Today, Zimmermann’s high-precision portal milling machines are complex digital systems. Control systems, industrial PCs and internal networks must be secured in such a way that neither malware can impact nor adjacent company networks are endangered. Cyber resilience is fast becoming an integral part of modern machine tools.
What distinguishes machine security from cyber security? The former protects the operator from hazards posed by the system. Safety features prevent mechanical or electrical risks and ensure that people are not harmed. Christian Gaarz, head of software development & commissioning at Zimmermann said: “Cyber security, on the other hand, affects the entire digital network of a machine. All networked components with IP addresses must be secured in such a way that no unauthorised access from the outside is possible. Such an intervention could change processes, cause production to fail and have serious consequences go unnoticed – such as data loss or falsified production parameters. This is particularly critical for components that will later be used in safety-relevant applications such as commercial and military aviation.”
Mr Gaarz has been employed by Zimmermann for around four years. In his role, he and his team are responsible for everything that brings the company’s portal milling machine systems to life digitally: from drives to sensor technology and software solutions. In this way, he ensures that mechanical components are turned into a functional, process-reliable overall solution with top-of-mind security in place. Zimmermann is based in Germany and operates under Frieder Ganzle, managing director, who has fully supported the integration of cyber resilience into the machines designed and built by the company.
The regulatory requirements are clearly defined. The Cyber Resilience Act (CRA) stipulates how digital products and systems are to be secured. Together with the Machinery Regulation (EU) 2023/1230 and the NIS 2 Directive, a clear European legal framework is being created. Mr Garz said: “For us as a mechanical engineering company, this means that cyber resilience is no longer a voluntary additional service, but a regulatory obligation. We must meet this binding framework for compliance as early as 2027.”
The requirements already take effect in the development phase of the machines and have a direct impact on design, software architecture and documentation, the company’s key concept being “security by design”. This means machine safety aspects are not added retrospectively, they are an integral part of machine development from the very beginning.
Zimmermann systematically prepares for these requirements. The company is represented among various industry specialist working groups and collaborates closely with control manufacturers such as Heidenhain and Siemens, as well as external specialists. Mr Gaarz noted: “Especially for a medium-sized mechanical engineering company such as Zimmermann, it is crucial to bundle regulatory know-how to develop practical solutions. At the same time, we are adapting internal processes and training our staff in a very targeted manner.”
A look at the development process shows how Zimmermann implements these requirements in a highly practical way. First, the company analyses which requirements are relevant for the respective machine configuration. Based on this, network architectures are reviewed, segmented and supplemented by suitable security mechanisms. Industrial PCs as well as the main CNC on the machine are secured, software vulnerabilities are assessed with clearly defined processes for updates and documentation. Mr Gaarz explained: “We want to minimise digital attack surfaces without impairing the dynamics or precision of the machines.”
In special machine construction, complexity remains high. Although each system is based on an existing Zimmermann series, it differs in detail such as milling head, peripherals, automation or other specific motion and material handling equipment. This means that each system is also configured individually. The electrical plan and the respective equipment are used to create a separate topology with several channels, axes, drives and safety functions. Each axis requires precise parameterisation. Mechanical differences have a direct effect on the control behavior. Cyber security must therefore be integrated into existing structures and must not limit the performance of the machine.
While cyber resilience strengthens security, Zimmermann also wants to further leverage efficiency potential. To this end, the machine manufacturer plans to use digital twins: The virtual environment allows collision checks, parameterisations and software adjustments to be carried out at an early stage. The time for commissioning on the factory floor is reduced, as some of the tests are carried out digitally, in advance. Risks are minimised and processes stabilised. This results in very concrete advantages for the customer. In addition, operators can be trained in advance. In the event of service requirements, fault status can be reproduced in the digital model, so that causes can be identified more quickly. The digital twin supports both machine productivity and process reliability.
Artificial intelligence (AI) complements this development. Zimmermann is building an internal knowledge database that will be evaluated with the help of AI. Mr Gaarz said: “In pilot projects with control manufacturers, we are investigating how AI can support us in programming or analysing error messages more quickly. In the future, recurring tasks can be accelerated and proposed solutions generated.” The technical responsibility remains with the engineer. Zimmermann understands AI is an assistance system whose results must be checked and validated. Transparency and traceability are crucial. AI could also be used to create a digital twin more quickly. This also makes it possible to implement the structural development process of a machine more efficiently.
The guiding principle “Beyond Precision” describes this claim comprehensively, as Zimmermann shows how traditional precision is redefined in a networked industry – as an interplay of mechanics, intelligence and digital responsibility. Cornelius Kiesel, North American president of Zimmermann, said: “This development is an expression of technical responsibility.”
When components are manufactured that will later be used in highly sensitive applications, this concept underlines the importance of holistically conceived precision. With the consistent integration of cyber resilience, simulation and AI, the machine manufacturer is strengthening its role as a technology partner for high-precision, large-scale machining and creating the basis for long-term investment security in an increasingly networked industry.
Mr Kiesel concluded: “We see precision not only as a mechanical quality feature, but also as a holistic claim that combines cyber safety, digitalisation and engineering expertise.”
Click Here For The Original Source
