Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Securing Manufacturing Lines from the Inside Out

In today’s industrial landscape, manufacturing stands as the top target for cyberattacks, with more than 25% of all incidents impacting this sector. As manufacturers embrace digitalization and operational technology (OT) convergence, their attack surface expands dramatically. It is no longer a question of “if” a cybersecurity incident will occur, but rather, “How well-prepared are we when it does?”

Understanding the Threat Landscape

Ransomware remains the most prevalent threat, accounting for 68% of cyber incidents in manufacturing. It is followed closely by business email compromise (BEC), which has become increasingly frequent, and account takeovers that grant unauthorized access to networks and SaaS platforms. Web-based attacks, DDoS incidents affecting interconnected systems and insider threats — especially those involving intellectual property theft — further complicate the threat landscape.

The consequences of a cyberattack rarely stay confined to IT. Downtime can ripple across the supply chain, violate SLAs, prompt SEC disclosures and damage brand reputation. For example, one 2023 breach cost a manufacturer 85 million USD and halted operations for over a week.

These risks aren't theoretical. Recent events demonstrate just how disruptive these attacks can be.

Real-World Case Studies

Recent high-profile incidents underscore the growing risks manufacturers face:

  • In August 2023, Clorox disclosed via an SEC filing that it had identified unauthorized activity on its IT systems, disrupting operations at multiple sites. The company filed additional reports in the following months detailing continued production delays and substantial financial losses.
  • In early 2024, Varta, a global battery manufacturer, was forced to disconnect its IT systems from the internet following a cyber incident, halting production for over two weeks as it executed containment and recovery efforts.
  • In August 2024, Halliburton, a global energy services and manufacturing giant, was struck by a ransomware attack attributed to the RansomHub group. The breach disrupted billing and PO processing, resulting in 35 million USD in losses and a 10% stock dip.

Industry-Specific Challenges

Manufacturers face a combination of legacy issues and emerging threats:

  • IT/OT Convergence: The integration of outdated OT systems with modern IT exposes previously isolated environments to new vulnerabilities.
  • Legacy Infrastructure: Aging assets lack encryption support, resist patching and often cannot accommodate modern security tools.
  • Third-Party Vendors: External partners frequently present risk through excessive access privileges and weak security practices.
  • Cybersecurity Talent Gaps: Recruiting and retaining professionals with both cybersecurity and manufacturing expertise remains difficult.

Given these persistent threats and vulnerabilities, manufacturers must take decisive action.

Strategic Best Practices and Evolving Expectations

To stay ahead of adversaries, manufacturers must prioritize proactive strategies and foundational defenses:

  • Conduct regular risk and vulnerability assessments to uncover and remediate weaknesses before they’re exploited.
  • Embrace penetration testing and application assessments to simulate real-world attacks and stress-test infrastructure.
  • Enforce network segmentation and privileged access protections to minimize lateral movement and restrict access to critical assets.
  • Deliver comprehensive security awareness training to help employees recognize phishing, scams and other social engineering threats.
  • Improve business continuity and disaster recovery (BCDR) confidence to ensure swift recovery from disruptions.
  • Strengthen OT network protections through logical segmentation, strict access controls and secured vendor interfaces.
  • Address supply chain security risks by evaluating third-party cybersecurity postures, including upstream and downstream impacts.
  • Maintain thorough vendor risk management with regular audits and clearly defined security requirements in contracts.
  • Align with standards such as ISA/IEC 62443, GDPR and SOC II to maintain compliance and reduce liability. Insurers increasingly look for these controls when underwriting cyber policies, making them essential not only for protection but also for insurability.
  • Incorporate continuous monitoring and threat detection tools to identify anomalies in real time and reduce attacker dwell time. 
  • Establish and routinely test incident response playbooks to ensure coordinated, efficient action during an actual breach.

The Role of Tabletop Exercises

Low-cost and high-return, tabletop exercises provide a safe environment to rehearse incident response. These simulations:

  • Define roles and responsibilities, clarifying who leads, supports and communicates during an event.
  • Validate assumptions about communication and recovery to ensure plans reflect actual capabilities.
  • Expose gaps in policies and procedures, enabling preemptive fixes.
  • Demonstrate organizational readiness to leadership, reinforcing the value of security investments.

Exercises should reflect realistic threats and include both technical responders and decision-makers. When conducted effectively, they set response expectations, reveal vulnerabilities and strengthen cross-functional preparedness. The exercises, processes and tools offered by the Incident Command System for Industrial Control Systems (ICS4ICS) program pool the resources of the broader industrial automation community to establish a playbook for responding to cyberattacks on automation in critical infrastructure. 

Why This Matters

Cybersecurity in manufacturing is no longer a niche IT concern — it’s a core business priority. By addressing industry-specific challenges, improving readiness through testing and embedding security into everyday operations, manufacturers can reduce exposure and recover quickly from inevitable incidents.

As ransomware tactics evolve and global supply chains grow more interdependent, the manufacturers who thrive will be those who prepare not just to withstand, but to adapt and emerge stronger. The cost of inaction is too high — the path forward begins with preparation.


Interested in reading more articles like this? Subscribe to the ISAGCA blog and receive regular emails with links to thought leadership, research and other insights from the OT cybersecurity community.

Jatin Mannepalli
Jatin Mannepalli
Jatin Mannepalli, CISSP, CCSP, is an Information Security Officer (ISO) at IMC Trading with over 10 years of experience in the InfoSec field. He has led information security and risk management teams and worked as a security consultant for major firms like McKinsey & Company. Jatin specializes in security governance, risk management and creating customer-centric, technology-driven security strategies. His approach focuses on aligning security with organizational goals, and he is recognized as a top voice in information security on LinkedIn. He has published articles in DarkReading and SecureWorld, and contributes to cybersecurity by developing ISC2 exams, and volunteers to raise security awareness in local communities. Jatin’s expertise and passion for holistic security management make him a prominent figure in the field, known for his dedication to both organizational success and client satisfaction.

Related Posts

Securing Manufacturing Lines from the Inside Out

In today’s industrial landscape, manufacturing stands as the top target for cyberattacks, with more than ...
Jatin Mannepalli Jul 2, 2025 1:00:00 PM

Understanding the Relationship Between SEMI E187 and ISA/IEC 62443 in Equipment Security Implementation

Introduction In the evolving landscape of industrial cybersecurity, semiconductor manufacturing equipment...
SZ Lin May 30, 2025 1:00:00 PM

Reasons to Prioritize the 2025 ISA OT Cybersecurity Summit

As operational technology (OT) environments grow increasingly complex and interconnected, the cybersecuri...
Kara Phelps May 7, 2025 11:30:00 AM