Manufacturing cybersecurity entering operational era defined by recovery readiness, resilience and production continuity
Publish Date: 2026-05-10 03:11:00
Source Domain: industrialcyber.co
Using an unordered list, summarize the following article with between 4 and 8 key points.
There is a shift underway in how manufacturing cybersecurity is being discussed across regions. The language has changed. It is less about frameworks and far less about ideal architectures, though the tone is more grounded, operational, and at times uncomfortably direct. On May 13, at the upcoming Industrial Cyber Days Manufacturing 2026, that shift is unmistakable, with sessions scheduled throughout the day across APAC, EMEA, and the Americas regions, lead by conversations that will likely converge on a single reality – that the industry is not short on guidance, though it is short on execution.
That distinction matters. It is the gap between knowing what secure manufacturing should look like and being able to sustain it under pressure, across plants, and through disruption. What emerged from the event is not fragmentation, but alignment around where things are breaking down and why.
Manufacturing plants don’t stop. And when something goes wrong, the cost is not merely downtime. It also leads to safety, product quality, severe financial losses, reduced productivity, reputational loss, and disrupted supply chains. That’s exactly what Industrial Cyber Days Manufacturing 2026 is built around. This isn’t another generic cybersecurity conference. It’s practitioner-led. Grounded in the operational realities that manufacturers actually deal with daily, the pressures, and the decisions made on the plant floor when there’s no clean answer.
Sessions dig into how manufacturing organizations respond when cyber incidents disrupt production. How teams manage safe shutdowns. How recovery happens after a cyber event, not in theory, but in practice. There’s real focus on detecting operational anomalies before they spiral into something bigger.
Manufacturing CISOs will share how they’re aligning cybersecurity strategy with operational resilience. Not as separate agendas. As one. The conversations also go into securing engineering access, managing third-party connectivity across production systems, and reducing cyber risk without sacrificing uptime, safety or product quality. That last part matters more than people admit.
And then there’s the peer exchange. Practitioners talking to practitioners. Same challenges. Same floors. Same pressure. Lessons learned are passed across a room instead of being buried in a post-incident report nobody reads, as that’s where the real value sits.
Jonathon Gordon, directing analyst at Takepoint Research
Jonathon Gordon, conference lead and directing analyst at Takepoint Research, will deliver the global welcome and opening remarks at the event. He is expected to frame the discussion around operational resilience, cyber risk, and security decision-making across modern manufacturing environments.
The agenda reads less like a conventional cybersecurity conference and more like an operational stress test for modern manufacturing. Recurring themes are impossible to miss. Recovery over prevention. Operational continuity over compliance checklists. Resilience over visibility alone. Because visibility, it turns out, was never the finish line.
For years, industrial cybersecurity programs revolved around asset discovery. Find every device. Build inventories. Map the network. That work mattered. Still does. But many organizations discovered something frustrating after years of visibility investments. Knowing what exists does not automatically reduce risk.
Dr. Terence Liu, CEO of TXOne Networks
Terence Liu, founder and CEO of TXOne Networks, captures this shift directly in his session ‘Effective OT Security: From Visibility to Action.’ The core argument is blunt. Manufacturing organizations often spend years chasing visibility while operational risk remains largely unchanged. The real challenge is execution. Prioritization. Deploying protections safely without interrupting production. That sounds obvious. Yet it remains one of manufacturing cybersecurity’s biggest unresolved problems.
Factories are not cloud environments. They cannot simply pause operations for sweeping architecture redesigns or large-scale remediation efforts. Downtime costs too much. Safety implications run deeper. Some systems cannot be patched without triggering cascading operational consequences. Others cannot even be restarted easily after a shutdown. And then there is the legacy problem. One that everyone knows exists but rarely talks about honestly enough.
Across industrial environments globally, production still depends on aging control systems designed long before modern cyber threats existed. These systems were built for reliability and uptime, not authentication, encryption, or adversarial resilience. Many continue operating because replacing them is operationally risky, financially difficult, or both.
