“Cybersecurity vulnerabilities in smart manufacturing systems arise from various sources, including legacy systems, third-party software, and IoT devices. Common vulnerabilities include lax security practices in IoT devices, insufficient monitoring mechanisms, and vulnerabilities in third-party software components”, says Praveen Kulkarni, Director- Security, Risk & Governance, OpenText India in an interview with Sanskriti Ramachandran.

Manufacturers are experiencing a convergence of operational technology (OT) and information technology (IT), which, while beneficial for enhancing productivity, introduces significant cybersecurity threats. The adoption of technologies such as cloud computing, big data, and the Internet of Things (IoT) raises the stakes for potential cybersecurity breaches. As these technologies evolve, so do the vulnerabilities associated with them. The key risks in smart manufacturing are as follows: 

• Increased attack surface: The integration of IoT devices in manufacturing systems expands the number of entry points for cyberattacks. Each connected device can serve as a potential vulnerability, allowing malicious actors to exploit insecure interfaces.

• Supply chain vulnerabilities: Smart manufacturing relies heavily on interconnected supply chains. This interconnectedness can lead to risks if any part of the supply chain is compromised, as attackers can manipulate suppliers to gain access to the larger manufacturing network.

• Insider threats: As digital transformation involves significant changes in workforce roles and access levels, the risk of insider threats increases. Employees may unintentionally expose systems to risks through negligence or may deliberately exploit access for malicious purposes.

• Regulatory compliance risks: Manufacturers are facing increasing regulatory pressures to protect sensitive data. Non-compliance with these regulations can lead to financial penalties and damage to reputation, particularly as industries become more interconnected and data driven.

• Advanced Persistent Threats (APTs): These threats involve prolonged and targeted cyberattacks in which attackers gain access to a network and remain undetected for extended periods. APTs can pose a severe risk to the strategic operations of manufacturers and disrupt critical processes.

• Data integrity and availability risks: Cyberattacks can target the integrity and availability of manufacturing data, leading to disruptions in production schedules, loss of sensitive intellectual property, and operational chaos.

Cybersecurity vulnerabilities in smart manufacturing systems arise from various sources, including legacy systems, third-party software, and IoT devices. Common vulnerabilities include lax security practices in IoT devices, insufficient monitoring mechanisms, and vulnerabilities in third-party software components. As these systems increasingly rely on complex networks and interconnected devices, they create expansive surfaces for potential cyberattacks.

• Operational disruptions: Cyberattacks can lead to operational downtime, which directly affects manufacturing schedules and production rates. A single incident can halt production, leading to costly delays and disruptions in supply chain operations.

• Resource allocation: When vulnerabilities are exploited, organisations often need to divert resources to address security breaches, allocate time for incident response, and restore systems. This diversion can detract from productivity and innovation efforts, making the organisation less agile.

• Compliance costs: Non-compliance with regulations due to security breaches can result in hefty fines and necessitate increased investment in compliance measures. This scenario reduces the resources available for production optimisation, thereby affecting efficiency.

• Data integrity issues: Cyber vulnerabilities can compromise the integrity of manufacturing data, which is crucial for decision-making and operational processes. If data is manipulated or lost due to a breach, it can lead to erroneous decisions and operational inefficiencies.

• Employee engagement: A heightened focus on security due to persistent vulnerabilities can create uncertainty among employees, inhibiting innovation and productivity. When employees are more concerned about security protocols than their work, overall morale and output can suffer.

• Delayed implementation of innovations: The presence of cybersecurity vulnerabilities can slow down the adoption of new technologies and processes in manufacturing operations. Organisations may hesitate to invest in new automation technologies if they perceive a risk of introducing new vulnerabilities into their systems.

To comprehensively evaluate the impact of cybersecurity vulnerabilities on efficiency and productivity, manufacturers should adopt a holistic approach that includes:

• Risk assessments: Regularly evaluating the risk associated with existing vulnerabilities in smart manufacturing systems. Identifying weaknesses proactively can help in mitigating potential impacts before they affect operations.

• Integration of security in development processes: Implementing security measures throughout the development lifecycle of manufacturing applications ensures that systems remain resilient against attacks, thereby protecting both efficiency and productivity.

• Enhanced training programs: Equipping employees with knowledge about cybersecurity best practices can foster a culture of security awareness, ensuring that they contribute positively to maintaining secure manufacturing environments.

Robust cybersecurity regulations offer an organised framework that requires businesses to put particular security measures in place, such as audits, access controls, and encryption, improving defences against online attacks. Regulations that enforce compliance raise responsibility by compelling firms to implement strong risk management and devote resources to cybersecurity, thereby mitigating risks. Penalties serve as a deterrent, promoting compliance with security regulations. Regulations also frequently encourage exchange of information and best practices, standardising security initiatives and enhancing collective defences. There are challenges, too, such as the burden of compliance on smaller businesses, the speed at which cyber risks are developing, and the disparities in laws throughout industries, which can reduce the efficacy of rules and lead to compliance gaps.

Strong cybersecurity measures are becoming essential in India as smart manufacturing spreads throughout industries like electronics, pharmaceuticals, and automobiles in order to safeguard digital assets and maintain business continuity. Advanced technologies like blockchain, AI, and digital twins are being adopted at a faster rate as businesses try to bolster their cyber defences. In order to prevent cyber threats in India's vast network of factories, particularly those connected to Industrial IoT (IIoT), AI-driven predictive maintenance is being used more and more to proactively resolve security flaws in manufacturing equipment.

