NIS2 for the metal & sheet metal sector

CNC machines, laser cutters, punch presses and welding robots run on Fanuc, Siemens and Beckhoff controllers. Many installations are directly connected to CAD/CAM servers, a direct attack vector that NIS2 addresses.

In scope

OT systems that fall under NIS2

CNC controllers (Fanuc, Siemens Sinumerik, Heidenhain)
Robot controllers (KUKA, ABB, Fanuc)
Laser machines (Trumpf, Bystronic, Prima Power)
Punch presses and press brakes (Amada, LVD, Salvagnini)
CAD/CAM integration (DNC servers)
Measuring rooms and CMM controllers
Sector risks

What NIS2 means for your OT

NC program integrity

A manipulated CNC program can produce dimensional deviations that are only discovered in later production stages or by the customer, with liability risk.

DNC server as attack path

DNC servers distribute NC programs to machines. They are often connected to both the office network and machine engineering, without segmentation.

Robot safety functions

Safety functions of welding robots (safety scanner, emergency stop) are firmware-based. Older robots lack authentication on the service interface.

Our approach

Three steps to NIS2 compliance

01

DNC segmentation

DNC server on separate VLAN, only reachable via controlled CAD/CAM interface. No direct connection to office email or internet.

02

NC program audit trail

Version control system for NC programs with access control, change history and hash verification when loading onto the machine.

03

Robot service hardening

Disabling unused service ports on robot controllers, role-based access and logging of login attempts on the teach pendant/service interface.

Also relevant
Machine refit in Metal & sheet metal

OT security and machine refit often go hand in hand. A refit to a modern PLC also improves your NIS2 posture.

View refit page

Start your NIS2 assessment for Metal & sheet metal

A gap analysis starts with a technical intake specific to your sector and OT landscape.