Building cybersecurity through secure drives

THE FIRST few months of 2025 saw ransomware incidents directed at manufacturers jumped by nearly half compared to the previous year. To those watching the industrial landscape closely, this figure will hardly come as a shock. Manufacturers worldwide are embracing technology that brings once-siloed machines into digital ecosystems. But while this promises efficiency and flexibility, every new connection could be an open door for cybercriminals.

Traditionally, business cybersecurity has lived firmly in the realm of corporate IT environments: networks, software, and digital assets. What is often overlooked is the operational technology (OT) layer, which encompasses all the physical equipment at the heart of an industrial plant, like electric motors. In that OT layer sit industrial variable speed drives (VSDs) — devices that control motor speed to precisely match operational demand, allowing smoother and more energy-efficiency operation.

Securing the frontline

An unprotected drive can expose a factory to production line shutdown, compromised product quality, worker endangerment, and provide a platform for future (and possibly even more esoteric) cyber-attacks. Because drives often sit where motors and networks converge, a single compromised unit could put the entire plant at risk. And for small and medium-sized OEMs, navigating this reality is particularly challenging, as limited budgets and in‑house expertise can make building security into machines from day one near impossible.

This risk has grown as factories evolve from isolated control systems into hyper‑connected, data‑driven environments. Modern drives and PLCs increasingly ship with Ethernet ports, streaming data directly into dashboards and analytics platforms, with many extending that flow into the cloud. That connectivity enables smarter, faster decision‑making, but also expands the attack surface. Vulnerabilities aren’t always visible at first glance. A factory may accidentally leave outdated firmware in place. An administrator might never close unnecessary communication ports. A supplier may ship equipment relying on default user credentials or weak authentication routines. 

Attackers don’t need much; it only takes one of these weak spots for defences to unravel. Too often, speed and performance are prioritised, while security is bolted on later — a strategy that’s non‑compliant as well as risky. With new machinery regulations on the horizon in Europe and elsewhere, manufacturers and OEMs must embrace cyber protection as a design‑level requirement. And drives are a great place to start.

Protecting drives from the inside out

Encouragingly, a new generation of industrial drives shows how cybersecurity can be implemented from the ground up. Take ABB’s ACS380‑E machinery drive as an example: rather than treating protection as an optional accessory, it was developed with cybersecurity engrained in its architecture. For small and medium‑sized OEMs, it’s a golden opportunity. By embedding protection at the drive level — the lowest layer of the automation stack — they can build machines that are cyber‑secure from the ground up, without the need for complex and expensive add‑ons.

Think of it as moving away from defending a building with a tall external fence, and instead equipping every building, corridor, and even every door with its own locks and monitoring systems.

Supply chains are also treated as potential risk vectors, so thorough checks that ensure components are authentic and untampered with are part of the process. The ACS380-E reflects a broader mindset shift: that in today’s factories, even the smallest bit of connectivity must be airtight.

The anatomy of a secure drive

Modern secure drives consist of multiple layers of defence working in tandem. Instead of relying on fixed passwords, the ACS380-E uses granular access management so user roles define exactly who can log in, configure, or make changes. Even the drive manufacturer cannot bypass those rules. The drives also verify their firmware before each start‑up, a process known as trusted boot. Only signed and validated code is allowed to run, and in the case that tampering is detected, the system automatically rolls back to the last uncompromised version. This ensures that operations continue uninterrupted.

Protection extends to communication as well. Unused ports are closed by default, which eliminates the risk of unnecessary entry points, while permitted connections are restricted exclusively to trusted devices. Everything else is refused. In addition, every access attempt is recorded in a detailed security log. These logs provide the visibility needed to diagnose and respond in real time, as well as to demonstrate compliance to auditors and regulators.

Taken together, these capabilities mean that even if attackers attempt to breach a drive, their opportunities are limited and their actions are traceable. In turn, the odds of a chain reaction across the network are much lower.

What buyers should assess  

Decisions when purchasing drives can no longer rest solely on familiar performance indicators like response speed or torque accuracy. While those qualities remain essential, they only represent part of the equation. Forward‑looking manufacturers are also weighing how well a drive stands up to modern cybersecurity standards.

That evaluation starts with compliance: does the drive meet today’s cybersecurity frameworks, and is it flexible enough to evolve as new regulations come into play? Equally important is firmware integrity. A secure boot process that blocks anything except approved and signed code ensures the drive cannot be tricked into running malicious software. Buyers should also examine how access to the device is managed. Support for multiple user roles and integration with existing identity management systems prevent unauthorised changes and limits exposure when credentials are compromised.

Monitoring and logging functions add yet another layer of protection. An effective drive will capture every access attempt and provide visibility that is critical not only for real‑time response, but also for proving compliance later down the line. Finally, security must extend to the network layer. Drives should allow administrators to disable unused access points before the system even goes into service, meaning the number of entry points available to attackers drops.

Not factoring these considerations into procurement leaves much more than the drive itself at risk. It can undermine the resilience of an entire facility.

Secure at the core

The increasing reports of ransomware and cyber breaches should serve as a reminder: the threat is not abstract, and it is not limited to IT systems. Drives are central components bridging machinery and networks, and so are indispensable to the conversation. By locking in cybersecurity at the OT layer, manufacturers guarantee not only productivity and compliance – but peace of mind, too.  

Prabhu Nagavi is global product manager for machinery drives at ABB

global.abb/group/en