With continuously increasing cybersecurity risks, manufacturers need to secure their OT systems with the same rigour that they protect IT systems. But as Mark Venables discovers, that is easier said than done.
Manufacturers are increasingly vulnerable to cybersecurity threats in an era of digital transformation. Operational Technology (OT) environments are undergoing a significant shift, making it crucial to apply the same cybersecurity rigour as has long been the norm in Information Technology (IT) systems. However, this is no simple task. OT environments are rapidly evolving, and identifying every asset, let alone securing them all, is a major challenge. Finding staff with expertise in both OT and cybersecurity is even harder.
A widening threat landscape
Cybersecurity in manufacturing has never been as critical as it is today. “OT environments have evolved significantly over the last few decades,” Mike Bayer, Director, Industrial Cybersecurity and Production Optimisation Capabilities, explains. “Unlike IT systems, which tend to undergo regular updates, manufacturing environments might still run legacy systems developed 20, 30, or 50 years ago. You might have different systems from various vendors, all with different versions, just like having Windows 3.1, XP, 2000, and newer versions all running simultaneously. This diversity of systems is a major challenge for manufacturers aiming to secure their networks.
“The plant floor is becoming more and more connected. Everything has sensors that give feedback to control systems, generating data constantly. This connectivity expands the threat landscape and makes manufacturing systems an attractive target for financially motivated threat actors. The cost of downtime is significant, whether it’s for producing diapers, alcohol, or pharmaceuticals, and attackers know it.”
Other factors compound the risk associated with legacy systems. OT specialists on plant floors are often not trained in cybersecurity, and there are fewer workers to maintain the ageing infrastructure. “You might not even know where all your assets are because those responsible for implementing them 15 years ago are gone, and the documentation they left behind was often handwritten,” Bayer adds. “Uncovering where these assets are and understanding your threat landscape is challenging.”
Building a roadmap through frameworks
With this expanding attack surface, manufacturers must apply structured approaches to mitigate the risk. “We are strong advocates for client frameworks like NIST,” Bayer says, referring to the widely recognised cybersecurity framework developed by the National Institute of Standards and Technology. “Using a framework takes the emotion out of understanding where to start. It is like applying logical frameworks in our daily lives when faced with complex decisions, using data-driven approaches to guide actions rather than guessing.”
The first step in the NIST framework is identifying assets, which is easier said than done in an OT environment. However, Bayer emphasised that manufacturers are left in the dark without this initial step. “If you do not identify your assets, you are essentially guessing the rest of the way along the journey,” he continues. “Once assets are identified, you can begin to protect them through segmentation, deploying firewalls, and setting effective policies. But you cannot stop there; you need to continuously detect new threats and have a plan in place to respond when, not if, something goes wrong.”
The NIST framework serves as a philosophy and mindset, but its true value is realised only when combined with accurate data. Data-driven decisions help ensure that limited resources are spent in the right areas. “We call it data-driven decision-making,” Bayer adds. “The framework of thought is great, but you are still guessing without the data.”
The role of context in risk management
Identifying assets is only one piece of the puzzle. As Rick Kaun, VP of Solutions – Verve, points out, understanding the context in which each asset operates is equally crucial. “Unlike IT environments, where we can make everything homogeneous and use automated tools, OT environments require a more careful approach,” he says. “We need to understand multiple dimensions of the asset, its lifecycle status, its impact on operations, and its vulnerabilities because simply applying a patch without knowing the broader context can be disastrous.”
Kaun shared an example of a pipeline incident in which a well-intentioned update led to a $17 million event because the full context of the affected assets was not understood. “This is why a multidimensional view of assets is so important,” he continues. We need to know the criticality of the asset, the risks it faces, and the existing safeguards to determine a contextual risk score. This score helps clients decide where to allocate their time and resources.”
Rockwell Automation’s platform-based approach provides a centralised view of the entire OT environment. “We gather data from multiple sites into a single dashboard,” Kaun continues. “This allows us to understand emerging risks across multiple facilities, apply consistent security measures, and free up resources that would otherwise be tied up in individual site assessments. By thinking globally and acting locally, organisations can manage risks proactively, ensuring they are prepared to address issues before they escalate.”
The power of proactivity
A proactive approach to cybersecurity is essential in OT environments, where risks are constantly evolving. Kaun highlights a case study involving a large global manufacturing client. Initially, each of the company’s 52 sites was responsible for addressing vulnerabilities independently, resulting in varying success and efficiency levels. By centralising their approach through Rockwell’s platform, they saved seven out of every 10 hours previously spent managing incidents. “Instead of engineers working on a single issue all week, they were back to their regular duties by Tuesday lunchtime,” Kaun explains. “This structured approach allowed them to precisely reduce risk and move from reactive firefighting to proactive, strategic risk management.”
This proactive approach reduces the time and effort needed to manage cyber risks and helps manufacturers better allocate their resources. “We often see violations in secure access or issues with onboarding and offboarding employees,” he concludes. “By moving from a reactive to a proactive stance, we enable our clients to use their resources better, spending them in areas that matter most.”
Data-driven decisions for a secure future
As OT environments become more connected, the potential attack surface for cyber threats continues to grow. For manufacturers to effectively protect their operations, it is critical that they adopt a structured, data-driven approach to cybersecurity. Rockwell Automation’s platform-based framework helps manufacturers identify assets, understand their context, and make informed decisions about risk management, ensuring they spend their limited time and resources where it counts most.
“The pressures on the manufacturing sector are immense,” Bayer concludes. “The threat landscape is vast, and investment in cybersecurity is finite. Data-driven decisions are a powerful tool to guide those investments effectively. Whether segmenting networks, implementing intrusion detection, or managing policy, manufacturers must ensure they put their efforts in the right place, supported by solid data and a structured framework.”
Getting a clearer picture of the threats in OT environments requires understanding the individual assets and the broader context in which they operate. By leveraging frameworks like NIST and embracing data-driven decision-making, manufacturers can confidently navigate the complex landscape of industrial cybersecurity, ensuring their OT environments are as secure and resilient as possible in the face of ever-evolving risks.
