The Cybersecurity Imperative: Strengthening Manufacturing in an Age of Evolving Threats
In an era where digital threats evolve at an unprecedented pace, cybersecurity has never been more critical. The latest Verizon 2024 Data Breach Investigations Report paints a stark picture: cybercriminals are exploiting vulnerabilities at nearly three times the rate of last year, with human error still playing a major role in security breaches. Ransomware remains a dominant force, causing significant financial and operational disruption, while third-party vulnerabilities continue to expose businesses to unseen risks.
Yet, despite a 12.6% growth in the cybersecurity industry, a critical workforce gap persists. With a global shortage of 4 million cybersecurity professionals, companies are struggling to fill essential roles. Cloud security, cyber threat intelligence, and malware analysis remain the most in-demand skills. Addressing this gap will be key to fortifying businesses against emerging cyber threats.
Artificial intelligence further complicates the cybersecurity landscape, acting as both a shield and a weapon. AI enhances defense by automating security management, improving threat detection, and enabling predictive responses. However, it also empowers attackers, refining deepfake technology, automating sophisticated cyberattacks, and
advancing social engineering tactics. As AI reshapes the battlefield, organizations must remain vigilant, balancing innovation with robust security protocols.
In industry, we find ourselves asking the tough questions:
• What does it mean to be cyber secure in this era of manufacturing?
• How can we train the workforce to be more vigilant today from the factory floor to the C-Suite?
• How do we respond to a breach or disclosure in our value chain?
The answers to these questions will define the future of cybersecurity in manufacturing. As threats become more sophisticated, so too must our defenses. By investing in workforce education, strengthening AI-driven security measures, and fostering a culture of cyber resilience, manufacturers can not only mitigate risks but also lead the charge in shaping a more secure digital landscape. The challenge is great, but with a united effort, we can turn cybersecurity from a vulnerability into a competitive advantage.
Tom Kelly Executive Director & Chief Executive Officer Automation Alley
Roundtable Attendee List:
Sponsors, Supporters and Participants
Main Feature:
Staying Ahead: Securing Industry from Cyber Threats
Expert Insights:
Cybersecurity Workforce Readiness and AI Integration
Oakland University
Future Trends:
Cyber’s Human Element, AI Influence & More
Expert Insights:
Cybersecurity Workforce Readiness and AI Integration
Butzel
Case Study:
Vultara Supports Auto Industry Cyber Resilience
Key Takeaways:
Main points from Integr8 Cybersecurity Roundtable
State and National Resources: Helpful resources for small- and medium-sized manufacturers
SPONSORS, SUPPORTERS & PARTICIPANTS
SPONSORED BY: Oakland University and Butzel
Dr. Dan Aloi, Professor - Director of Research, School of Engineering and Computer Science, Oakland University
Dr. Guangzhi (Mark) Qu - Professor and Chair of Computer Science and Engineering Department, Oakland University
Jennifer Dukarski - Shareholder, Butzel
Randi Hermiz - Shareholder, Butzel
Claudia Rast - Shareholder, Butzel
Robert Schwartz - Shareholder, Butzel
Heloisa Bueno - Intern, Butzel
ADDITIONAL LEADERS IN INDUSTRY, ACADEMIA AND GOVERNMENT IN ATTENDANCE:
Tom Kelly - Executive Director & Chief Executive Officer, Automation Alley
George Assi - Business Development, Kuehne and Nagel
Paul Briscoe - Director of Technology and Development, Human Element
Matthew Cole - Dean, Lawrence Technological University
Carl Dukatz - Next Generation Computer Lead, Managing Director, Accenture
Guillaume Dutripon - Purchasing and IT Manager, North America, Adduxi, Inc.
Nathan Erickson - DevOps Engineer, Human Element
Jaclyn Fortier - Associate Director, Central Michigan University
Jarrad Grandy - Executive Director of Student Services, Oakland Schools
Yuanbo Guo - CEO, Vultara, Inc.
