Stealing Intellectual Property from CNC machines.

Rhett Greenhagen
5 min readJul 5, 2020

--

Assets are an integral part of any business. Irrespective of their nature, businesses require assets to thrive. Assets can be classified either as tangible or intangible in nature. While tangible assets mainly relate to machines and infrastructural capital, intangible assets pertain to goodwill, patents and IP. These intangible assets dictate the trajectory of businesses and are indispensable to their market performance. A good IP i.e. Intellectual Property is an important cornerstone for a business’ inception. Essentially, Intellectual Property refers to the invention that originates from a person’s mind. They are legally owned intangible assets that can be commoditized. Patents, Trademarks, Copyrights are derivatives of Intellectual Property.

While laws exist to protect IP holders, IP theft still remains to be an issue. With respect to digital media, IP theft is still rampant. Stealing movies, music and software, which constitutes as piracy, is rife across the media industry. While this favors users from a financial perspective, it takes away revenue from those who created the IP.

What are CNC Machines?

Computer Numerical Control Machines, short for CNC Machines, is a manufacturing process. It is a process wherein a pre-programmed computer software dictates the movement of factory tools. From grinders to mills and routers, CNC machines can be used to monitor the structural framework of these machines.

Developed as a solution to the limiting manual control needed in traditional machines, these machines have distinct software programs employed in their frameworks. These software programs differentiate it from traditional machines as they can programmed to make custom cuts. Additional components such as Foam Cutters, Laser Cutters and 3D Printing can also be incorporated into these machines.

How do CNC Machines Work?

Since CNC Machines can be programmed to make desired cuts, these cuts need to be fed into the software. Once they are fed into the proprietary system, they can carry out tasks as specified which is similar to how robots function. These machines have a central controller that is programmed using computer programs. The most popular software packages are Mach3 for Windows based devices and EMC2 for Linux devices. The administrators have to input the desired cuts into the software of their choice. Once the CAM (Computer Aided Manufacturing) program is set up, it generates the code that the machine follows.

It is worth noting that specific machines have their own custom programming language that creates the code for the machine. These machines cost a lot more but are efficient because the machine understands the code it has to follow. Therefore, it a choice between cost and comfort as spending more will get you a seamless system. However, there is a learning curve involved in these machines since they respond to a specific code.

Are CNC Machines Vulnerable?

In short, yes. Since CNC Machines heavily rely on software, they are extremely susceptible to security attacks. A lack of proper security protocol hampers the functionality of these machines. Absence of a firewall, ill-defined authentication mechanisms and inexperienced personnel operating these machines are primary reasons.

Since executing codes is a pre-requisite for these machines to work, hackers can manipulate the code. The code can be tampered with and manipulated to execute cuts which could produce defective parts. Therefore, it is important to have well-defined cyber-security mechanisms in place to ward off attacks that can destroy the business’s goodwill.

How Can CNC Machines Be Used To Steal IP?

There have been instances where CNC Machines have been exploited to steal Intellectual Property. As noted earlier, CNC machines operate according to the code that they receive via the preferred software packages. That code can easily be tampered with. The code is derived from the final CAD files. A CAD file is a 3D digital file that holds the digital format of an object. CAD systems allow manufacturers to digitally design their end products, based off of the IP.

Every CAD system has its own way of describing geometry. The final CAD file, which holds the final design and specifications, has to be imported into the CNC Machine’s software package. This software package instructs the machine to design products, based on the specifications.

How hackers steal IP from this process is by getting their hands on the final code. The final code holds the IP specifications and if stolen, can be replicated by others. The reliance on software brings a major security flaw along with it, despite its advantages.

Going back to the piracy of digital media example, product designs fall into the same category. Individuals who conceive a new product automatically create an IP, since its minute details reside in their brain. Once the idea is conceived, they then put it on paper to refine it. Once hackers steal these digital design files, they steal the IP along with it.

Solutions

Since IP resides in the minds of individuals, it is imperative to get it formalized in the form of patents. A patented IP, if stolen, can help the victims get a recourse in case it’s replicated by a competitor. Due-Diligence is important to be done while implementing these machines into the workforce.

CNC Machines, while efficient, are extremely vulnerable and it is important to develop a cyber-security infrastructure around it. Good IT Practices such as establishing a firewall, regularly installing firmware updates and documenting activities go a long way in protecting sensitive information.

Final Thoughts

CNC Machines are a huge breakthrough in the manufacturing process. Their applications are widespread, yet their security flaws haven’t been truly addressed. Companies like Siemens have partnered with ID3D to develop IP Threat Protections, which indicates how valuable their existence truly is. Implementing CNC Machines is a step in the right direction for many businesses. However, not planning their implementation is a huge step back. Thus, understanding the economics of implementing one would be the right move to not only develop the IP, but also to protect it.

--

--

Rhett Greenhagen

“I am always ready to learn although I do not always like being taught.” — Winston Churchill