I work in software development for a CNC machine builder. We don’t do anything like this. I suppose some countries may have a requirement for this sort of thing for export control, but I suspect it’s really there to prevent somebody from leasing a machine and then selling it to somebody else and skipping. As to the stuxnet-type fears, it’s best not to be connected to an insecure network. Also, the parts made by the machine have to be checked anyway, so if somebody did alter the part program the parts produced wouldn’t pass QA. The hack would amount to an act of petty vandalism, with the machine shop simply losing the time and material invested in the defective parts.