Richard Springer, director of OT solutions marketing at Fortinet
With architecture emerging as battleground, Richard Springer, director of OT solutions marketing at Fortinet, points to the evolution of attacks. Noting that these are no longer isolated events, they are multi-stage, exploiting supply chains, remote access, and IT-OT convergence with operational risk lying in lateral movement. Clearly, containing these threats requires architectural change. Segmentation, unified platforms, and edge containment are becoming essential. Resilience is no longer just about controls. It is about how systems are designed to limit impact.
Peter Jackson, principal industrial consultant at Dragos and SANS instructor, describes APAC manufacturing as sitting at an inflection point. Years of underinvestment, inherited IT/OT convergence, and limited dedicated OT resources have created structural vulnerabilities that increasingly capable adversaries are exploiting. Importantly, though, the tone is not fatalistic.
Peter Jackson, Principal Industrial Consultant, SANS ICS | Dragos
There is little appetite anymore for dramatic narratives about industrial collapse. Practitioners are moving toward something more grounded. More operational. The message emerging across sessions is surprisingly consistent: manufacturing environments do not need perfect cybersecurity programs, though they need defensible ones.
That distinction matters.
A recurring frustration inside OT security circles is the persistent mismatch between security ambitions and operational realities. Security teams often inherit architectures they did not design, limited staffing, fragmented ownership models, and facilities distributed across multiple regions with inconsistent maturity levels.
So the conversation shifts toward survivability.
Major Sumit Sharma, CISO, Tata Chemicals
Major Sumit Sharma will explore this directly in his session ‘Centralize Visibility. Decentralize Survivability.’ His argument challenges the assumption that centralized OT architectures automatically improve security outcomes. In practice, over-centralization can create dangerous shared failure domains where one incident cascades across multiple plants simultaneously.
Manufacturing learned this lesson repeatedly during ransomware campaigns over the past several years. Organizations that centralized dependencies too aggressively often discovered that recovery queues expanded faster than operational teams could respond.
Fully centralized environments improve governance but introduce systemic risk. A single failure can affect multiple plants. Fully decentralized environments preserve autonomy but weaken visibility. Hybrid model attempts to balance both, as control remains local, while visibility and governance are centralized. An OT DMZ brokers interaction. What matters is not the model itself, but the principle behind it. Systems should fail gracefully, not broadly. In manufacturing, survivability matters more than architectural purity.
John Kingsley a senior RD OT cybersecurity engineer at Hitachi Energy
Another interesting session will be that by John Kingsley of Hitachi Energy, who pushes this idea even further. His framework for the ‘First 180 days of an OT security program’ rejects the traditional compliance-versus-risk reduction debate entirely. Instead, he frames operational integrity itself as the objective. Not a project. A condition. That subtle reframing says a lot about where industrial cybersecurity is heading.
The industry is slowly recognizing that manufacturing resilience cannot depend entirely on preventing compromise. Especially not anymore. Because attackers changed faster than many organizations did.
AI-assisted intrusions, automated reconnaissance, scalable ransomware operations, supply chain compromise. The adversary ecosystem became faster, cheaper, and operationally smarter. Meanwhile, many manufacturing organizations still struggle with basic segmentation, remote access governance, or incident recovery testing.
And there’s another uncomfortable truth buried underneath all this.
Detection alone is not saving plants. One of the strongest sessions in the program asks a deceptively simple question, ‘When an alert triggers, who acts and what can they realistically do?’ It cuts directly into one of OT cybersecurity’s biggest operational gaps. Centralized SOC teams may detect anomalies quickly, but geographically dispersed manufacturing facilities often lack on-site cyber expertise to translate alerts into safe operational responses. That gap between detection and action keeps appearing everywhere.
Asad Naeem, manager instrument, control systems and OT cybersecurity at Engro Fertilizers Limited
Asad Naeem, manager instrument, control systems and OT cybersecurity at Engro Fertilizers Limited grounds the discussion in operational reality. Managing a large-scale industrial environment, his approach focuses on deployable controls. Segmentation, removable media restrictions, and data diode architectures are not theoretical, but they are necessary.
However, the technical layer is only part of the solution. Workforce development becomes equally important. Training, awareness, and alignment across engineering and operations sustain security over time. The takeaway is simple. Technology enables security. People and process sustain it.
