Today, F. Zimmermann’s highly precise gantry milling machines are complex digital systems. Controls, industrial PCs and internal networks must be secured in such a way that malware cannot be introduced and adjacent corporate networks are not put at risk. Cyber resilience is therefore becoming an integral part of modern machine tools.
What distinguishes machine safety from cyber security? The former protects operators from hazards posed by the machine itself. Safety functions prevent mechanical or electrical risks and ensure that people are not harmed. “Cyber security, on the other hand, affects the entire digital network of a machine,” explains Christian Gaarz, Head of Software Development & Commissioning at F. Zimmermann GmbH.
“All networked components with an IP address must be secured to prevent unauthorized external access. Such interference could alter processes, cause production downtime and have serious unnoticed consequences – such as data loss or manipulated manufacturing parameters. This is particularly critical for components later used in safety-relevant applications such as aerospace.”
Christian Gaarz has been working for the machine manufacturer from Neuhausen auf den Fildern for around four years. Together with his team, he is responsible for everything that digitally brings the machines to life: from drives and sensor technology to software solutions. In doing so, he ensures that mechanical components become a fully functional and process-reliable overall solution.
Clear regulatory requirements
The regulatory requirements are clearly defined. The Cyber Resilience Act (CRA) sets out binding rules for how digital products and systems must be secured. Together with the Machinery Regulation (EU) 2023/1230 and the NIS 2 Directive, this creates a clear European legal framework. “For us as a machine manufacturer, this means cyber resilience is no longer an optional extra service, but a regulatory obligation,” reports Gaarz. “We must comply with this binding framework by 2027 at the latest.”
These requirements already apply during the development phase and directly impact design, software architecture and documentation – in line with the principle of “Security by Design.” In other words, security aspects are not added afterwards; they are an integral part of machine development from the very beginning.
F. Zimmermann is preparing systematically for these requirements. The company is represented in various specialist working groups and works closely with control manufacturers such as Heidenhain and Siemens as well as external specialists. Gaarz explains: “Especially for a mid-sized machine manufacturer, it is crucial to pool regulatory expertise and develop practical solutions. At the same time, we are adapting internal processes and specifically training our employees.”
Structured implementation
A look at the development process shows how Zimmermann implements these requirements in practice. First, the company analyzes which requirements are relevant for the respective machine configuration. Based on this, network architectures are reviewed, segmented and supplemented with appropriate security mechanisms. Industrial PCs are secured, software vulnerabilities are assessed, and clear processes for updates and documentation are defined. “We want to minimize digital attack surfaces without compromising the dynamics or precision of the machines,” explains Gaarz.
Complexity remains high in special-purpose machine construction. Although each system is based on a machine series, each differs in details such as milling head, peripherals, automation or specific features. As a result, every machine is individually configured. Based on the electrical design and the respective equipment, a dedicated topology is created with multiple channels, axes, drives and safety functions. Every axis requires precise parameterization. Mechanical differences directly affect control behavior. Cyber security must therefore be integrated into existing structures without restricting machine performance.
A virtual parallel world
While cyber resilience strengthens security, F. Zimmermann also aims to unlock further efficiency potential. To achieve this, the machine manufacturer plans to use digital twins In the virtual environment, collision checks, parameterization and software adaptations can be carried out at an early stage. Commissioning time on the shop floor is reduced because some of the tests are performed digitally in advance. Risks are minimized and processes stabilized. This creates very tangible benefits for customers. Operators can also be trained in advance. In service cases, fault conditions can be reproduced in the digital model, allowing causes to be identified more quickly. The digital twin will therefore support both productivity and process reliability.
AI as a digital assistant
Artificial intelligence (AI) complements this development. F. Zimmermann is building an internal knowledge database that is evaluated with AI support. “In pilot projects with control manufacturers, we are investigating how AI can support us in programming or analyze error messages more quickly,” says Gaarz. “In the future, recurring tasks can be accelerated and proposed solutions generated.” The technical responsibility, however, remains with the engineer. Zimmermann sees AI as an assistance system whose results must be checked and validated. Transparency and traceability are crucial. AI could also accelerate the creation of a digital twin, making the structured development process of a machine more efficient overall.
The guiding principle “Beyond Precision” comprehensively describes this ambition: Zimmermann demonstrates how traditional precision is being redefined in a connected industry – as the interaction of mechanics, intelligence and digital responsibility. For CEO Frieder Gänzle, his development reflects technical responsibility. When components are manufactured for use in highly sensitive applications, it underlines the importance of a holistic understanding of precision. Through the consistent integration of cyber resilience, simulation and AI, the machine manufacturer is strengthening its role as a technology partner for highly precise large-part machining and creating the basis for long-term investment security in an increasingly connected industry.
“We understand precision not only as a mechanical quality feature, but as a holistic aspiration that combines safety, digitalization and engineering expertise,” concludes Gänzle.