• © Yurii Tymchuk | Dreamstime.com
    67ec535680115b32a2a21ca6 Dreamstime Xl 130187908
    1. Technology and IIoT
    2. Cybersecurity

    Cybersecurity Blind Spots Put Manufacturers at Risk as They Modernize

    April 1, 2025
    Legacy networks were built as isolated systems creating hidden vulnerabilities as operations digitally transform.

    America's industrial backbone is at risk as manufacturers rush toward modernization without fully grasping the dangers. The problem lies in the fundamental mismatch between old and new. Industrial control systems (ICS) and SCADA (Supervisory Control and Data Acquisition) networks were built as isolated systems, never meant to connect to the internet. Yet today's drive for digital transformation is forcing these systems online, creating a precarious balance between efficiency and security.

    We're already seeing the consequences of this balancing act. Recently, a Fortune 500 global manufacturer faced a potentially catastrophic vulnerability. In an effort to modernize its production facilities, the company integrated its SCADA network with cloud-based analytics and remote monitoring solutions. But in the process, multiple SCADA endpoints were accidentally left exposed to the public internet. Without strong authentication controls or segmentation, these systems became attractive targets for attackers.

    The implications were critical and far-reaching. Unauthenticated access to SCADA systems meant attackers could potentially manipulate industrial processes, leading to production downtime.

    Since these systems control physical machinery, any breach could create safety hazards, putting workers at risk and potentially damaging valuable assets. The integrity of critical telemetry data was also at stake – unauthorized access could allow attackers to alter parameters, resulting in faulty production output.

    Beyond operational concerns, many industries mandate strict cybersecurity controls for ICS/SCADA through standards like NIST 800-82 and IEC 62443, meaning any security lapses could result in significant fines and reputational damage.

    This is a wake-up call for an industry racing toward digital transformation without fully understanding the risks. The manufacturing sector's embrace of cloud computing and remote monitoring might boost efficiency, but it's also creating vulnerabilities in systems that were never designed to be connected to the outside world.

    The Immediate Threat

    Think about this: The industrial control systems running our factories today were built for an era when physical security was enough—when a locked door and a security guard could keep your assets safe. Now, in our rush to modernize, we're connecting these same systems to the internet, often through poorly secured cloud solutions and remote access tools.

    In the case I mentioned, attackers could have potentially seized control of factory equipment, endangering workers, halting production, or worse—and the company had no idea it was exposed. Traditional security tools missed these vulnerabilities entirely because they weren't designed to spot them.

    It's a blind spot that's becoming all too common in manufacturing, where the lines between operational technology and information technology are increasingly blurred.

    The Blind Spots in Traditional Security

    Despite implementing standard security measures like vulnerability scanners and network monitoring, organizations frequently remain blind to their actual exposure. Consider the case of several major manufacturers whose internet-facing OT assets were discovered during routine external scans. These weren't small oversights—they included exposed programmable logic controllers (PLCs), human machine interfaces (HMIs), and even remote terminal units (RTUs) directly controlling industrial processes. Their internal security teams had no idea these systems were accessible from the public internet.

    Why do these blind spots persist? The root cause often lies in how industrial networks evolve. A vendor might install a cellular modem for remote maintenance, or an engineer might set up a temporary VPN for remote monitoring that becomes permanent. Traditional security tools miss these exposures because they operate on outdated assumptions—they scan known networks, check registered assets and monitor documented systems. But in today's manufacturing environments, where shadow OT and unmanaged connections proliferate, this inside-out approach can leave dangerous gaps.

    Seeing Your Factory Through an Attacker's Eyes

    Manufacturers need to fundamentally rethink how they monitor and protect their industrial systems. The traditional "inside-out" security approach, which relies on internal network scans and predefined asset lists, is no longer sufficient. Instead, an "outside-in" approach examines a manufacturer’s infrastructure from an attacker's perspective.

    This outside-in approach has already proven effective in real-world scenarios. One major manufacturer recently used outside-in reconnaissance to survey its externally exposed systems using OSINT- (open-source intelligence) techniques hackers would deploy to find the best pathways into their organization. This exercise identified multiple internet-facing industrial systems that their traditional security tools had missed, including exposed SCADA endpoints controlling critical production processes, industrial protocol converters providing remote access and human machine interfaces (HMIs) with default credentials still enabled.

    Here’s what to do:

    Examine external exposures first. Since over 80% of breaches involve external actors, start by identifying what's visible from the internet. Look for any internet-facing industrial assets, including controllers, HMIs, protocol converters and remote access solutions.

    Cast a wide discovery net. Don't limit security assessments to known assets or networks. Scan across all business units, subsidiaries and acquisitions to find "shadow OT"—industrial systems connected to the internet without security team awareness.

    Test thoroughly. Conduct comprehensive security testing of all exposed assets, not just those deemed critical. This should include checking for default credentials, unpatched vulnerabilities, and insecure configurations specific to industrial systems.

    Evaluate impact, not just technical severity. When prioritizing which vulnerabilities to address, consider business impact factors like operational dependencies, safety implications and regulatory requirements specific to industrial environments.

    Integrate findings broadly. Ensure that discovered exposures are communicated to all relevant stakeholders—from security teams to operations personnel to executive leadership—to drive coordinated remediation efforts.

    The Hard Lessons

    Some argue that digital transformation's benefits outweigh its risks in manufacturing—and they're right, but only if we prioritize security. While the incident I described had a fortunate outcome with vulnerabilities discovered and fixed preemptively, we may not be so lucky as the attack surface continues to expand.

    Modernization in manufacturing is inevitable, but its success hinges on addressing cybersecurity not just as an IT concern, but as a fundamental operational risk requiring leadership attention. The time to act is now, securing these newly connected systems before attackers exploit them and we learn these lessons the hard way.

    About the Author

    Rob Gurzeev | CEO and Co-Founder, CyCognito

    Rob Gurzeev, CEO and co-founder of CyCognito, has led the development of offensive security solutions for both the private sector and intelligence agencies.

    Prior to founding CyCognito, he was director of offensive security and head of R&D at C4 Security (acquired by Elbit Systems) and the CTO of the Product Department of the 8200 Israeli Intelligence Corps. Honors that he received as an Israel Defense Forces officer included Award for Excellence, the Creative Thinking Award and the Source of Life Award.

    Continue Reading

    Sponsored Recommendations

    Voice your opinion!

    To join the conversation, and become an exclusive member of IndustryWeek, create an account today!

    New

    MEP Featured Image

    ID 19257234 © Anton Starikov | Dreamstime.com
    dreamstime_xxl_19257234
    Bazooka Candy
    new_game_019_screenshot
    Kubota's Agri Concept 2.0 EV tractor also features autonomous operation..

    Most Read

    Sponsored