Amid the changing cyber threat landscape, the manufacturing industry is dealing with increasing hostile threats and attacks. Ransomware, operational technology (OT) weaknesses, and state-sponsored hacking add even more concern to the already overwhelming threatening environment, jeopardizing the viability of business continuity systems and the safety across these critical environments. Furthermore, maintaining superior levels of production uptime during today’s high-demand conditions remains a cruel industry operational requirement known to challenge the most sophisticated systems.
Dragos, an industrial cybersecurity firm, reported in February a staggering increase in ransomware-related threats, discovering 1,693 industrial firms with their sensitive data exposed on ransomware leak sites. Ransomware attacks on industrial sectors grew 87 percent year-on-year, with attacks targeting OT/ICS (industrial control systems) systems rising by 60 percent in 2024. Manufacturing was the most affected sector, with 69 percent of all incidents, 1,171 attacks across 26 manufacturing subsectors, contributing more than half of the total ransomware activity.
Maintaining security without compromising availability is perhaps the most difficult challenge to navigate. As is self-evident, manufacturing operations do not permit downtime like traditional IT infrastructure. Routine cybersecurity patching or incident response simply aren’t an option. As a result, cybersecurity strategies must be woven seamlessly into operations on a non-disruptive basis, along with risk mitigation measures that implement real-time detection and response technologies.
Resilience across the supply chain is another critical area that bears focus. Each subsequent supplier integrated into the IT ecosystem transforms into a prospective vulnerability, exploiting an open window to cyberspace. Manufacturers become increasingly reliant on just-in-time delivery models and integrated connected vendors. Building security across the entire supply chain through rigorous vendor vetting, continuous assessment, and shared industry standards has become paramount to organizational resilience.
The sector has a persistent talent gap that cannot be addressed by traditional means. Equal investment in workforce training programs, such as upskilling OT and IT staff who foster a cybersecurity culture on the factory floor, is essential. To increase efficacy, many manufacturers are resorting to complex technologies like zero trust architecture and AI-based threat detection. These methods provide detailed access control and the ability to detect atypical activities in intricate OT systems.
The inaugural ‘Industrial Cyber Days Manufacturing’ event has been designed for practitioners, by practitioners. The online event serves as an opportunity to bring together the global industrial cybersecurity ecosystem by providing critical perspectives through actionable insights, expert-led discussions, and tailored best practices to solve the specific problems of protecting digital manufacturing. The series fosters a collaborative cybersecurity culture, leverages cutting-edge technologies, and enhances risk management strategies, making the forum essential for growing resilience and advancement in combating innovation in manufacturing environments.
Cyber storm: Evolving threat landscape in manufacturing
Industrial Cyber spoke with industry experts to identify the most urgent cyber threats manufacturers face today—from ransomware attacks and critical OT vulnerabilities to state-sponsored actors such as Chinese APTs and financially driven cybercriminals. The discussion also explores how these threats have evolved in recent years, reflecting shifts in attacker tactics, technologies, and motivations.
“Sophisticated attacks such as Stuxnet, Triton, Industroyer, and Volt Typhoon typically require considerable knowledge, resources, and cost to develop, coordinate, and execute, are rare, but can have a significant impact,” Paul Veeneman, board secretary at InfraGard Member Alliance, told Industrial Cyber. “OT vulnerabilities, zero day, or otherwise, are ‘one-time-use’, requiring the actor to weigh the advantages of disclosing the attack capability, the odds that the exploit can be employed successfully, and that the desired results are achieved.”
Veeneman said that the result is the emergence of less sophisticated state-affiliated proxy actors, executing opportunistic strikes against soft targets, with negligent or deficient security, resulting in data exfiltration, espionage, and ransomware extortion. With higher frequency, but lower impact, these isolated events don’t meet state-to-state escalatory and retaliatory action, but aggregate impact to individual states can be considerable.
Citing the Federal Bureau of Investigation (FBI) IC3 2024 annual report, which stated cybercrime achieved ‘a new record for losses reported to IC3, totaling a staggering $16.6 billion. Fraud represented the bulk of reported losses in 2024, and ransomware was again the most pervasive threat to critical infrastructure, with complaints rising 9% from 2023,’ Veeneman added “this level of cyberspace ‘guerrilla warfare’ will continue in the foreseeable future, affording adversarial states plausible deniability while exerting proxy force within geopolitical tensions, conflicts, and trade wars that exist today.”
Manolya Rowe, senior security architect IoT at Dover Fueling Solutions, told Industrial Cyber that when discussing today’s most pressing cybersecurity threats in manufacturing, headlines often spotlight ransomware, critical OT vulnerabilities, or nation-state actors like Chinese APTs. “While these threats are real and growing, they often distract from a more pervasive risk: untested third-party software, firmware, and hardware. Many manufacturers integrate vendor-supplied components, such as automation firmware or embedded systems, without continuous, independent validation.”
