Who do you trust? In manufacturing, the answer should be no one

What you’ll learn:

Traditional security models treated networks like moated castles—anyone or anything inside the perimeter was assumed safe, but today’s factories are no longer isolated silos of machines.
Zero trust starts with a simple principle: never trust, always verify.
Despite rapid digital transformation, many manufacturers still rely on outdated security models like flat networks, legacy PLCs, and minimal access controls.

Imagine you’re at a café and a stranger asks to borrow your cellphone. Do you just hand it over? Probably not. You’d want to know who they are, why they want it, and what they’ll do with it. With all the sensitive data and banking access on your personal handset, that hesitation doesn’t make you paranoid; it makes you smart.

Now imagine the same logic applied to manufacturing across thousands of interconnected systems controlling machinery—from factory robots, to power grids, to all the hardware and software that monitors and controls devices, processes and infrastructure.

In modern manufacturing, IoT sensors monitor everything from pressure to temperature, AI decides when to trigger shutoffs, and cloud platforms manage global workflows. These systems are built for productivity, but when trust is misplaced or unverified, the consequences can be severe, threatening worker well-being, product quality and even public safety.

Forget the drawbridge: The era of perimeter-based security is over

Traditional security models treated networks like moated castles—anyone or anything inside the perimeter was assumed safe (it’s no coincidence that a type of malware that takes advantage of this approach is called a Trojan horse). But as manufacturing environments have evolved, that assumption has become a liability.

Today’s factories are no longer isolated silos of machines. Manufacturing has become a hyperconnected ecosystem where IT and OT systems share data, AI automates decisions, digital twins simulate entire operations, and third-party devices plug directly into production lines. Every connection is a potential entry point, and attackers know it.

Manufacturing is now the most targeted industry for ransomware, accounting for up to 29% of reported attacks, according to CheckPoint Research. And this isn’t just about data loss—when OT systems are compromised, the impact is often physical and immediate. Think shutdowns, broken supply chains, or even nationwide disruption.

For example, in April 2025 power outages across Spain and Portugal brought trains, hospitals and factories to a standstill. Though evidence does not indicate it was caused by a cyberattack, the incident underscored the real-world disruption a single point of failure can cause.

And with manufacturing systems supporting everything from food and pharmaceuticals to energy and defense, the stakes couldn’t be higher. In an environment where uptime and safety are paramount, the only safe assumption is that everything—human or machine—can be compromised. Enter zero trust approach.

Zero trust: More than a cybersecurity framework

Zero trust starts with a simple principle: never trust, always verify. Remember learning the question words at school: who, what, when, where, why, which? In a zero-trust environment, every user, device and application must answer those questions, every time, before they’re granted access.

It’s a model that assumes breach by default and uses real-time data to assess identity, behavior, device health and access context.

In manufacturing, that goes beyond verifying people. Machines need identity, too. For example, a programmable logic controller should only accept instructions from verified apps or authorized engineers.

Every system must enforce “least-privilege” access, letting people and devices do only what they’re permitted to do. And every action must be logged automatically, so teams can track who did what, when and why to support compliance and incident response.

Modern manufacturing demands a new mindset

Despite rapid digital transformation involving cloud platforms, autonomous robotics, AI and IoT, many manufacturers still rely on outdated security models like flat networks, legacy PLCs and minimal access controls.

These systems were designed for reliability, not resilience. Add the explosion of remote access tools and third-party integrations and the attack surface has grown significantly.

Zero trust offers this practical blueprint for manufacturers:

Authenticate at every layer: Human users and machines alike must verify identity and device health before gaining access.
Enforce least privilege: Engineers and devices can only interact with systems they’re explicitly authorized to access.
Micro-segment networks: Divide and isolate systems to prevent bad actors from moving freely.
Ensure offline resilience: Use tools that securely sync offline-collected data once reconnected to the network.
Audit everything: Every action is logged to support compliance and rapid investigation.

Beyond zero trust in manufacturing

What’s happening in manufacturing reflects a broader trend across industries like finance, health care and utilities—anywhere physical infrastructure meets digital control. From hospital ventilators to water grids and payment terminals, the principle is the same: when cyber risk meets physical systems, the consequences increase exponentially.

And that’s why zero trust is gaining traction far beyond the factory floor. At DXC, we’re seeing cross-sector clients recognize that zero trust isn’t just IT’s responsibility; it needs to be an enterprisewide initiative, and that includes OT teams as well.

The cost of doing nothing is higher than the cost of change. Zero trust is hard to implement, especially in environments that were built decades ago on legacy systems not designed for this level of scrutiny. Culture clashes between IT and OT teams can happen. And yes, budgets are tight.

But doing nothing is far more expensive. This could cost operational downtime, ransom payments, damaged reputations, regulatory failures and, most critically, risks to human safety.

This shift isn’t about distrusting your people or overcomplicating your systems. It’s about adapting to a new reality. A reality where digital infrastructure is business-critical and cybersecurity must evolve from being a technology issue to a board-level enterprise risk.

The perimeter has perished. In today’s manufacturing landscape, identity is the new perimeter. Every person, machine and system must prove they belong—continuously. Zero trust gives manufacturers a scalable, practical path to resilience and operational continuity.

To that end, DXC partners with leading manufacturers to assess risks, modernize controls and embed zero trust principles into every layer of operations.

Beyond zero trust lies a more adaptive and resilient security paradigm that integrates continuous risk assessment, threat intelligence and autonomous response. This next phase focuses not just on verifying identity and access, but also on anticipating, mitigating, and recovering from sophisticated attacks in real time.

Concepts such as cyber resilience, AI-driven threat detection, and behavioral analytics are gaining traction, aiming to create dynamic defense systems that learn and evolve. In this future-forward approach, trust is not only continuously verified but also contextually evaluated, allowing for smarter, more responsive protection in complex, hybrid environments.

Start with your critical systems. Understand your assets, your users and your access flows. Build in validation checkpoints. Keep verifying and authorizing all connections. And close the gap between risk and resilience across the enterprise.