Nation-state cyber threats are no longer confined to government networks or utility grids. Manufacturing environments have become high-value objectives for adversaries seeking to disrupt economies, create geopolitical leverage, or steal intellectual property.
The reason is simple.
Manufacturing networks sit at the intersection of physical production and digital control and they’re often poorly defended. In recent conversations with CISOs, OT engineers, and plant managers, a common theme surfaces; while digital transformation is reshaping operations, cybersecurity hasn’t kept pace. Manufacturing systems remain uniquely vulnerable, and most organizations are struggling to close the gap.
One CISO told me, “We’ve made massive investments in automation, but my OT team is still using firewalls we put in place over a decade ago. That’s our weak link.” Another engineering lead shared, “We have vendors remote into our systems regularly, and I honestly couldn’t tell you how secure those connections are.” And these aren’t isolated concerns.
Harsh Realities
Security in manufacturing faces many challenges. First, the equipment itself presents a challenge. Industrial control systems (ICS) were never designed with cybersecurity in mind. Many run outdated operating systems that can’t be patched or upgraded. Some don’t support basic authentication. Others still rely on hardcoded passwords. These systems can’t be protected with traditional IT security tools without introducing unacceptable operational risks.
Second, the sector relies heavily on third-party vendors, contractors, and OEMs for maintenance and troubleshooting. These users often need remote access to critical systems with little advance notice. But granting access quickly doesn’t always align with enforcing security best practices. When a vendor connects through a legacy VPN or jump server, it may expose the entire network even if their access should be limited to a single device.
Third, the industry’s focus on uptime creates an unspoken tension with security. In many environments, taking a system offline to install new controls or perform a security review is seen as a bigger risk than doing nothing. Unfortunately, this attitude creates ripe conditions for attackers to exploit.
Today’s threat landscape reflects this.
Ransomware remains a dominant tactic, particularly variants tailored to disrupt physical operations. We’ve seen increasing attempts by well-resourced adversaries to gain a foothold in manufacturing networks via insecure remote access tools. In some cases, these intrusions remain undetected for weeks. In others, the attack escalates quickly, halting production and causing reputational and financial damage.
These risks are worse where legacy protocols such as RDP, SSH, and VNC are in use. While necessary for managing industrial assets, these protocols are frequently exposed to the internet or accessible through insecure tunnels. If an attacker gains access to one of these sessions, they can move laterally within the environment, harvest credentials, and potentially take control of safety-critical systems.
Many organizations have obviously tried to adapt IT-centric security tools to solve this problem. They use VPNs or IT-PAM systems originally built for corporate environments, hoping they will translate to the networks on the factory floor. But these tools often fall short. They assume modern infrastructure, centralized identity systems, and users who can tolerate security friction. Manufacturing doesn’t work that way.
A Different Approach
It starts by treating access as a frontline security issue, not just an IT function. Insecure access is how most attacks begin. Therefore, it must be the first problem addressed. Forward-looking manufacturers are adopting access control strategies specifically tailored for operational environments.
Instead of granting persistent access or using outdated VPNs, they are implementing models that enforce access by role, time of day, and purpose. When a third-party technician needs access, it is authorized only for the task at hand, only for the system required, and only for the window of time necessary.
They are also adopting tools that separate user devices from critical systems entirely. This concept, often called protocol isolation or “disconnected access,” ensures that even if a contractor’s laptop is compromised, the attacker cannot directly connect to the control network. It removes the most common path for lateral movement into the network on the factory floor.
Session observability is also essential. Real-time monitoring of remote access allows administrators to supervise vendor sessions, intervene when needed, and maintain detailed logs and even session recordings for compliance, training, and investigations. This level of visibility is crucial when working with third parties across multiple facilities.
The good news is that these changes do not require a rip-and-replace strategy. They can be layered into existing environments with minimal disruption. In fact, some of the most effective solutions are designed specifically to work within the constraints of legacy systems and air-gapped networks. They don’t require new identity systems or cloud connectivity. They simply give organizations a better way to control who can access what, when, and how.
What manufacturing leaders need to understand is this: access to their critical systems is not just a productivity enabler, it is a strategic control point. If access is left unmanaged or overly permissive, it becomes a liability. But when done right, it becomes a powerful tool for reducing cyber risk, maintaining better uptime, and proving compliance.
From these conversations with security teams across the sector, this realization is beginning to take hold. The next step requires action. The tools and frameworks exist. The awareness is growing. What’s needed now is prioritization and commitment.
In the end, the question isn’t whether manufacturing will remain a target. That’s already settled. The real question is whether organizations are prepared to defend their operations by rethinking the most fundamental element of their security strategy: access to their critical systems.