Manufacturing has been ranked as the top attacked industry for three years in a row. According to the IBM X-Force Threat Intelligence Index 2024, manufacturing represents over a quarter (25.7%) of incidents within the top 10 attacked industries. 

Due to the global reach and impact of the manufacturing sector, cyberattacks on these critical infrastructure organizations can cause operational disruptions, data breaches, and financial losses that harm production and supply chains all over the world. 

In this article, we’ll explore the state of cybersecurity in the manufacturing sector, best practices that manufacturing companies can implement to strengthen their resilience, and how frameworks like NIS2 and services like Secureframe can help.

Cybersecurity and manufacturing

Manufacturing companies are prime targets for cybercriminals due to their critical role in the economy and heavy reliance on connected devices and technologies. Their use of both operational technology (OT), such as machines and manufacturing equipment, and information technology (IT), such as servers, storage, and networks used to run applications and manage electronic data also presents security challenges. 

Factors like outdated legacy systems, a lack of cybersecurity personnel, and the rise of OT and IoT vulnerabilities have made manufacturing environments particularly susceptible to cyber risks. Here’s a closer look at some of the unique cybersecurity challenges manufacturers face:

• Ransomware attacks: Ransomware is a prevalent threat in the manufacturing industry, with attackers often targeting organizations due to their dependency on continuous operations. According to Dragos’ 2023 OT Cybersecurity Year in Review report, 71 percent of ransomware attacks targeted manufacturing entities, making it the most impacted sector.
• Legacy systems: Many factories and facilities still operate on legacy systems that were not designed with cybersecurity in mind. These outdated computer hardware, applications, or methods continue to actively be used but require significant overhaul to mitigate risks and meet today's compliance and security standards.
• IoT vulnerabilities: While manufacturers still rely on legacy systems, they are increasingly adopting IoT and connected devices to improve efficiencies and unlock other benefits. This widespread adoption increases the attack surface of manufacturing organizations and can expose production systems to new threats.
• Supply chain risks: Since manufacturers are typically part of complex and intertwined supply chains, cybercriminals often exploit weak links in the supply chain, targeting third parties to access critical systems or data in the manufacturing sector. For example, it is believed that the Dragonfly attacks targeted small companies that supply original equipment manufacturers to ultimately launch attacks against the pharma-biotech sector.
• Workforce limitations: Shortages of trained cybersecurity staff and a lack of industry-specific training contribute to gaps in cybersecurity practices in the manufacturing sector.

As a result of these hurdles and pain points, cybersecurity maturity levels in the manufacturing sector are often low. For example, according to IBM’s X-Force Threat Intelligence Index, 84% of critical infrastructure incidents could have been mitigated with best practices and security fundamentals, such as asset and patch management, credential hardening and the principle of least privilege.

Many manufacturers are still in the early stages of establishing robust cybersecurity programs despite the significant risks they face because of several reasons, including limited budgets, a lack of awareness, and the misperception that implementing cybersecurity practices could interfere with production efficiency. 

However, increasing regulatory pressure is prompting manufacturers to prioritize cybersecurity. For example, the NIS2 Directive aims to strengthen security for critical infrastructure sectors across the EU, including manufacturing, and requires compliance with stringent security controls. Let’s take a closer look at some of these frameworks below.

Cybersecurity frameworks for manufacturing

There are cybersecurity frameworks and regulations that either specifically address manufacturing or can be broadly applied across critical infrastructure sectors to improve their cyber resilience. Here are some notable ones:

NIST Cybersecurity Framework (CSF)

Originally designed for critical infrastructure sectors, NIST CSF is a general-purpose framework that helps organizations across industries, including manufacturing, to identify, protect, detect, respond to, and recover from cyber threats.

Key components of the framework include:

• Organized into six core functions: Govern, Identify, Protect, Detect, Respond, Recover
• Tiers and risk profiles help guide priorities and continuous improvement 
• Flexible and adaptable to all organization sizes, sectors, and cybersecurity program maturity levels

NIST 800-171

NIST 800-171 requires contractors and subcontractors of federal agencies, often within the manufacturing sector, that handle Controlled Unclassified Information (CUI) implement necessary cybersecurity measures to protect CUI data. Manufacturers that are part of the supply chain of federal agencies, such as the U.S. Department of Defense (DoD), General Services Administration (GSA), National Aeronautics and Space Administration (NASA), or other federal or state agencies, must implement the security requirements included in NIST 800-171.

Key components of the framework include:

• 17 control families, covering access control, incident response, risk assessment, and more
• Represent a subset of the NIST 800-53 controls that are necessary to protect the confidentiality of CUI in nonfederal systems and organizations
• Prepares organizations for CMMC certification

ISO 27001 

ISO 27001 is an internationally recognized standard for managing information security risks and implementing an information security management system (ISMS). While applicable across various sectors, ISO 27001 helps protect sensitive information and intellectual property, which is critical in manufacturing.