She added that without structured third-party assurance programs, these components become invisible threat vectors. “OT vulnerabilities are expected in legacy systems, but it’s unmanaged digital supply chains that elevate risk. The real danger often comes not from external attacks, but from what’s already running inside our environments, unverified and unchecked.”
“In my opinion, I see ransomware and critical OT vulnerabilities combined with state-sponsored APTs continue to rise as they are financially or politically motivated, but another factor I would add is a lack of or ineffective governance model,” Reynaldo Gonzalez, principal cybersecurity architect at Cummins, told Industrial Cyber. “These threats are adapting and taking advantage of AI-based methods to target industrial environments for maximum disruption and evolving from opportunistic attacks to highly targeted campaigns that blend IT and OT intrusion techniques and social engineering.”
Balancing uptime and security in manufacturing operations
Manufacturers must prioritize operational uptime while also investing in robust cybersecurity measures. Executives addressed the key challenges in striking this balance and shared practical steps to enhance resilience without disrupting ongoing operations.
Veeneman highlighted that the focus should be on outcomes or impact. “If ‘x’ is down or unavailable, then ‘y’ is the impact. Organizations should prioritize solutions or mitigation to improve resilience against the consequences of an incident or event. A nation-state actor, a proxy actor, a natural disaster, or human error can result in lost productivity, profitability, potential regulatory or contractual penalty, or worst-case, human life. The risks are far more severe in cyber-physical scenarios, conditions, and environments, more so than the ramifications for traditional IT disruptions.”
“Practical steps should focus on what maintains uptime, operation, and safety. That could be different depending on the environment. Something as simple as a gas-powered generator for a facility in the event of a power outage,” according to Veeneman. “If production capacity and consistency are paramount, then there should be investment in additional production capacity, where a failure can be overcome by shifting workloads. Each organization is going to be different, but they all need to go through the exercise to determine the priorities.”
He added something to consider is that over the past ten years, natural disasters have exacted a far greater toll on critical infrastructure throughout the world than any cyber threat. Current weather patterns and models would indicate this trend will continue.
“Manufacturers today must strike a delicate balance between ensuring uptime and building cybersecurity resilience. This starts by unifying IT and OT security under one umbrella—eliminating silos and enabling coordinated responses,” Rowe said. “Security should have its own budget and be positioned as a business enabler, not just a compliance function. Documenting legacy systems is critical, enabling defense-in-depth without disrupting operations.”
She added that uptime and cybersecurity don’t have to be competing priorities—when security is embedded into operations, they work hand in hand.
Gonzalez noted that a big challenge is integrating cybersecurity without compromising availability or production continuity, but it is highly dependent on business alignment and prioritization. “If there is no synergy between IT, cybersecurity, and OT, then it goes nowhere.”
He added that many OT environments still operate with minimal change tolerance, so it is practical to include risk-based segmentation, patch prioritization, OT security monitoring, and phased implementation of security controls. In addition, building cross-functional collaboration between IT, OT, and security teams is essential to align risk management with uptime goals.
Building supply chain security to enhance manufacturing resilience
With growing digital interdependence, the executives discuss how manufacturers can better secure their supply chains against cyber threats, examining the most effective strategies for assessing and managing third-party risk.
“Cybersecurity marketing and sales present organizations with Zero Trust ‘flavor of the month’ when in actuality, everyone seems to be trusting quite a bit when it comes to the supply chain,” Veeneman said. “Organizations need to review and understand their various supply chain tiers to align prioritization of resources and response planning. Yes, the organization has an obligation to audit third-party service providers, process engineering partners, and external vendors involved in operations.”
He added that there is also the component or equipment supply chain. “Does the organization conduct asset baselining of equipment? Zero Trust and supply chain risk are not specific to IT-centric remote access, least privilege, monitoring, logging, etc. It also means performance qualification of equipment, does it perform as expected, are there anomalies, unintended behaviors in real production conditions? Some of these activities should be done continuously over time to proactively identify deviation, determine response and remediation, and ensure consistent expected operation.”
Rowe mentioned that as manufacturers grow more digitally interconnected, third-party risk becomes a central concern. “Leveraging frameworks like IEC 62443 provides a foundation for vendor trust zones, secure communications, and lifecycle oversight. Vendor assessments must begin before contracts are signed, evaluating cybersecurity maturity and breach history. Standardizing security requirements in contracts and conducting annual audits with follow-up actions helps ensure long-term compliance and reduces blind spots in the supply chain.”
“Manufacturers face significant risks from third-party software, firmware, connected vendors, and equipment suppliers,” Gonzalez observed. “Effective strategies include conducting supplier security assessments, regardless of whether an existing relationship exists or not, enforcing contractual security requirements, and using continuous monitoring platforms for vendor behavior. Also, consider a tiered risk classification methodology for vendors and their key components that you use in your environment to manage risk.”
Bridging human factor and talent gap across manufacturing sector
From phishing to social engineering, the human element continues to be a major cybersecurity vulnerability. The executives explore the critical role of employee training and examine how the manufacturing sector is addressing the ongoing talent gap in industrial cybersecurity.
