
Zimmermann's high-precision portal milling machines are complex digital systems. Control systems, industrial PCs and internal networks must be secured in such a way that malware cannot impact them or endanger adjacent company networks. Cyber resilience is fast becoming an integral part of modern machine tools.
"Cyber security affects the entire digital network of a machine," explains Christian Gaarz, Head of Software Development & Commissioning at Zimmermann. "All networked components with IP addresses must be secured in such a way that no unauthorized access from the outside is possible.
"Such an intervention could change processes, cause production to fail and have serious consequences go unnoticed – such as data loss or falsified production parameters."
Clearing Regulatory Requirements
The regulatory requirements are clearly defined. The Cyber Resilience Act (CRA) stipulates how digital products and systems are to be secured. Together with the Machinery Regulation (EU) 2023/1230 and the NIS 2 Directive, a clear European legal framework is being created.
"For us as a mechanical engineering company, this means that cyber resilience is no longer a voluntary additional service, but a regulatory obligation," reports Gaarz. "We must meet this binding framework for compliance as early as 2027."
The requirements already take effect in the development phase of the machines and have a direct impact on design, software architecture and documentation, the company’s key concept being "security by design". This means machine safety aspects are not added retrospectively, they are an integral part of machine development from the very beginning.
Zimmermann systematically prepares for these requirements. The company is represented among various industry specialist working groups and collaborates closely with control manufacturers such as Heidenhain and Siemens, as well as external specialists.
Gaarz notes, "Especially for a medium-sized mechanical engineering company such as Zimmermann, it is crucial to bundle regulatory know-how to develop practical solutions. At the same time, we are adapting internal processes and training our staff in a very targeted manner."
Structured implementation
A look at the development process shows how Zimmermann implements these requirements in a highly practical way. First, the company analyzes which requirements are relevant for the respective machine configuration. Based on this, network architectures are reviewed, segmented and supplemented by suitable security mechanisms.
Industrial PCs as well as the main CNC on the machine are secured, software vulnerabilities are assessed with clearly defined processes for updates and documentation. "We want to minimize digital attack surfaces without impairing the dynamics or precision of the machines," explains Gaarz.
In special machine construction, complexity remains high. Although each system is based on an existing Zimmermann series, it differs in detail such as milling head, peripherals, automation or other specific motion and material handling equipment.
This means that each system is also configured individually. The electrical plan and the respective equipment are used to create a separate topology with several channels, axes, drives and safety functions. Each axis requires precise parameterization. Mechanical differences have a direct effect on the control behavior. Cyber security must therefore be integrated into existing structures and must not limit the performance of the machine.
Virtual, Parallel World
While cyber resilience strengthens security, Zimmermann also wants to further leverage efficiency potential. To this end, the machine manufacturer plans to use digital twins: The virtual environment allows collision checks, parameterizations and software adjustments to be carried out at an early stage.
The time for commissioning on the factory floor is reduced, as some of the tests are carried out digitally, in advance. Risks are minimized and processes stabilized. This results in very concrete advantages for the customer. In addition, operators can be trained in advance. In the event of service requirements, fault status can be reproduced in the digital model, so that causes can be identified more quickly. The digital twin supports both machine productivity and process reliability.
Artificial intelligence (AI) complements this development. Zimmermann is building an internal knowledge database that will be evaluated with the help of AI. "In pilot projects with control manufacturers, we are investigating how AI can support us in programming or analyzing error messages more quickly,” says Gaarz.
“In the future, recurring tasks can be accelerated and proposed solutions generated." Transparency and traceability are crucial. AI could also be used to create a digital twin more quickly. This also makes it possible to implement the structural development process of a machine more efficiently.
When components are manufactured that will later be used in highly sensitive applications, this concept underlines the importance of holistically conceived precision. With the consistent integration of cyber resilience, simulation and AI, the machine manufacturer is strengthening its role as a technology partner for high-precision, large-scale machining and creating the basis for long-term investment security in an increasingly networked industry.






