Key components of the framework include:

• Risk-based approach to managing information security with an ISMS
• Controls divided into four categories: organizational, people, physical, and technological
• Certification pathway for international recognition of commitment to managing information securely

NIS2 Directive

NIS2 is an EU regulation mandating stricter cybersecurity measures for operators of essential and important infrastructure and services, including manufacturing. NIS2 aims to ensure that organizations that manage critical infrastructure take the necessary steps to protect their systems from cyber risks, minimizing the potential for service disruptions that could affect the broader economy and society.

Key components of the framework include:

• Broader scope and stricter requirements than original NIS directive
• Includes risk management, incident reporting, business continuity, and governance measures
• EU Member States required to transpose NIS2 requirements into national legislation

TISAX 

TISAX was developed to streamline information security management and assessments within the automotive industry, where manufacturers frequently handle sensitive data across the complex automotive supply chain. 

Key components of the framework include:

• Three assessment levels with varying information security requirements, depending on the sensitivity of the data and the role the organization plays within the automotive supply chain
• Focus on data protection 
• Certification pathway to ensure information security readiness and ongoing compliance

Cybersecurity best practices for manufacturing

Manufacturers need a proactive cybersecurity strategy to address the sector’s unique vulnerabilities and regulatory requirements. In addition to complying with established security frameworks like the ones above, here are some essential best practices that manufacturers can adopt to strengthen their cyber resilience:

1. Implement network segmentation 

Network segmentation isolates critical systems from less secure areas of the network. This limits the movement of attackers within the network and helps protect production systems. This technique is key for isolating legacy IT systems from the rest of the network, limiting the potential damage and speeding up recovery in case of a successful cyberattack on a legacy system.

2. Secure operational technology (OT) and IoT devices

Manufacturers should monitor and protect OT and IoT devices that are vulnerable to cyberattacks. Regular patching, securing device credentials, and monitoring device behavior for anomalies are crucial.

3. Develop an incident response plan

While you can put measures in place to reduce the risk of cyber attacks, you can’t eliminate the risk entirely so it’s important to have a plan in place to respond as quickly as possible if one does occur. Without one, you may be slow to recover and continue your operations, which can have detrimental impacts particularly in manufacturing. 

For example, German battery manufacturer Varta AG was hit by a cyber attack in February 2024. They had to halt production at five plants for over several weeks, which forced them to postpone the publication of its 2023 financial results and contributed to the decision to lower its yearly revenue targets. 

An incident response plan provides a roadmap for handling cybersecurity incidents and mitigating the negative consequences described above. By identifying roles, responsibilities, and key actions, manufacturers can reduce the impact of a cyberattack and minimize downtime.

4. Regularly conduct vulnerability assessments and penetration testing

Vulnerability assessments and penetration tests help identify weak points in the system, including applications, networks, hardware, social engineering, and outdated legacy systems that an adversary could exploit. By regularly testing security controls and system configurations, manufacturers can address issues before attackers exploit them.

5. Enforce strong identity and access management (IAM) protocols

IAM protocols, including multi-factor authentication (MFA) and least-privilege access, help secure access to sensitive systems and data. Manufacturers should restrict access to production environments and monitor access logs to detect suspicious activity and reduce the risk of shadow IT and other types of unauthorized access to critical systems.

6. Educate employees on cybersecurity risks

In IBM’s X-Force Threat Intelligence Index 2024, phishing was the top initial infection vector, representing 39% of incidents impacting the manufacturing industry. This highlights the need to provide ongoing training and awareness campaigns for employees to reduce the risk of social engineering attacks and other human-factor vulnerabilities.

7. Monitor the supply chain

Manufacturers should evaluate and monitor the cybersecurity posture of their supply chain partners. Implementing strict controls and monitoring vendor security practices can help prevent supply chain attacks.

How Secureframe can improve cybersecurity for manufacturers

For manufacturers aiming to enhance cybersecurity and achieve compliance with widely recognized and respected frameworks like NIST CSF, NIST 800-171, and ISO 27001, Secureframe offers a comprehensive automation solution to streamline compliance tasks, continuously monitor your tech stack and compliance posture, and better understand and manage risks.

Key benefits of Secureframe for manufacturers include:

• Automated compliance for the most frameworks out-of-the-box: Secureframe automates evidence collection and other compliance workflows for the most common security frameworks for manufacturers, including NIST CSF, NIST 800-171, ISO 27001, NIS2, TISAX, and more than 30 others, ensuring manufacturers can quickly and easily get and stay compliant with evolving requirements.
• Continuous monitoring: Secureframe continuously monitors your security controls, automatically identifying compliance gaps, misconfigurations, and failing controls. This enables manufacturers to maintain a strong security and compliance posture and quickly detect and respond to threats. 
• Vulnerability management: Secureframe provides a vulnerability management tool to help improve visibility into vulnerabilities across network, OT, and IoT systems.
• Supply chain risk management: Secureframe provides tooling for complete third-party risk management (TPRM), simplifying the process of identifying, mitigating, and continuously monitoring risks associated with suppliers as well as vendors, contractors, partners, software providers, open source projects, and other external entities. This can help reduce the risk of supply chain and other third-party attacks. 

By partnering with Secureframe, manufacturers can build a strong cybersecurity foundation, reduce risk, and ensure compliance with regulatory frameworks. Schedule a demo today to learn more.