Sam Mackenzie, Vice President, Australian Control Room Network Association (ACRNA)
Sam Mackenzie, vice president of the Australian Control Room Network Association, moderates a panel examining exactly this problem. The discussion moves beyond technology into ownership, escalation paths, and the realities of high-throughput facilities where operational teams are already overloaded. In many environments, incident response still exists largely as documentation. Not muscle memory. And manufacturing incidents rarely unfold cleanly.
Cybersecurity professionals sometimes underestimate how operationally messy industrial recovery becomes once production instability starts spreading across tightly coupled systems. The challenge is not merely identifying malicious activity. It is about deciding which actions can safely proceed without introducing greater disruption.
Mary Gannon, OT Incident Response Lead, GuidePoint Security
Mary Gannon, OT incident response lead at GuidePoint Security, addresses this from the perspective of smaller and mid-tier manufacturers that lack large incident response retainers or dedicated OT response teams. Her focus is on practical and grounded in operational reality that when outside support is unavailable, organizations must rely on internal capability to keep production running while managing the incident. In these environments, recovery is not theoretical. It is procedural, practiced and continuously validated.
Durgesh Kalya, network security expert at Covestro
In Europe, discussions increasingly center on resilience regulations, recovery expectations, and secure-by-design engineering practices. Durgesh Kalya of Covestro argues that many OT security failures originate not during attacks but during early engineering and capital project decisions that were never challenged properly.
Again, the issue is not exotic malware. Often it is design debt. Remote access decisions. Flat networks. Poor segmentation. Unvalidated dependencies. Operational shortcuts that quietly compound over the years until a disruption exposes them all at once.
Shlomi Marco, CEO & CTO, Rubycomm
Another issue is that supply chain dimension is becoming harder to ignore, too. Shlomi Marco, CEO and CTO of RubyComm, focuses on the widening cybersecurity gap affecting small and medium-sized manufacturers across Europe. This matters far beyond SMBs themselves. Modern manufacturing systems are highly interdependent, and as such, an exposed supplier can turn into a risk problem for everybody further upstream in the chain.
Drawing attention to the increased vulnerability structures found within the manufacturing supply chains, he noted that these small manufacturers are typically working under budget and expertise constraints along with having outdated infrastructure, but are nevertheless highly connected within the larger ecosystem of industries. This means that any vulnerability can easily turn into an enterprise risk problem for those further upstream.
That interconnectedness is reshaping how industrial organizations think about cyber risk governance. The old model treated OT security largely as a technical discipline buried somewhere inside engineering or infrastructure teams. Increasingly, that boundary is collapsing.
Sessions across the Americas repeatedly return to the same issue of translating operational cyber risk into business language that leadership understands. Recovery emerges as a defining capability.
Ari Novikoff, Global VP, Macrium
Ari Novikoff of Macrium Software highlights a growing problem across operational environments that while backups are common, proven recoverability is not. His session, ‘Backed Up, Can’t Recover,’ reflects a reality many organizations only confront during an actual disruption.
In OT environments, having backups does not guarantee rapid restoration of operations. Recovery testing remains inconsistent, restoration dependencies are often poorly understood, and legacy systems continue to complicate rebuild efforts. In some facilities, critical recovery knowledge still lives with a small number of experienced engineers nearing retirement. Under pressure, those weaknesses surface fast.
The challenge is becoming harder as manufacturers balance two competing realities. Digitalization, AI adoption, remote operations, and connected supply chains continue expanding the attack surface, while aging infrastructure, limited staffing, and operational fragility make resilience increasingly difficult to sustain.
Anusha Iyer, Founder and CEO of Corsha
Anusha Iyer, founder and CEO of Corsha, frames adversaries themselves as economic actors pursuing favorable return on investment. Attackers operate on return on investment. They target systems where effort yields maximum impact. Defenders are beginning to adopt the same lens. Quantifying downtime, modeling attack paths, and translating risk into financial terms are becoming essential. Sean Tufts of Claroty focuses on the cost of inaction and the financial realities of downtime.
Symonsen Acorroni, OT Cyber Security Specialist, Ero Mining
Symonsen Acorroni, an OT cybersecurity specialist at Ero Mining, points to the disconnect between maintenance, reliability, and cybersecurity. Treating them separately creates blind spots. Integration is not just a technical exercise. It is organizational.
