Keatron Evans, VP of Portfolio Product at Infosec Institute
At one of the world's largest water treatment networks, millions of gallons of chemicals flow through their systems every day to keep drinking water safe. When I met with them, the operations team made one thing clear: "We only care about uptime. One minute of the chlorination system malfunctioning means a poisoned water supply."
That was their reality. And for decades, it made sense.
Most manufacturing systems were air-gapped — isolated from external networks and the internet. Security wasn't a priority because nothing was connected to anything that could pose a threat.
Those days are over. Modern manufacturing floors are connected ecosystems with IoT sensors monitoring equipment, wireless networks enabling automation and cloud platforms aggregating production data. That connectivity unlocks tremendous operational value, but it also creates a vulnerability you may not expect.
The next wave of manufacturing cyber failures won't come from outdated firewalls or unpatched servers. They'll come from a critical shortage of people who can actually detect and respond to threats in operational technology environments.
Manufacturing Security Is Different
Cybersecurity professionals often talk about the CIA Triad: confidentiality, integrity and availability. Traditional IT security balances all three, but manufacturing has largely focused on just one: availability.
The challenge is that standard cybersecurity practices don’t always translate to manufacturing. The tools and techniques that work perfectly on corporate networks can cause catastrophic failures on factory floors.
Take something as basic as network scanning — one of the first things any security professional learns. IT security teams routinely use port scanners to inventory network assets and identify vulnerabilities. Run that same scan on older manufacturing equipment, and you might shut down instrumentation systems or cause robotics to behave erratically.
You can't simply transfer IT security professionals to manufacturing without specialized knowledge. They need to understand how these systems actually work, and more importantly, how they fail.
Five Critical Skills Gaps
Manufacturing faces five specific skill deficits that leave operations vulnerable.
- AI-Powered Threat Detection.
Manufacturing networks generate massive data volumes. Sensors, programmable logic controllers and monitoring systems produce continuous streams of operational information from hundreds or thousands of data points. Human analysts can't effectively process this volume to identify anomalies that signal security threats.
This is where AI becomes critical. Machine learning can monitor all those data streams simultaneously, flagging unusual patterns that would be impossible for humans to spot manually. But here's the catch: You need professionals who can build and tune these systems for manufacturing environments. That means understanding AI and machine learning fundamentals — and the operational technology being monitored.
Most cybersecurity professionals lack the operational technology context. Most manufacturing engineers don't have the AI skills to build these systems. This leaves organizations blind to threats hiding in plain sight.
2. Anomaly Analysis in OT Environments
Once your systems flag potential anomalies, someone has to interpret them. Manufacturing context becomes critical here.
Equipment cycles with production schedules. Power consumption fluctuates with operational intensity. Network traffic patterns vary with shift schedules and production runs. A temperature spike at 2 p.m. might be completely normal production variance. That same spike at 2 a.m. could be a compromised controller.
Without that manufacturing knowledge, security professionals face an impossible choice: miss real threats or trigger false alarms that shut down production.
3. Incident Triage for Industrial Systems
A network slowdown in an office might be annoying. A compromised safety system on a factory floor can be fatal. Understanding which systems control critical safety functions, which processes can tolerate brief interruptions, and which failures pose physical danger requires deep operational knowledge.
Traditional incident response playbooks don't account for physical safety implications — they assume you can always prioritize containment over continuity. You need professionals who can assess an incident and immediately understand the operational and safety context.
4. OT-Aware Response
You can't shut down and reimage a production line the way you would reimage a laptop. Patching might require production downtime costing tens of thousands of dollars per hour — or more. Some legacy systems can't be patched at all without complete replacement, which might mean a million-dollar capital expense and weeks of downtime.
Effective response in manufacturing means working within severe operational constraints. Security professionals must understand maintenance windows, production schedules, equipment dependencies and what different response options actually cost the business.
That knowledge doesn't come from traditional cybersecurity training. It comes from years on the factory floor.
5. Factory Floor Security Training
The skills gap extends beyond security teams to the factory floor itself. Workers interact with operational systems daily but often don't understand cyber risks.
They connect portable media to controllers. They respond to social engineering attempts without recognizing them as threats. They notice system anomalies but don't know how to report them properly.
These workers need role-specific security awareness training. Corporate phishing training doesn't address the operator who plugs a personal USB drive into a programmable logic controller or the engineer who shares detailed system information with someone claiming to be from technical support. Training must cover these challenges, and when to report unusual system behavior.
Building the Right Talent
So what's the solution? Upskill your existing manufacturing staff.
These professionals already understand your systems, operational constraints and what normal operations look like. Adding cybersecurity skills to that foundation is far more practical than teaching cyber professionals about manufacturing from scratch.
This isn't about replacing manufacturing engineers with security specialists. It's about giving engineers who already understand the operational environment the additional skills to recognize and respond to cyber threats.
Cross-training programs that bridge manufacturing and security domains can develop this hybrid expertise faster and more effectively than any hiring strategy. AI-powered training platforms are accelerating this process, providing hands-on security experience in simulated OT environments without risking production systems.
The skills gap isn't just a problem. It's a vulnerability, and threat actors know it. They understand that manufacturing organizations have connected their operational technology without developing the expertise to secure it. They're counting on facilities lacking professionals who can detect unusual behavior in OT networks or respond effectively when incidents occur.
While you're posting job descriptions for that unicorn "OT security professional" who doesn't exist, they're figuring out how to compromise your production systems.
The good news? You already have the people you need. They're running your equipment right now. Give them the cybersecurity skills to protect what they've built. Do it before the next attack proves why this can't wait.
