For years, the manufacturing sector was not seen as a prime target for cybercriminals. Banks, retailers, and hospitals were more attractive: they held sensitive data, financial assets, or personal records that could be directly monetized. Factories, by contrast, often ran on isolated legacy systems that appeared less rewarding to attack.

That perception has shifted dramatically. In 2025, two global giants, Asahi Group and Jaguar Land Rover (JLR), were forced to suspend production following large-scale cyberattacks. Asahi halted operations across 30 domestic plants in Japan, while JLR shut down manufacturing at its major UK sites in Solihull, Halewood, and Wolverhampton. Other manufacturers, such as Unimicron in Taiwan and Sensata and Nucor in the United States, also suffered major incidents this year.

These cases highlight that manufacturing is now firmly in the crosshairs, and they illustrate why.

From Isolated Machines to Digital Ecosystems

Traditionally, production environments were kept separate from corporate IT. Industrial control systems and manufacturing execution platforms operated in relative isolation. A breach in the office network did not necessarily mean a problem on the shop floor.

Today, that separation is frequently gone. Manufacturers have embraced digital transformation to boost efficiency and standardize operations across regions. Production systems are tightly linked with enterprise platforms, supply chain systems, and connected worker tools. This creates a single, unified digital ecosystem, one that is efficient, but also one where an attack in one layer can cascade into production downtime.

Why Now?

The timing of this shift is not accidental. Three forces are converging to make manufacturing more attractive than ever for attackers.

First, the cost of downtime is extraordinary. In the case of JLR, shutdowns were estimated to cost tens of millions of pounds each week. For Asahi, halting 30 factories meant a nationwide standstill with ripple effects across distributors and retailers. This financial pressure makes manufacturers prime targets for ransomware and extortion.

Second, the attack surface has grown. Every new integration, whether linking production systems to ERP, or enabling mobile access for operators, creates new opportunities for attackers to gain entry and move laterally. What once were closed networks are now deeply interconnected, and vulnerabilities in these systems are increasingly being exploited in the wild.

Third, the supply chain leverage is massive. When an automaker halts production, hundreds of suppliers are affected. When a major beverage producer pauses shipments, retailers and consumers feel it almost immediately. This ripple effect gives attackers more leverage in negotiations, knowing that pressure mounts quickly across the value chain.

Why the MES Layer is So Critical

At the heart of many of these incidents lies the Manufacturing Execution System (MES). MES platforms don’t just orchestrate production lines; they store vast amounts of sensitive and proprietary data: recipes, process parameters, quality records, equipment configurations, and often direct interfaces to ERP and supply chain systems.

This deep operational embedding means that if MES is compromised:

  • Production schedules can be disrupted or manipulated.
  • Intellectual property, such as formulas or production methods, can be stolen.
  • Historical quality and compliance records can be altered, creating regulatory or legal exposure.
  • Attackers gain a natural pivot point into both IT and OT domains, expanding the impact of a breach.

In short, MES has become both the crown jewel and the weak link of modern manufacturing. When MES trust is broken, safe and efficient production becomes impossible.

Where Systems Reside and Why It Matters

The Asahi and JLR incidents show that attackers are no longer simply disrupting back-office IT. They are reaching into the systems that companies rely on to actually make and move products. Whether these systems are hosted in-house, managed in company data centers, or delivered as SaaS, the implications are the same: if they are disrupted, production stops.

This raises a critical strategic question for manufacturers: should core production platforms be managed internally, or entrusted to specialized providers? Hosting systems in-house offers more direct control, but many internal teams struggle with the resources and expertise required to keep up with patching and monitoring. Professional hosting or SaaS models often deliver stronger resilience, faster updates, and round-the-clock monitoring, but they also concentrate risk: if the provider is compromised, many customers could be affected simultaneously.

In reality, the choice of hosting model is less important than the maturity of the security controls around it. Segmentation, monitoring, and rapid patch management matter more than whether a server sits on-premises or in the cloud.

A Call to Action

Manufacturers must now approach cybersecurity with the same urgency as financial institutions. This means mapping dependencies to understand which systems are truly mission-critical, segmenting IT from OT to slow lateral movement, patching vulnerabilities with urgency, and preparing safe-restart plans that go beyond IT recovery and ensure production lines can resume safely.

2025 has made one thing clear: manufacturing is no longer a low-yield target. It is a digital-first industry where downtime is catastrophic, and attackers know exactly how much leverage that gives them. And with MES at the center of these operations, rich in data, deeply integrated, and essential to continuity, it has become one of the most critical battlegrounds in cybersecurity today.

PS: The Importance of “Small” Technology Updates

It’s worth noting that even the fine print in technology release notes can have major implications for manufacturing security and resilience. In our latest Critical Manufacturing MES release, version 11.2, three updates stand out:

  • Modern encryption support (X25519MLKEM768): This update introduces a post-quantum cryptographic algorithm, designed to remain secure even against future quantum computers. While quantum threats may not be here yet, attackers already use a “harvest now, decrypt later” approach, stealing sensitive MES data such as recipes, process parameters, and intellectual property today, with the aim of decrypting it in the future. Adding this protection now helps safeguard long-term data confidentiality.
  • OAuth2 token exchange (new grant type). This becomes particularly important in the context of MCP servers, which connect MES to multiple systems (including LLM-triggered ones) and expose both data and powerful APIs. Without proper security, MCPs represent a huge risk surface; they can be abused for unauthorized data extraction or even malicious actions triggered via APIs (for example, through prompt injection attacks). By enforcing OAuth2 token exchange, access is mediated with strong, time-bound, and scoped tokens rather than broad, static credentials, significantly reducing the likelihood of exploitation.
  • Canonical Kubernetes support: Alongside Red Hat OpenShift, manufacturers that deploy their MES on-premises now have another enterprise-grade option for orchestrating containerized MES workloads. This broadens choice, but also highlights how MES is moving deeper into cloud-native IT infrastructure — and therefore into a threat landscape attackers already know well.

These may read like technical footnotes, but together they illustrate how MES platforms are evolving, and why it’s crucial for manufacturers to treat them not just as production systems, but as high-value digital assets that require the same security focus as any other enterprise application.

Industries: Discrete manufacturing
Francisco Almada Lobo
Francisco Almada Lobo

CEO at Critical Manufacturing, Industry 4.0 Evangelist and Educator

< Previous Post
Next Post >
Related articles
AI December 4, 2025
The Rise of Copilots: Transforming the Interaction with Manufacturing Execution Systems (MES)

The manufacturing floor is undergoing a digital revolution, and at the forefront of this change is the emergence of AI Copilots.

Read more
Discrete manufacturing November 27, 2025
Why Generic Data Platforms Fall Short and Purpose-Built Solutions Win

When global manufacturers evaluate their enterprise analytics strategy, they face a critical decision: build a custom solution on a generic data platform like Snowflake, Azure Synapse, or Databricks, or invest in a purpose-built manufacturing intelligence platform like Critical Manufacturing’s Enterprise Data Platform (EDP)?

Read more
Discrete manufacturing October 23, 2025
Be the Leader When Choosing an MES: 10 Questions to Find the Right Partner

At the center of every successful smart factory sits one key enabler: the Manufacturing Execution System (MES). It is the operational backbone that connects strategy with execution, guiding people, machines, and processes to work together in real time. Choosing an MES, however, is not just a technology decision. It is a business-defining one. The right system can help a company adapt, scale, and lead for years. The wrong one can slow progress, limit flexibility, and block innovation.

Read more