Veeneman identified that if phishing email or social engineering attempts can lead to process control manipulation, the problem isn’t just the user—it’s a failure in architecture and safeguards.
“Employee training is important, but most organizations aren’t sure where that training or education is going to come from, or where to get it,” he added. “Individuals can increase their skill set with certifications from the International Society of Automation (ISA), SANS Institute, and GIAC. While these courses aren’t equivalent for control systems experience, they can provide a broad foundation and guidance for personnel responsible for operations security, safety and productivity.”
Noting that post high school education presents challenges facing technical colleges and universities, where process control and engineering are one camp, and security in another, Veeneman added that only in recent years has curriculum development started moving toward merging the two, or cross-pollinating courses, to a blended ‘industrial cybersecurity.’ “Idaho National Lab (INL) has established the strategic initiative Cyber-Informed Engineering (CIE) to integrate cybersecurity into engineering practices for critical infrastructure, as well as Consequence-Driven Cyber-Informed Engineering (CCE), a methodology for security critical infrastructure systems.”
Rowe said that phishing and social engineering remain persistent threats. “While annual employee training is standard, educating leadership is where real impact happens. Executive alignment ensures budget, policy enforcement, and cultural integration. Bridging the gap between cyber operations and business leaders through tabletop exercises and business-focused training allows security to be viewed as a pillar of resilience, not just a technical hurdle.”
“Human error remains a top vector for breaches, making ongoing training critical. Effective programs go beyond annual modules to include scenario-based drills and OT-specific awareness,” according to Gonzalez. “To address the industrial cybersecurity talent gap, we need to invest in upskilling OT engineers, partnering with academia, cross-train, and fostering programs that bridge IT and OT cybersecurity disciplines. Our current talent pools are either lacking or aging out, so we need younger generations to gain interest, start learning, and take over.”
Adopting zero trust and AI to revolutionize industrial cybersecurity
As AI, automation, and smart factory initiatives evolve, the executives examine how emerging technologies, such as zero trust architecture and AI-driven threat detection, are reshaping the landscape of industrial cybersecurity.
“Bruce Schneier put it well, ‘No one doubts that artificial intelligence and machine learning will transform cybersecurity. We just don’t know how or when,’ Veeneman said. “The same exists for industrial cybersecurity. AI and large language models are well suited to sifting through mountains of logs, identifying subtle anomalies in real time, even in legacy systems, potentially shifting cybersecurity from reactive to proactive, enabling faster response and better resilience.”
He added – will AI live up to the hype? “Possibly. Cloud, Big Data, Blockchain, each came along, purported to be all things to all people. Once the dust settled, and the marketing high wore off, we had a clearer understanding where each best fit. AI will likely chart a similar course within manufacturing and other industries. There may be more immediate opportunities related to uptime, productivity, and safety, more specifically HAZOP, PTA, and FMEA, where private organizational AI models can be trained, loaded up with the organization’s operational data, and provide analytics for safeguarding of operations, identify vulnerabilities across OT assets, and greatly reducing time and resource to lay out effective strategies.”
“Emerging technologies like AI-driven threat detection and Zero Trust architectures promise a new era of industrial cybersecurity—but most manufacturers are still focused on maturing foundational controls,” according to Rowe. “For cloud-enabled environments, AI can already assist with anomaly detection, threat triage, and secure software development. Long-term, manufacturers can train custom large language models to support knowledge sharing and decision-making—transforming AI from a buzzword into a practical tool.”
Gonzalez mentioned that emerging technologies are enabling proactive defensive and offensive tactics. AI-driven capabilities may enhance threat detection visibility into anomalies across IT and OT, but they also allow attackers to create effective attack measures. “Zero trust is gaining momentum by redefining perimeter models that enforce identity, device posture, and least privilege access. As smart factories scale, these technologies provide scalable and adaptive protection for hyper-connected systems.”
Looking ahead: Anticipation builds for Industrial Cyber Days
Lastly, the executives share what they are most looking forward to at the upcoming Industrial Cyber Days Manufacturing event.
Veeneman said it’s hard to focus on any one thing. “This is shaping up to be a great event, with an amazing lineup of presenters and expert panels with valuable insights into consequence-based risk management, integrated security architectures, and supply chain resilience. Looking forward to the whole experience, learning, sharing and connecting with other industry peers and leaders,” he added.
“At the upcoming Industrial Cyber Days Manufacturing event, I’m most excited to reconnect with colleagues, exchange lessons learned, and stay current on evolving strategies,” Rowe said. “It’s a vital space for peer engagement and shared problem-solving—critical as we navigate the future of industrial cybersecurity together.”
Gonzalez said he is looking forward to engaging with peers who are shaping the future of secure manufacturing. “I find it valuable to exchange practical insights, learning about innovative solutions, and advancing collective resilience across the industrial sector,” he concluded.
