NIS2 PilotNIS2 PilotNIS2 Pilot
Manufacturing – NIS2 Annex II

Manufacturing: OT Security Becomes Mandatory

Manufacturing companies are the #1 target for ransomware. NIS2 demands protection of production facilities, control systems, and supply chains.

Check ApplicabilityIT vs. OT
🎯

Manufacturing = #1 Ransomware Target Worldwide

Production downtime costs an average of €22,000 per minute. Attackers know: manufacturers pay to resume production.

Critical Assets in Manufacturing

OT systems in the focus of NIS2

🖥

SCADA & HMI

Process control systems, visualization, operator interfaces, often with legacy operating systems.

PLC/SPS

Programmable Logic Controllers. The heart of automation.

🤖

Robots & CNC

Industrial robots, CNC machines: physical safety at risk if manipulated.

📊

MES & ERP

Manufacturing Execution Systems: the bridge between IT and OT.

IT vs. OT: Different Worlds

IT (Office)

  • Availability: 99.9% (8h downtime/year OK)
  • Patches: Weekly possible
  • Lifecycle: 3-5 years
  • Priority: Confidentiality
  • Protocols: TCP/IP, HTTP, SQL

OT (Production)

  • Availability: 99.999% (5 min downtime/year)
  • Patches: Only during planned shutdowns
  • Lifecycle: 15-25 years
  • Priority: Availability & Safety
  • Protocols: Modbus, Profinet, OPC

Typical Risks in Manufacturing

Why manufacturing is particularly at risk

🔓

IT/OT Convergence

Industry 4.0 connects previously isolated OT with IT networks. New attack paths.

👴

Legacy Systems

Windows XP, unpatched controllers. "Never touch a running system" is not a security strategy.

🔧

Remote Maintenance

Machine manufacturers with VPN access: uncontrolled backdoors.

Supply Chain

Components with pre-installed malware, compromised firmware.

Key Measures for Manufacturing

Art. 21 NIS2 + IEC 62443 for OT

1

OT Risk Analysis

Asset inventory of all OT components. Purdue model for segmentation. IEC 62443 as framework.

2

OT Incident Response

Special playbooks for OT incidents. Safety vs. security trade-offs. Forensics without production downtime.

3

Business Continuity

Manual fallback processes for critical production steps. Backup of PLC programs.

5

Secure Development

Security-by-Design for new installations. Security requirements in specifications.

9

Access Control

Network segmentation (DMZ between IT and OT). Jump servers for remote maintenance. USB control.

NIS2 Applicability Check
NIS2 Maturity Assessment

NIS2 Compliance for Manufacturing

Check your applicability in 2 minutes and receive an OT-specific action plan.

Start Free Check

Is your manufacturing company affected by NIS2?

Check your NIS2 applicability in 2 minutes. Free and without registration.

Check applicability →

Fines in the manufacturing sector: up to €7M or 1.4% of annual turnover.

Other NIS2 Sectors

NIS2 covers 18 different sectors. Learn about other industries as well.

EnergyHealthcareFinance & InsuranceIT & CloudTransportWater & WastewaterPublic Administration
Check your NIS2 readiness in 2 minutesStart now