Threat levels increasing

CYBERSECURITY THREATS in manufacturing are becoming increasingly prevalent, with industrial facilities a prime target for financially motivated cybercriminals. As manufacturing systems become more interconnected, cyber threats are expanding, making it essential for companies to adopt strong security measures.

Mike Bayer global director, contracts services portfolio and business strategy at Rockwell Automation emphasised that manufacturers are increasingly being targeted because of the high financial cost associated with downtime. "The cost of anyone not being able to make their widgets, their product, their diapers, their alcohol, their pills, whatever it may be, is incredible to customers, and threat actors know it," he explained. The more connected a plant becomes, the greater the potential vulnerabilities, as sensors and control systems create an expanded attack surface.

Expertise gap

Another key challenge is the lack of cybersecurity expertise among the workforce. "The people that are supporting that control system, they don't have the expertise. They're not cybersecurity experts," Bayer noted. This skills gap, combined with evolving regulations and increasing pressure from insurance companies and executive leadership, can put industrial organisations in a precarious position. Companies need to prove that they are making security a priority, not just as a one-time effort but as a continuous journey.

A crucial first step in this journey is identifying assets. Many manufacturing facilities operate with equipment that spans decades, incorporating various vendors and software versions, some of which may no longer be supported. "In an OT plant floor, you may have lines that have evolved over 20, 30, 40, 50 years," Bayer said. "Think about what that means for the generations of assets that are out there." Without a clear understanding of what assets exist, organisations are essentially guessing when it comes to securing their infrastructure.

To bring structure to this challenge, Rockwell advocates for a framework-based approach, specifically leveraging the US National Institute of Standards and Technology (NIST) framework. "Using a framework takes the emotion out of understanding where to start," Bayer stated. 

The framework begins with asset identification, then moves into protection strategies such as network segmentation and firewall deployment. However, protection alone is not enough; organisations must also focus on detection, assuming that attackers will eventually breach their defences. Bayer stressed the importance of having a response plan in place: "Assume that your firewalls, your moat around your house, is imperfect. So have a plan. What are you going to do when that happens? How do you respond to it?"

Approach with care

Rick Kaun, VP solutions at Verve Industrial Protection, part of Rockwell Automation, expanded on the complexity of legacy environments and the need for precise asset identification. Unlike IT systems, which can be easily patched and managed, operational technology (OT) systems require a more careful approach.

"We need to be able to understand multiple dimensions of the asset, because we can't just do Plan A, which is 'patch-on-Tuesday'," Kaun explained.

Understanding an asset’s lifecycle status and operational impact is crucial because even well-intentioned security updates can cause significant disruptions. He cited an example of an incident where a simple firmware update led to a $17m event.

To address these challenges, Rockwell has developed a contextual risk scoring system that provides a comprehensive view of an organisation’s cybersecurity stance. "We start with the asset itself – it’s a Windows box, a network switch, or a PLC – and then we add criticality components, for example if it's a critical safety system or at a high-value facility," Kaun said. By layering this data with external threat intelligence and existing security investments, organisations can make informed decisions on where to allocate their resources.

Kaun described a case study where a global manufacturing company streamlined its vulnerability management process using this approach. Previously, when a security vulnerability was identified, each of the company’s 52 sites independently addressed the issue, leading to inconsistent results and wasted effort. With Rockwell’s system in place, the company was able to centralise its response, saving "seven out of every 10 hours per incident", Kaun noted. Instead of spending the entire week on security updates, engineers were back to their core tasks by Tuesday afternoon.

Positive transparency

Both Bayer and Kaun highlighted the growing regulatory focus on cybersecurity. "I think the transparency is improving," Bayer said. "Regulation policy is driving that, but I also think the community is supporting it." He acknowledged that while some manufacturers may still be hesitant to disclose cyber incidents, many are beginning to see transparency as a positive force.

One of the most significant shifts in cybersecurity strategy is the increasing emphasis on response planning. "That right side of the screen – around responding to incidents – is getting a lot of focus," Bayer said. "The fact that we're making the assumption that it's not if, it's when, means having a plan, doing tabletop exercises, and having a response team on retainer is critical." 

By planning ahead, companies can execute a structured response rather than scrambling in the midst of a crisis.

Kaun also pointed out that the cybersecurity landscape is moving towards proactive risk management. "If you look at the Department of Energy and the recent TSA guidelines, they want to move more industries towards a regulated and structured way so we have reporting and accountability," he said. Out of 38 Cyber Practice Guidelines (CPGs), 33 are focused on identifying and proactively managing risk, underscoring the need for comprehensive security programmes rather than isolated point solutions.

As the discussion concluded, Bayer emphasised the importance of data-driven decision-making. "It takes that guesswork out of the framework," he said. "You have to spend your money wisely because we all know that the threat landscape is wide, the pressure is on, and you only get so much investment every fiscal year."

Cybersecurity in manufacturing is no longer a secondary concern – it is a business-critical issue. As threat actors continue to evolve, organisations must adopt structured frameworks, invest in asset visibility, and implement proactive risk management strategies to protect their operations. The future of industrial security depends on it.

www.rockwellautomation.com