Teodosio Gutierrez, Principal, Altura
Meanwhile, Teodosio Gutierrez, founder and principal at Altura, will discuss evolution of OT professionals into enterprise risk contributors rather than isolated technical operators. This shift matters because manufacturing executives increasingly evaluate cybersecurity through operational continuity, financial exposure, regulatory impact, and customer trust. Not merely technical severity scores.
And honestly, manufacturing may have resisted that shift longer than other sectors. There has historically been tension between production priorities and cybersecurity initiatives. Operational teams worry that cybersecurity changes will introduce downtime. Security teams worry that operational shortcuts create systemic risk. Both are often correct.
That friction sits underneath one of the conference’s most important recurring themes of operationally-driven cybersecurity. Not cybersecurity imposed onto manufacturing environments, but designing cybersecurity around manufacturing realities.
Mike Holcomb, founder, UtilSec
Mike Holcomb, an OT/ICS cybersecurity consultant and educational content creator, identifies the conflict present within manufacturing facilities, especially in the Americas, where uptime is pitted against security without finding resolution. Companies are always expected to keep their uptime up while dealing with more threats than ever before. While artificial intelligence and digitalization help improve efficiencies, they also create additional vulnerabilities.
Holcomb’s point is not to slow innovation. It is to prioritize correctly. Not everything can be secured at once. But the fundamentals, when implemented well, significantly reduce risk. This aligns with a recurring theme. The issue is not doing more. It is doing the right things first.
Saltanat Mashirova, senior manager for OT cybersecurity
Saltanat Mashirova, senior manager for OT cybersecurity at CPX, and Michael Hoffman, Dragos’ technical leader, explore the need for operationally‑driven cybersecurity for manufacturing by looking at defensible architectures aligned with uptime, safety, and production continuity rather than purely theoretical security maturity.
It sounds subtle, but it is not. The difference between security programs succeeding or failing inside manufacturing often comes down to whether operational teams perceive cybersecurity as enabling resilience or disrupting production. And increasingly, recovery readiness is becoming the ultimate test.
Danielle Jablanski, OT Cybersecurity Consulting Lead, STV, inc.
There is no clean separation anymore between cyber risk and operational risk. Danielle Jablanski of STV Inc. makes that point through the lens of geopolitical instability and political risk affecting production environments globally. The attack surface is no longer confined neatly inside plant walls.
Geopolitical world is complex enough, but its ramifications are now increasingly affecting the cybersecurity of the industrial sector. The more AI, connectivity, and remote management are implemented in the manufacturing sector, the greater the possibility of political upheavals and economic disruptions posing a direct threat to the safety of industrial processes.
The Americas West discussions bring to focus what the industry knows what to do, but it still struggles to do it.
Ethan Schmertzler, co CEO at Dispel
Participants, including Ethan Schmertzler, co CEO at Dispel, and Matthew Cowell, vice president of strategic alliances at Nozomi Networks, explore why known controls remain inconsistently implemented. The reasons are familiar. Legacy systems. Fragmented architectures. Funding constraints. Organizational resistance. But the persistence of these issues points to a deeper problem. Execution. The industry is not lacking knowledge. It is struggling to apply it consistently at scale.
What emerges from Industrial Cyber Days Manufacturing 2026 is not panic. Not even pessimism. Something more useful, actually.
Matt Cowell, VP of Strategic Alliances, Nozomi Networks
A recognition that manufacturing cybersecurity is finally moving beyond performative maturity language toward operational realism. The conversations feel less obsessed with perfection and more focused on sustainability. Less about buying platforms. More about making difficult environments defensible.
There are still gaps everywhere. Some structural. Some cultural. Some financial. But the industry conversation is maturing. Slowly, manufacturing organizations are starting to ask harder questions. Not whether compromise is possible, but whether operations can withstand it. Not whether visibility exists, but whether teams can act decisively under pressure. Not whether recovery plans exist on paper, but whether plants can actually restore safely while production, safety, and customer trust remain intact.
That shift changes everything.
Once cybersecurity becomes operational continuity, the conversation stops belonging only to security teams. It becomes a manufacturing problem. A business problem. A leadership problem. And, perhaps for the first time in years, the industrial cybersecurity community sounds ready to deal with that reality head-on.
Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.
