Sector Analysis

Sector Under the Microscope: Cyber Security for Manufacturing

> series: sector_under_the_microscope —— part: 05/10 —— sector: manufacturing —— risk: production_line_shutdown<span class="cursor-blink">_</span>_

Hedgehog Security 25 December 2025 12 min read
manufacturing ot-security ics scada operational-technology penetration-testing sector-analysis series
Part 5 of 10

When cyber meets physical, production lines stop.

Manufacturing is undergoing a digital transformation that is simultaneously creating enormous efficiency gains and enormous security risks. The convergence of IT (information technology) and OT (operational technology) means that the same network that carries email and ERP data increasingly also carries commands to programmable logic controllers, industrial robots, and production line systems. A ransomware infection that once would have disrupted office productivity now has the potential to shut down physical production.

This article examines the specific cyber threats facing UK manufacturers, the unique challenges of securing environments where IT and OT converge, and the testing priorities that protect both data and production. Our experience testing industrial control systems directly informs our approach.

Threats
Recommended

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call

What targets manufacturing.

Ransomware Targeting Production
Ransomware that reaches OT systems can halt production lines, disable quality control systems, and force manual operation of automated processes. The cost of downtime — often thousands of pounds per hour — creates intense pressure to pay ransoms. Notable incidents include attacks on Honda, Norsk Hydro, and JBS Foods.
Intellectual Property Theft
Manufacturing firms hold proprietary designs, production processes, formulations, and trade secrets that competitors and nation-state actors actively seek to steal. APT groups including <a href="/blog/apt1-the-persistent-data-hoarder">APT1</a> have historically targeted manufacturing for industrial espionage at massive scale.
Supply Chain Attacks
Manufacturers are both targets and vectors in supply chain attacks. A compromised manufacturer can introduce vulnerabilities into products shipped to thousands of customers — and a compromised supplier can introduce malware into the manufacturer's production environment.
OT/ICS Exploitation
Industrial control systems — PLCs, HMIs, SCADA platforms — were designed for reliability and safety, not security. Many run legacy protocols without authentication, use default credentials, and are accessible from the corporate network. Our <a href="/blog/from-the-hacker-desk-default-credentials-ics">ICS engagement article</a> demonstrates the consequences.
The IT/OT Boundary

Where the real risk lives.

The most critical vulnerability in most manufacturing environments is not a specific CVE or misconfiguration — it is the boundary (or lack thereof) between the IT network and the OT network. When these networks are properly segmented, a compromise of the office email system cannot reach the production floor. When they are not — which is the case in a significant proportion of the manufacturers we test — a single phishing email can provide a path from the inbox to the industrial control system.

Our network penetration testing includes specific assessment of IT/OT segmentation — verifying that firewall rules, VLAN configurations, and access controls genuinely prevent lateral movement between corporate IT and production OT systems. The findings are frequently sobering.

Testing Priorities

Security priorities for manufacturers.

Recommended Testing Programme for Manufacturing
── Priority 1: IT/OT Segmentation Validation ────────────
Verify network segmentation between IT and OT
Test firewall rules at the IT/OT boundary
Attempt lateral movement from corporate to production

── Priority 2: External Perimeter ────────────────────────
External infrastructure penetration test
VPN and remote access assessment (especially for engineers)
Cloud and ERP system configuration review

── Priority 3: OT Security Assessment ────────────────────
ICS/SCADA security review (non-invasive where required)
Default credential audit on PLCs and HMIs
Remote access to OT (vendor connections, jump servers)

── Ongoing ────────────────────────────────────────────────
24/7 SOC monitoring across IT and OT (socinabox.co.uk)
Annual penetration testing and Cyber Essentials renewal
Supply chain security reviews for critical vendors

For manufacturers in the defence supply chain, Cyber Essentials Plus is typically a mandatory requirement from prime contractors. For all manufacturers, SOC in a Box for Engineering and Manufacturing provides continuous monitoring that covers both IT and OT environments.

Up Next

Part 6 preview.

Next week, we examine the construction sector — an industry where project data, building management systems, and the proliferation of connected sites create a security challenge that most construction firms are only beginning to recognise.

Manufacturing Security

Testing that protects the production line.

We deliver penetration testing for manufacturers that covers both IT infrastructure and OT/ICS environments. Our methodology is designed for manufacturing constraints — non-invasive testing where production safety requires it, and comprehensive reporting that addresses both cyber risk and operational impact.

Commission a Test Next: Construction
Next Step

Not sure where to start?

We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.

Free Scoping Call
Keep Reading

Related Articles

Sector Analysis 12 February 2026

Sector Under the Microscope: Submersible Drone and AUV Security

The final part of our Sector Under the Microscope series. An examination of the emerging cyber security threat landscape for submersible drones and autonomous underwater vehicles (AUVs) — acoustic communications interception, navigation spoofing in GPS-denied environments, firmware vulnerabilities in subsea platforms, data exfiltration from survey payloads, and the unique security testing challenges of underwater autonomous systems.

submersible-drones auv-security
14 min read
Sector Analysis 5 February 2026

Sector Under the Microscope: Aerial UAV and Drone Security

Part 11 of our Sector Under the Microscope series. A comprehensive examination of the cyber security threat landscape surrounding aerial UAVs and drones — covering command link hijacking, GPS spoofing, telemetry interception, firmware exploitation, data exfiltration from captured imagery, and the security testing methodology for organisations deploying commercial drone operations.

uav-security drone-security
14 min read
Sector Analysis 29 January 2026

Sector Under the Microscope: Cyber Security for the Defence Supply Chain

The final part of our Sector Under the Microscope series. Cyber threats and security requirements facing UK defence and engineering supply chain organisations — MoD supply chain requirements, Cyber Essentials Plus mandates, DEFCON 658, nation-state targeting, and the security posture expected of organisations handling defence-sensitive information.

defence engineering
13 min read
All Posts Get in Touch