Gyala recognized as  Sample Vendor in the Gartner's document“Emerging Tech: AI in CPS Security”  Read

Cybersecurity in Manufacturing:

What to keep track of

The manufacturing sector continues to be at the top of the most targeted lists: not because it is “weak”, but because it is strategic.
Intellectual property, long supply chains, and plants that cannot afford downtime are all targets that attackers find interesting and consider increasingly attractive attack surfaces.
In the final months of 2025, this is even more evident: incidents do not only threaten system availability, but the entire operational continuity that sustains business.

In this scenario, talking about “best practices” is no longer enough if, once consulted, we do not link them to the only goal that truly matters: building resilience where production happens.

Frameworks and Official Guidelines

In 2025, NIST published the new Cybersecurity Framework 2.0 Manufacturing Profile (NIST IR 8183 Rev. 2), which outlines the six core functions — Govern, Identify, Protect, Detect, Respond, Recover — specifically tailored to the manufacturing sector.
This helps companies structure cybersecurity programs targeted to the needs of industrial systems, integrating IT and OT functionalities into a single cybersecurity model, whose main characteristics are connection, communication, and consistency.

Additionally, NIST includes a section dedicated to resources aimed especially at manufacturing SMEs, offering training, checklists, and practical tools to support the implementation of security measures.

At the European level, in 2024 ENISA released the first “Report on the State of Cybersecurity in the Union”, with particular attention to supply chains, the implementation of the NIS2 directive, and cyber maturity in critical sectors, including manufacturing. The report highlights the importance of adopting coordinated strategies and strengthening cyber governance at all corporate levels.

Manufacturing-Specific Best Practices (…and don’t forget the opening advice)

Not all measures have the same impact. The 2024–2025 reports consistently focus on several priorities:

  • Advanced IT/OT segmentation: clearly separating operational and administrative networks, with dedicated firewalls, DMZs, unidirectional gateways, and data diodes where lateral movements must truly be limited.
  • Zero Trust applied to the factory: MFA everywhere — even for internal access — and continuous identity verification, including technicians accessing OT systems.
  • Real-time monitoring: AI- and ML-based detection systems capable of identifying anomalies even in ICS/SCADA and legacy environments.
  • Continuous and planned patching: including older systems, with maintenance windows compatible with 24/7 production.
  • Field-tested backups: not just regular backups, but recovery tests with real incident response simulations.

Added to this is a principle all too often overlooked: designing the security program starting from business priorities. Uptime, physical security of plants, protection of intellectual property — everything else should come after, not because it’s less important, but because procedurally prioritizing security ensures continued operations even during an attack.

This implies risk assessments specifically for OT/ICS, strict access controls (MFA, identity management, USB control, limited and logged remote access).

Compliance, NIS2, and Supply Chain Management

European regulations such as the NIS2 directive push toward increasingly strict compliance, with a focus on traceability and supply chain security.
For manufacturing producers, it becomes mandatory to extend cyber governance to the entire digital and physical supply chain, ensuring certified controls and continuous monitoring.

The Cyber Resilience Act also introduces obligations for cybersecurity by design for products with digital components, imposing direct requirements on manufacturers of connected industrial machinery and systems.

Key Threats for Manufacturing in 2025

Threat analysis in 2025 identifies the following as the most dangerous:

  • OT-driven ransomware, with attacks aimed at halting production and causing significant financial and reputational damage.
  • Supply chain compromise via attacks on software or digital component suppliers.
  • IoT/IIoT exposure, with Industrial IoT devices often vulnerable or poorly monitored.
  • Direct attacks on business continuity, with attempts to stop production lines or manipulate critical processes.

The recommended best practices are often architectural and organizational: the use of isolated zones and conduits in OT systems, data diodes, behavioral monitoring and response on ICS, and the execution of joint tabletop exercisesbetween IT and operations teams to prepare for coordinated response scenarios.

Two Strategic Insights

From a communications perspective — one that links technology, governance, and responsibility — two particularly interesting areas emerge:

  1. Integrating NIST CSF 2.0 and NIS2 for Italian manufacturing suppliers: translating “Govern” and “Identify” into concrete responsibilities for the board, plant management, and OT leads.
  2. From IT security to factory security”: explaining how Zero Trust, MFA, and segmentation are transformed when the goal is not just protecting data, but safeguarding PLCs, industrial robots, SCADA, and legacy systems that cannot afford downtime.

The Role of Technology Enabling Cyber Resilience

Building operational resilience in highly complex environments such as OT/IT and IoT — this is the goal of Agger, designed to offer continuous, automated, and customized protection.

Why Agger?

  • Zero-second automated reaction: Agger applies immediate reactions to attacks, even in isolated environments or with limited connectivity, ensuring continuity of production processes without having to wait for human intervention.
  • The only all-in-one platform for IT, OT, and IoT: integrates all essential functionalities — detection, correlation, reaction, risk management — in a single tool, overcoming the limitations of fragmented traditional SIEM and SOAR tools.
  • Active protection even for legacy plants: thanks to agentless monitoring and full compatibility with industrial protocols (such as MODBUS, S7, DNP3, PROFINET), Agger also protects outdated or unpatchable devices often found in factories.
  • Granular customization: detection and reaction rules can be configured for each endpoint or production line, enabling critical dependencies between machines and services to be mapped and acted upon with surgical precision.
  • Compliance integrated by design: Agger fully supports adherence to the strictest regulatory requirements — NIS2, ISO 27001, IEC 62443 — simplifying audits, reporting, and distributed governance, even in high-criticality environments.
  • Military-grade origin and robustness: the platform was born from projects developed for the military sector — a level of reliability uncommon among commercial solutions.

Sources:
https://www.nist.gov/mep/cybersecurity-resources-manufacturers
https://csrc.nist.gov/pubs/ir/8183/r2/ipd