confidence and peace-of-mind across its customer base.

Cyber Essentials represents the UK Government’s minimum baseline standard for cybersecurity across UK organisations of all sizes. The annually renewable certification scheme aligns to five technical controls: firewalls, secure configuration, user access control, malware protection and security update (patch) management. A team of experts review the scheme at regular intervals to ensure it stays effective in the ever-evolving cyberthreat landscape.

By gaining Cyber Essentials certification, NCMT is protecting both itself and the interests of its customers, building trust through a serious and professional approach to cybersecurity. Although Cyber Essentials is a self-certified scheme, NCMT double-checked all of its measures with NETbuilder, the company’s managed services provider and security consultant. Indeed, NCMT has taken its protection levels to the next stage by also becoming certified to Cyber Essentials Plus.

Cyber Essentials Plus required completion within 90 days of the initial certificate and involved an intensive third-party audit of selected NCMT computers and servers. The audit included a vulnerability scan of these devices to confirm acceptable levels of patching and basic configuration, while an external port scan of the company’s internet-facing IP addresses ensured no misconfigurations or vulnerabilities. Another key elements of the audit involved testing the efficacy of NCMT’s default email/internet browser to prevent the execution of fake malicious files.

Inside information

As part of any machine tool investment, NCMT handles sensitive data about the customer and its components. With Cyber Essentials Plus in place, the company’s customers have complete peace-of-mind that their data will not be subject to cyberattack, either malicious or accidental, at any step of the process.

“The drive forward to Cyber Essentials and Cyber Essentials Plus is the direct result of customer requests,” reveals Ron Phelan, IT Manager at NCMT. “Large aerospace, defence and automotive manufacturers, for example, now want more than an NDA that simply states their data is secure – they want proof. Cyber Essentials Plus, with its external audit, provides that reassurance. It demonstrates that we are ahead of the curve and put customers first, just like Okuma and Makino, by providing a holistic approach to secure machining. Machine tool suppliers without this level of certification may not be considered for future investments by large OEMs.”

Be safe, not sorry

Cybersecurity resonates strongly with Okuma and Makino, NCMT’s two main machine tool principals, with both imparting their own intensive levels of cybersecurity.

“Okuma’s latest OSP-P500 control [fitted to all new Okuma machines] features comprehensive and powerful security functions as standard that ensure optimal cybersecurity and enable information recovery through regular back-ups of the control software and data,” reports Richard Turner, General Manager for Okuma Products at NCMT.

Jürgen Kläser, Senior Manager FA/IT/PSG and Product Manager OSP at Okuma Europe, adds: “We implement a three-step solution. For comprehensive risk management and preventive protection, the security features prevent manipulation attempts and detect anomalies and program manipulation at an early stage. As a second step, advanced user identification processes prevent unauthorised access to the control and machine interfaces, ensuring real-time protection.”

A ‘whitelist’ feature completes the Okuma security solution, whereby companies can determine which applications it permits to run on the machine.

Location, location, location 

Makino also operates a whitelist-type antivirus software for its embedded control system, ensuring complete data protection, while another interesting security function is geo-locking.

“Before ‘unlocking’ a Makino machine we have to provide the installation date and customer details, including location, after which Makino provides a temporary password,” explains Andrew Garratt, General Manager for Makino Products at NCMT. “Only during installation do we receive the final password to unlock the machine in that specific location. If the customer sells or moves the machine, even within the workshop, sensors will prevent it from powering up. The customer will have to alert Makino, via NCMT, to the new location and make use of a new password.”

Among other things, geo-locking prevents machine theft or use by certain countries for unscrupulous activities. Okuma machines have a similar function.

The net benefits

“From NCMT’s perspective, we have a separate network for Okuma and Makino machines that we ringfence with a firewall,” says Ron Phelan. “Only authorised NCMT personnel have access. A separate network ensures cybersecurity for both internal NCMT processes and the machines.”

The increasing digitalisation and connectivity of production environments are creating new points of attack for cybercriminals, making it essential for manufacturers to think carefully about their machine tool suppliers and their ability to demonstrate appropriate cybersecurity measures.