• kkssr
    68a8d567c1ec9b43731550d5 Dreamstime M 143974084

    Patchwork of tech, siloed staff plantwide can make for cybersecurity nightmares

    Aug. 22, 2025
    The move toward connected, autonomous, and AI-driven operations offers incredible promise but also introduces new pathways for compromise of systems by bad actors.

    What you’ll learn:

    • Smart manufacturing has created a convergence of digital systems and physical processes, yet security programs haven’t always kept up.
    • This patchwork of technology and systems makes it difficult to standardize security across sites.
    • Security and engineering teams need to partner more closely. That starts with shared language and shared incentives.

    Manufacturing has become one of the most attractive for perpetrators and vulnerable sectors for cyberattacks. What used to be an industry built on physical safety and operational efficiency is now a primary focus for nation-state actors who understand that the ripple effects of disrupting a single production line or manufacturing facility can stretch across industries, economies, and borders. Modern manufacturing environments are more connected than ever, but with that connectivity comes risk that must be met in kind.

    See also: How agentic AI can be a 'force multiplier' in IT and OT cybersecurity

    The issue does not lack for awareness. Most manufacturing leaders know the threat is real. The challenge lies in how organizations are structured to defend and respond.

    Smart manufacturing has created a convergence of digital systems and physical processes, yet security programs haven’t always kept up. Engineering teams still control operational decisions, while IT security often retains responsibility for defending against cyber threats. This creates a gap in ownership, language, and accountability.

    In our work with global manufacturers, we often hear two truths at once. First, there is an understanding that traditional approaches to remote access and privileged access are no longer adequate. Second, there is no clear agreement on who owns the problem. Is it the security team, or the plant engineer? The answer is both, and until these teams work together to rethink how secure access is designed, managed, and enforced, the vulnerabilities will remain.

    See also: New report sees surge in OT cybersecurity awareness among manufacturers

    Part of the problem is digital transformation in manufacturing is not always uniform. Some facilities are implementing cutting-edge robotics and cloud-connected analytics, while others are still operating with systems that might have been installed 20 years ago.

    This patchwork of technology and systems makes it difficult to standardize security across sites, especially when third-party vendors, contractors, and OEMs are involved in ongoing maintenance and troubleshooting. Many of these users require privileged, often remote access to critical systems, without prior scheduling.

    The default response has been to grant persistent access through VPNs or shared credentials, which opens the door to lateral movement from compromised user endpoints, credential theft, and long-dwell intrusions.

    See also: Securing smart factories when the ‘attack surface’ keeps expanding

    This is not a theoretical concern. We have observed multiple cases where insecure remote access served as the entry point for attackers to move deeper into production networks. Sometimes, access methods were not even formally documented. They were simply "the way things have always been done," passed from one engineer to another, with no oversight or auditability. This is especially risky in an environment where adversaries are patient, well-funded, and highly capable.

    The time has come to stop treating secure access as an afterthought and start treating it as a strategic control point for smart manufacturing.

    Securing and engineering teams need to become close partners

    This means making deliberate decisions about who can access which systems, under what conditions, and with what level of visibility and approvals. It means enforcing time-bound, task-specific permissions rather than broad, always-on connectivity. And it means selecting tools and architectures that support this level of granularity without slowing down operations or requiring major infrastructure overhauls.

    See also: How private 5G and IFPP are powering the next wave of industrial IoT

    To do this effectively, security and engineering teams need to partner more closely. That starts with shared language and shared incentives. For CISOs, that means understanding the constraints and realities of industrial environments, including the need for simplicity, uptime, and operational autonomy. For engineers, it means recognizing that cyber risk is no longer an abstract concern. It has a direct impact on plant availability, equipment integrity, and even personnel safety.

    The most successful organizations are the ones making security a shared responsibility. They are adopting access models that do not rely on direct network connectivity between untrusted user devices and critical systems. Instead, they are using methods that isolate protocols within production environments, monitor sessions in real time, and log every action taken.

    They are removing persistent credentials and replacing them with just-in-time authentication. And they are enabling secure collaboration between remote experts and onsite personnel, without exposing the underlying infrastructure.

    See also: Digitization for circular advantage: Enabling sustainable manufacturers to thrive

    This shift is not only about reducing risk, it’s also about improving control, enabling better decision-making, and streamlining operations and compliance.

    Regulatory frameworks such as NERC CIP, IEC 62443, and TSA SD2 are increasingly demanding proof that organizations can manage and monitor remote access.

    The ability to demonstrate that only authorized users can perform only approved actions on only the appropriate systems is quickly becoming a baseline expectation.

    e-Handbook: Cybersecurity

    Importantly, these improvements do not require massive IT projects or enterprise rip-and-replace efforts. In fact, the most effective solutions we’ve seen are the ones that meet manufacturing teams where they are. They work with existing identity systems, support air-gapped or low-bandwidth environments, and can be deployed in hours rather than months.

    What matters most is that they give organizations the ability to see, control, and verify access to their critical systems at all times.

    As more manufacturers adopt smart technologies, the pressure will only increase. The move toward connected, autonomous, and AI-driven operations offers incredible promise, but also introduces new pathways for cyber compromise. The industry cannot afford to ignore the “access layer.” It is where security, safety, and productivity intersect.

    See also: The $60 billion supply chain challenge: How to shield your extended enterprise

    Ultimately, the question every smart manufacturing leader must ask is this: Are we building a future-proof security model that matches the pace of our operational innovation, or are we hoping that yesterday’s access methods will protect tomorrow’s production?

    Security should not be a barrier to progress. It should be the foundation that allows manufacturers to embrace the future with confidence. Getting there starts with one fundamental change: making secure access a core design principle, not an afterthought.

    About the Author

    Bill Moore

    Bill Moore is founder and CEO of Xona, an ICS/OT cybersecurity firm, and works directly with CISOs and engineers within the manufacturing sector.

    Continue Reading

    Sponsored Recommendations