Welcome to an insightful conversation on the pressing issue of cybersecurity in the manufacturing sector. Today, we’re speaking with Kwame Zaire, a seasoned expert in manufacturing with a focus on electronics, equipment, and production management. Known for his thought leadership in predictive maintenance, quality, and safety, Kwame brings a wealth of experience to the table, especially when it comes to navigating the complex intersection of operational technology and digital security. In this interview, we dive into the critical challenges of protecting manufacturing environments, from outdated systems and budget constraints to workforce awareness and the integration of IT and OT systems. Join us as we explore how the industry can balance production demands with the urgent need for robust cybersecurity.
How do you see the level of awareness among manufacturing workers when it comes to cybersecurity risks, and what gaps have you noticed?
I think awareness varies widely across the board. On the shop floor, many workers don’t fully grasp the risks tied to something as simple as clicking a suspicious email link or plugging in a personal USB drive. There’s often a mindset of “this won’t happen to me,” which can be dangerous. At higher levels, some managers still view cybersecurity as an IT problem rather than a company-wide concern, which limits the support and resources dedicated to it. The biggest gap I’ve seen is in recognizing subtle threats, like social engineering, where someone might impersonate a vendor or colleague to gain access. Without proper education, these risks go unnoticed until it’s too late.
What strategies or training programs have you found effective in helping employees recognize and respond to cybersecurity threats?
I’ve found that hands-on, practical training works best. We’ve implemented regular workshops that include simulated phishing attacks to show workers how easy it is to be tricked and what red flags to look for. We also run tabletop exercises where teams walk through a mock cyber incident, like a ransomware attack, to practice response protocols. It’s not just about lecturing—it’s about making the risks real and relatable. We’ve also started integrating short, bite-sized security tips into daily briefings so it’s not a once-a-year thing but a constant reminder. Building that culture of vigilance is key.
Turning to equipment, how much of a challenge do legacy systems pose in your experience, and what vulnerabilities stand out?
Legacy systems are a massive challenge in manufacturing. A lot of our equipment still runs on outdated software—think Windows XP or older—where security patches aren’t even available anymore. Many programmable logic controllers, or PLCs, lack modern encryption and use unsecured communication protocols, making them easy targets for attackers. The biggest vulnerability is that these systems were never designed with cybersecurity in mind; they were built for reliability and uptime, not for defending against digital threats. Once a hacker gets into one of these systems, they can often move laterally across the network with little resistance.
How do you weigh the risks of keeping these older systems running against the potential disruptions of upgrading them?
It’s a tough balancing act. On one hand, you’ve got production lines that can’t afford downtime—every hour offline costs thousands, if not more. On the other hand, running unpatched systems is like leaving your front door unlocked. I’ve leaned toward phased upgrades where we target the most critical or vulnerable systems first, but even that comes with risks of compatibility issues or unexpected failures during implementation. We often have to schedule updates during planned maintenance windows, but that means stretching out the process over months or even years, leaving gaps in the meantime. It’s never a perfect solution, just the least bad option sometimes.
Budget constraints are often a hurdle in manufacturing. How have financial limitations impacted your ability to prioritize cybersecurity?
Budget constraints are always looming over us. Manufacturing operates on thin margins, so every dollar spent on cybersecurity is a dollar not spent on new equipment, hiring, or expanding production. It’s hard to justify preventative costs when the threat feels abstract—until a breach happens, that is. I’ve had to get creative, focusing on cost-effective solutions like open-source tools for monitoring or leveraging existing IT infrastructure for basic protections. But there’s no getting around it: without dedicated funding, you’re always playing catch-up, and that’s a risky place to be in an era of increasing cyber threats.
How do you navigate the tension between cybersecurity needs and other pressing priorities like meeting production goals or adopting new technologies?
It’s a constant tug-of-war. Production targets and shipping deadlines often take precedence because they’re tied directly to revenue and customer satisfaction. Cybersecurity, meanwhile, is seen as a cost center—something that doesn’t show immediate returns. I’ve tried to reframe it by showing how security impacts operational resilience. For instance, a cyberattack could halt production far longer than any planned downtime for upgrades. But when leadership is pushing for innovations like robotics or AI-driven quality control, those flashy projects often win the budget battle. It takes a lot of advocacy to keep security on the radar.
One area of concern is the divide between operational technology and IT teams. How have you seen this fragmentation affect cybersecurity efforts?
The OT-IT divide is a silent killer for cybersecurity. OT teams are laser-focused on keeping machines running and often resist changes that might interrupt production, like applying patches or adding network security layers. IT, on the other hand, pushes for strict protocols that don’t always translate well to the factory floor. I’ve seen this lead to miscommunication, where security measures are either ignored or implemented in ways that conflict with operational needs. The result is uneven policies and vulnerabilities, especially in systems that bridge both worlds. Bridging that gap through joint planning and shared goals has been a slow but necessary process.
Looking ahead, what is your forecast for the future of cybersecurity in manufacturing, and how do you think the industry will evolve to address these challenges?
I think cybersecurity in manufacturing is at a turning point. As factories become more connected through IoT and cloud systems, the attack surface will only grow, making security non-negotiable. I predict we’ll see more regulatory pressure, with stricter compliance requirements pushing companies to invest even if budgets are tight. There’s also likely to be a shift toward more integrated OT-IT teams, with cross-functional roles becoming standard to close those gaps. Technology-wise, I expect AI and machine learning to play a bigger role in threat detection and response, helping us stay ahead of sophisticated attacks. But it all hinges on a cultural shift—treating cybersecurity as a core part of operations, not an afterthought. If we can get there, the industry will be much more resilient in the face of digital threats.
