A Security Analysis of CNC Machines in Industry 4.0.

Computer numerical control (CNC) machines are extensively used in production plants and are considered a crucial asset for organizations worldwide. These machines require unique controllers that differ from those used in other types of machine tools in terms of software architecture, protocols, and design, so to meet the high precision and accuracy demands of their applications. The growing adoption of network-enabled systems in the industrial domain, driven by Industry 4.0, has resulted in an increased use of CNC machines. These machines have evolved from traditional mechanical machines to full-fledged systems with multiple networking services for smart connectivity. This study investigates the risks associated with this technological development. Using actual machine installations, we conducted the first empirical evaluation of the privacy and security implications of Industry 4.0 in the CNC domain. Our findings revealed that malicious users could conduct five types of attacks: compromise, denial-of-service, damage, hijacking, and theft. We reported our findings to the affected vendors and proposed mitigations to manufacturers, integrators and end-users. Our work aims to provide an opportunity to increase awareness in a domain where security does not appear to be a priority at present.