Defending Manufacturing In A Connected World
Ravi Soni is principal—strategic design consulting (manufacturing) at Infosys.
With the rise of smart manufacturing and Industry 4.0, manufacturing processes are more interconnected than ever. While integrating operational technology (OT) with information technology (IT) drives efficiency and innovation, it also exposes systems to new risks. With the physical barriers that once separated these systems now removed, OT systems and applications are vulnerable to cyber threats as they become connected to networks, cloud platforms and remote operations.
This increased connectivity elevates the risk of cyberattacks, including ransomware and intellectual property theft. That is why manufacturers should implement robust security strategies to protect operations, intellectual property and critical systems.
Key Security Challenges In Manufacturing Applications
The Growing Threat Landscape
The manufacturing sector has seen a sharp rise in ransomware attacks. In 2023 alone, 65% of manufacturing and production organizations reported ransomware incidents, representing a significant increase over prior years. Such attacks cause major disruptions by halting production and delaying shipments, which can sometimes paralyze entire supply chains.
Newer technologies like 5G and cloud infrastructure increase this vulnerability. Cybercriminal groups such as LockBit and BlackSuite exploit these advanced connections to target both IT and OT systems. Such sophisticated attacks make it essential for manufacturers to employ advanced security practices.
Legacy Systems and Fragmented Security
A significant challenge for manufacturers is the reliance on legacy systems not built to withstand modern cyber threats. Many of these systems are decades old, making it challenging to implement current security measures. Integrating these outdated systems with newer IT networks often results in security gaps, which attackers exploit. For example, 29% of ransomware attacks in manufacturing are initiated through malicious emails and 27% exploit unpatched vulnerabilities. To mitigate these risks, network segmentation is essential, as well as isolating OT systems from IT networks to limit the spread of ransomware.
Best Practices for Securing Manufacturing Applications
Zero Trust Architecture Implementation
Zero trust architecture (ZTA) is essential for securing OT environments where legacy and modern systems coexist. ZTA operates on the principle of “never trust, always verify,” ensuring continuous authentication and restricted access. This approach minimizes the impact of breaches by limiting lateral movement within networks through micro-segmentation. Role-based access ensures users and devices can only interact with necessary systems, reducing potential attack surfaces. If done correctly, this can minimize the impact of potential breaches
Enhanced Monitoring and Response
Continuous monitoring of OT networks provides real-time insights into anomalies and threats. Tools like intrusion detection systems (IDS) and security information and event management (SIEM) let manufacturers detect and manage security incidents immediately, helping to head off operational disruptions. Regular assessments and patch management for legacy systems add another layer of security, especially when frequent updates are not available.
The integration of cloud and edge computing has transformed data processing. Companies can now get real-time insights at the source, such as on factory floors. The result: reduced latency and improved applications like predictive maintenance and quality control. At the same time, this integration also exposes systems to more security risks, making encryption, access control and monitoring critical. As highlighted in my Forbes article on edge computing, evolving security architectures are necessary to defend against cyber and physical threats and maintain operational continuity.
5G connectivity and Industrial IoT (IIoT) are further revolutionizing manufacturing by offering fast, reliable data transfer. But they also expand the attack surface, which can leave systems vulnerable to DDoS and ransomware attacks. That’s why manufacturers should employ network segmentation, encryption and continuous monitoring. Advanced OT cybersecurity technologies like industrial intrusion detection systems (IDS), secure remote access and AI-powered anomaly detection are also vital in protecting OT environments.
Regulatory And Compliance Requirements: Global Regulatory Landscape
Global regulatory frameworks for OT security in manufacturing, such as the National Institute of Standards and Technology (NIST) cybersecurity framework in the US, help provide guidance on managing cybersecurity risks. NIST’s five core functions—identify, protect, detect, respond, and recover—form a flexible approach to security in critical infrastructure.
In Europe, the IEC 62443 standard is crucial for OT security in industrial automation and control systems. Additionally, although focused on personal data protection, the general data protection regulation (GDPR) indirectly influences OT security, especially in manufacturing environments where IoT devices may handle or transmit personal data.
In China, the cybersecurity law mandates regular security assessments and access control for OT systems in critical industries. Japan’s cybersecurity framework also aligns with global standards as it requires strengthened cybersecurity protocols for critical sectors. Manufacturers who adhere to these frameworks can manage cybersecurity risks effectively while also meeting compliance requirements.
Conclusion, Future Trends And Call To Action
As manufacturing becomes more digital and interconnected, proactive and integrated security approaches are becoming increasingly necessary. Traditional reactive strategies are no longer enough. Predictive security strategies, driven by AI and machine learning, help manufacturers analyze data and anticipate potential threats. Armed with this information, they can act before incidents occur.
Manufacturers should assess their OT security practices to identify vulnerabilities and safeguard legacy systems. They should adopt modern security measures like network segmentation and AI-driven anomaly detection. By staying compliant with evolving global regulations and prioritizing cybersecurity, companies can protect themselves against current threats and prepare for future ones.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
link