Navigating the complexities of manufacturing security in a connected world 

Corporations in the manufacturing sector are grappling with a sophisticated and pervasive cyber and operational technology security threat landscape, driven in part by the sector’s drive towards greater connectivity. This was a key message from a recent webinar hosted by Manufacturing Today, which brought together experts from the industry to dissect the growing security challenge and explore potential solutions. 

The webinar featured insights from Kathy Olsen, Global Director of Information Security at Packsize International; Tammy Klattz, Chief Information Security Officer at Trinseo; and Jim Cooper, Director Technology and Cyber Security and Tyler Brown, Product Manager from Pavion, a global security partner and the webinar’s sponsor. 

The evolving threat landscape 

While essential for optimizing operations and enabling data-driven decision-making by bringing operational technology data into the enterprise, the industry’s hunger for connectivity often involves integrating legacy systems never designed with modern security protocols in mind. These assets, built primarily for resilience, speed, and accuracy, often can’t be easily patched or secured with standard IT controls. Operational technology includes the hardware and software that monitors and controls physical infrastructure, as well as the associated electronic components including video surveillance, access control, fire alarm, life safety, and business and critical communications infrastructure. This creates significant potential entry points for malicious actors. 

In some instances – such as in chemical production – security breaches could have severe physical safety consequences, in addition to the potential for disruption and financial losses. External factors, like supply chain vulnerabilities and third-party risks, also represent significant threats. As one speaker noted, a manufacturer may not be the primary target, but rather a conduit for attacks on downstream consumers. The SolarWinds incident was cited as a pertinent example of such supply chain compromise. 

Common vulnerabilities observed include the persistent use of default or weak passwords, hard-coded credentials, exposed APIs, and unmanaged firmware updates. Attackers, increasingly leveraging AI and advanced toolsets, view manufacturing sites as attractive targets due not necessarily to sensitive data, but for their critical operational nature. The primary objective is often a ransomware attack, as operational availability is paramount for production. 

Bridging the communication gap 

Effectively communicating the need for security investments to both operational staff and senior leadership is a significant hurdle, webinar participants agreed. On the factory floor, the priority is production and system availability, leading to staff perception of security measures as a hindrance among staff. It is critical to explain the ‘why’ behind security requirements and acknowledge the importance of availability in this context. 

Conversely, discussions with senior leadership and the board must be framed in terms of business risk. This involves detailing potential consequences, assessing likelihood, and using relatable industry examples of past incidents and their tangible impacts, including significant financial loss from outages and secondary damage to reputation and brand. 

Regulations, while adding complexity, can also serve to underscore the necessity of security investments, particularly as reporting requirements increase. As one speaker advised, demonstrating understanding of the operational context and site specifics is vital for building trust and fostering a culture of reporting similar to existing safety protocols. 

Strategies for detection, prevention, and response

Addressing these threats requires a layered approach. Foundational IT controls like email gateways and VPNs remain important, particularly as devices may traverse between IT and OT environments. In the OT space, agentless solutions are necessary, often involving monitoring network traffic flows using taps to detect anomalous behavior, with AI playing an increasing role in this analysis. Network segmentation is critical to limit lateral movement within the network. Secure remote access protocols and rigorous vetting of third-party vendor devices are also essential safeguards. Fundamentally, limiting unnecessary internet access from OT environments is a key control. 

Recognizing that breaches are increasingly likely necessitates a strong focus on detection, containment, and rapid recovery. Practicing response capabilities through tabletop exercises involving stakeholders and operational staff can help ensure plans are realistic and effective in a real-world scenario. Integrators, like Pavion can provide valuable assistance by conducting risk and security assessments to ensure your infrastructure is protected. 

Addressing integration complexities 

Implementing advanced security measures is complicated by the inherent challenges of integrating disparate systems. Different protocols and data formats require middleware or translators. Manufacturers may expose data in varied ways, requiring significant effort to achieve data normalization. Partnering with an industry leading integrator, like Pavion, can play a key role in navigating these complexities securely, requiring a ‘cyber-forward’ mindset to consider potential data manipulation risks. Beyond technical hurdles, human error, omissions, and failing to consider edge cases (‘layer eight problems’) are frequent contributors to integration issues. Managing security controls across potentially thousands of devices adds significant logistical burden. 

AI, automation, and physical security 

Given that attackers are leveraging AI and automation, defenders must do the same to keep pace with accelerating attack timelines. AI is particularly useful for detecting anomalies in network traffic. While automated response is promising, caution is warranted due to the potential for physical consequences if systems are abruptly impacted. 

Physical security, though, remains the indispensable first line of defense. If an attacker gains physical access to critical infrastructure like the Distributed Control System (DCS) location or network closets, many network security controls can be bypassed. Maintaining robust physical access controls, encouraging a culture of vigilance (e.g., challenging unknown individuals), and performing lifecycle management on physical security devices (like access badges) are vital steps. 

Practical recommendations for improvement 

Practitioners seeking to enhance security should start by aligning initiatives with the broader business strategy, understanding both leadership priorities and operational realities. Identifying and protecting assets critical to core business processes is paramount. Fundamental security hygiene, such as network segmentation and securing remote access, must be prioritized. 

Specific actionable advice included eliminating default credentials and hardening firmware and operating systems on devices. Conducting penetration tests using a reputable provider, was highlighted as a powerful method to demonstrate potential impacts and gain stakeholder attention. 

Borrowing from lean principles, a continuous improvement approach was recommended: use assessments to establish a baseline, identify high-impact, low-effort improvements, implement them, and measure progress to demonstrate quick wins. Engaging with industry peers provides valuable shared insights. 

Finally, implementing standard deployment guidelines for vendors and system integrators working on manufacturing equipment can help embed security best practices incrementally, focusing on making small, consistent improvements rather than attempting disruptive, large-scale overhauls. 

Partner content 

Thank you to our sponsor, Pavion, who specializes in delivering comprehensive fire, physical security, monitoring, and integration solutions tailored specifically to high-performance manufacturing environments. It understands the complexity of securing mission-critical infrastructure while supporting speed to market, uptime, and operational resilience. 

For over 50 years, Pavion has been at the forefront of fire, security, and integration solutions, helping data centers mitigate threats and ensure business continuity. It is located in 23 countries and 70 locations in the USA and its experience spans: 

AI-Driven Video Surveillance: Advanced analytics detect, deter, and respond to potential threats in real time 

Advanced Access Control: Multi-layer authentication, biometric security, and compliance-driven access management 

Fire & Life Safety Systems: NFPA, UL, and ISO-compliant solutions that ensure uninterrupted operations 

Advanced Proactive Video Monitoring: Continuously monitoring, proactively identifying and minimizing cyber security risks 

Integration with IT & Cybersecurity: Unified security solutions that bridge physical and digital threat management 

Contact Pavion at inquiries@pavion.com to schedule a site and risk assessment to keep you systems and facility safe and secure.