An important area of study is the integration of information technology (IT) and operational technology (OT) systems in Indian factories. Because of this convergence, production assets—both digital and physical—can be protected from assaults and unwanted access by unified cybersecurity frameworks. The strategy is in line with India's larger drive for Industry 4.0 adoption, where digital twins, real-time analytics, and collaborative robots (cobots) enhance factory safety and operational efficiency while facilitating safe and smooth human-machine interactions. In addition to assisting Indian firms in protecting their operations, these advancements are positioning them as robust and competitive participants in the global industrial scene.

OpenText's solutions focus on ensuring secure data management across interconnected networks of suppliers, manufacturers, and devices. For instance, the OpenText Business Network helps Indian manufacturers achieve secure and efficient B2B integration, enhancing data quality and operational insights while mitigating cyber risks. As the Internet of Things (IoT) and automation proliferate, manufacturers rely on OpenText’s Extended ECM and EnCase Endpoint Security to safeguard sensitive data, detect and address threats, and streamline compliance. Additionally, OpenText's Next Gen SOC solution, ArcSight, offers seamless integration for IT and OT security monitoring, enhancing visibility and response across critical systems. OpenText Voltage ensures robust data security and privacy compliance, helping organisations protect sensitive information across diverse environments.

The integration of operational technology (OT) into cybersecurity frameworks is progressing slowly, largely due to the complexities and specialised nature of OT environments. Unlike traditional IT systems, OT environments were not initially designed with cybersecurity in mind; instead, they were built to maximise reliability and operational efficiency, often at the expense of security features like remote monitoring or timely patching. Consequently, securing these systems has become a major challenge, especially as they are increasingly interconnected with IT networks and exposed to new cyber threats.

A key factor in overcoming these challenges is the role of OT vendors, who are uniquely positioned to drive change in the industry. OT vendors need to develop products with security at their core, incorporating features that support real-time monitoring, threat detection, and simplified patch management processes. This shift would make it easier for customers to maintain a secure IT/OT environment, enabling them to monitor and respond to threats without risking disruptions to critical operations. Moreover, by embedding these capabilities directly into OT products, vendors help bridge the security gap between IT and OT, creating a more holistic and resilient cybersecurity posture across interconnected environments.

Ultimately, a proactive stance by OT vendors will not only enhance the cybersecurity of OT systems but also create a smoother, more integrated approach for organisations aiming to protect both their IT and OT assets. This approach will be essential as industries continue to modernise, making it possible for companies to achieve both operational resilience and strong security in digital environments.

Cyberattacks are especially dangerous for sectors like finance, healthcare, manufacturing, energy, and retail that have large digital footprints and high-value data. Due to its valuable financial data and transactions, the finance sector is frequently targeted. Since the healthcare institutions handle sensitive patient data, they are a target for hackers, particularly as the number of digital health records increases. Moreover, due to their reliance on industrial control systems (ICS) and Internet of Things (IoT) devices, which are frequently less secure and vulnerable to targeted ransomware or nation-state assaults, the manufacturing and energy industries are also at risk. Lastly, due to its vast amounts of credit card and personal data, retail is regularly targeted, especially during times when transactions are high, such as holidays.

As well-known companies continue to be impacted by ransomware outbreaks and high-profile breaches, awareness of the negative effects of cyberattacks is growing in India. According to OpenText’s third annual 2024 Global Ransomware Survey, supply chain attacks are widespread with 90 per cent of Indian respondents having been impacted by a ransomware attack originating from a software supply chain partner in the past year. Alarmingly, nearly half of respondents (48 per cent) reported that their company has previously experienced a ransomware attack, with almost three-quarters (73 per cent) of companies experiencing a ransomware attack this year. While awareness of the consequences of cyberattacks is increasing among Indian companies, there remains a critical need for effective training and the implementation of robust cybersecurity practices to mitigate the risks involved.

In the context of smart manufacturing in India, researchers recommend several cybersecurity standards and frameworks that are essential for ensuring robust security measures. Given the unique challenges faced by the manufacturing sector, these standards not only help mitigate risks but also enhance operational resilience.

• NIST Cybersecurity Framework

The NIST Cybersecurity Framework is highly regarded as a baseline for managing cybersecurity risks in both information technology (IT) and operational technology (OT) environments. It provides comprehensive guidelines to help organisations identify, protect against, detect, respond to, and recover from cybersecurity incidents.

• ISO/IEC 27001

ISO/IEC 27001 is a global standard for information security management systems (ISMS) that sets out the criteria for establishing, implementing, maintaining, and continually improving an ISMS. This standard is particularly important for manufacturers as it provides a systematic approach to managing sensitive company information and ensuring its security.

• IEC 62443

IEC 62443 is a series of international standards specifically focused on cybersecurity for industrial automation and control systems. This framework is critical for smart manufacturing environments as it encompasses the security aspects of both IT and OT, ensuring that critical systems remain operational and secure against cyber threats.

• Industry-specific guidelines

Depending on specific manufacturing sectors (e.g., automotive, pharmaceuticals), there might be tailored industry-specific guidelines and regulations that address unique cybersecurity challenges. For instance, certain sectors may have additional standards focusing on protecting intellectual property and sensitive data.

• Cyber Resilience Act (CRA)

The CRA outlines requirements for cybersecurity standards applicable to digital products sold in the market. Although primarily focused on the EU context, its principles can be influential for Indian manufacturers operating in international markets, particularly in ensuring that products meet certain baseline cybersecurity requirements.

• Risk management standards

Manufacturers are encouraged to adopt risk management frameworks to assess and mitigate potential cybersecurity threats effectively. Frameworks that advocate continuous risk assessments and updates in security policies are recommended to adapt to the evolving threat landscape.