Why modern factories remain dangerously exposed
Manufacturers invest heavily in IT security, cloud controls, and compliance frameworks. Yet once you step onto the shop floor, a different reality often appears. Industrial environments still contain machines that communicate openly, without encryption, authentication, or access restrictions. In many cases, anyone connected to the network can not only read data, but also control equipment.
This is not a fringe issue. It is widespread, including in large deployments and long-running production systems. The risk is not theoretical. It combines cybersecurity exposure with physical safety consequences.
OT environments were not designed for today’s threat landscape
Most industrial machines were built for reliability and longevity, not adversarial environments. Open ports, unauthenticated protocols, and flat networks were once acceptable assumptions. Today, they represent critical vulnerabilities.
What makes this more dangerous is convergence. As IT, OT, and IoT systems become interconnected, weaknesses in one layer expose the others. A compromise that starts as a data breach can escalate into a production incident—or a safety event—because control paths remain unprotected.
Basic protections are still missing
The most striking insight is that many incidents could be prevented with fundamentals that are well understood but unevenly applied:
- network segmentation between IT and OT,
- restricted east-west communication on the shop floor,
- access controls that limit who can interact with machines,
- and visibility into what traffic is allowed to flow where.
In some environments, security is so permissive that attackers would not need advanced techniques. Physical access to the network—or even a compromised laptop—can be enough.
Over-securing can be just as harmful
At the opposite extreme, some manufacturers respond by locking systems down so tightly that innovation stalls. Projects are delayed, pilots never reach production, and teams work around security controls instead of with them.
This creates a false choice between security and progress. In reality, both are required. Industrial environments must support connectivity while enforcing clear rules about what communication is allowed. Security architectures that block everything by default without understanding operational needs often end up bypassed.
The human factor remains a critical risk
Not every threat comes from sophisticated attackers. Simple methods still work: removable media, social engineering, or impersonation. Employees on the shop floor are rarely trained to detect these risks, even though they operate systems with direct physical impact.
As AI-enabled attacks become more common, impersonation and manipulation will grow harder to detect. Voice, video, and message-based deception already challenge traditional authentication assumptions. Manufacturing environments will not be immune.
Safety, not just data, is at stake
Unlike purely digital systems, industrial cybersecurity failures can cause physical harm. Manipulated robot behavior, altered machine parameters, or disrupted safety systems put people and equipment at risk.
This elevates cybersecurity from an IT issue to an operational responsibility. It must be treated with the same rigor as mechanical safety, process control, and quality assurance.
What manufacturers need to change
The path forward is not exotic technology. It is a disciplined implementation:
- clear segmentation between systems,
- explicit rules for machine communication,
- controlled access to operational interfaces,
- and continuous awareness that connectivity and control are inseparable.
Manufacturers that address shop-floor security realistically, not symbolically, reduce both cyber risk and operational risk. Those who do not will continue to rely on assumptions that no longer hold.
Sponsored by Cybus
This article is based on discussions from an IIoT World Manufacturing Day session focused on data sovereignty in manufacturing, sponsored by Cybus. Insights were contributed by Peter Sorowka, Marc Jäckle, Martin May, Aleksandar Hudic, and moderator Lara Ludwigs.