Mark Haislip - Director of Strategic Sales, Patero
Carl Hobson - President and CEO, Oasis Advanced Engineering
Doug Hughes - Account Executive, Cybersecurity Services, TUV Rheinland of North America
Katelyn Kontny - Program Manager, Automation Alley
Dwight Levens - Chief Technology and Information Officer, Oakland Schools
Michael Luzi - Vice President of Strategic Partnerships, BenePro/HRPro
Peter Makar - Director, Cybersecurity Advisory and Consulting, Knowledge Services
Matt Nelson - Cybersecurity Specialist, People Driven
Michael Pickholz - CEO, MagWerks Vision Inc.
Waheeda Rahman - IT Intern, Adduxi, Inc.
Cody Schaub - Economic Development Director, Congresswoman Haley Stevens
Ashwin Umamaheswaran - US Marketing, Caresoft Global
Ravi Venugopal - CEO, Giggso inc
Greg Warholak - Director Common Information Technology, Contract Professionals, Inc.
Jeff Williams - Cybersecurity Program Manager, MMTC
Benjamin Wixson - Group Manager, Automation Solutions of America
Staying Ahead: Securing Industry From Cyber Threats
Technology implementation is perhaps the highest-stakes game for manufacturers today. What some might believe is the world’s next quantum leap forward could very easily be another person’s reason to fear for economic turmoil. On one side, Artificial Intelligence (AI) and other once-in-a-generation advancements are opening the door to new possibilities in efficiency and productivity. On the other side, technological advancements can outpace safeguards, propelling the industry into a new era of cybersecurity threats.
This year’s Verizon Data Breach Investigations Report (DBIR) reveals critical insights into evolving cybersecurity threats. Exploitation of vulnerabilities as an initial access method has nearly tripled from last year, underscoring the growing sophistication of attackers. Human error remains a significant risk, with 68% of breaches involving social engineering or mistakes. Financially motivated attacks continue to dominate, with 62% involving ransomware or extortion, resulting in a median loss of $46,000 per breach. Additionally, 15% of breaches stemmed from third-party risks, highlighting the importance of securing supply chains and external partnerships. These findings reinforce the need for proactive cybersecurity measures and continuous vigilance.
Yet, with proper training and workforce development, the future of cybersecurity is optimistic as long as the industry incentivizes creativity toward cyber good instead of evil.
“Cybersecurity is a collective responsibility,” said Mark Qu, professor and chair of the computer science and engineering department at Oakland University. “Everyone needs to contribute to maintaining a safe working and data environment.”
Opportunities
From the First Industrial Revolution up until today, the most successful witnesses of wide-scale advancement have always been those who found a way to use it in their favor. Cybersecurity and AI will be no different. In the combination of these technologies lies an abundance of opportunities to get ahead on both organizational and collective levels. Criminals may have access to the same emerging tools, but businesses have both the incentive and resources for rapid adoption. They’re also privy to the knowledge of industry experts, cybersecurity professionals, and technological innovators.
“We need to change the industry narrative by encouraging information sharing,” said Yuanbo Guo, CEO of Vultara. “Sharing incidents with your industry does not show a company’s weakness, but it proves your cybersecurity practice is strong. Information sharing with industry peers helps the entire industry address cybersecurity threats more efficiently and effectively.”
The manufacturers who strategically invest in these opportunities won’t just be protecting their assets – they’ll be positioning themselves at the forefront of Industry 4.0 while establishing new competitive moats that less security-focused competitors will struggle to overcome.
“We need to change the industry narrative by encouraging information sharing. Sharing incidents with your industry does not show a company’s weakness, but it proves your cybersecurity practice is strong. Information sharing with industry peers helps the entire industry address cybersecurity threats more efficiently and effectively.”
Yuanbo Guo CEO of Vultara
Enhanced Threat Detection
AI is transforming threat detection by proactively identifying risks before they escalate into fullscale security incidents. Predictive anomaly identification enables AI systems to establish baseline operational patterns and flag deviations, allowing manufacturers to address potential breaches before they occur. Additionally, machine learning algorithms play a crucial role in zero-day vulnerability discovery, detecting previously unknown security flaws within operational technology (OT) networks. AI-powered supply chain risk mitigation further strengthens security by continuously monitoring third-party vendor security postures and alerting manufacturers to changes in risk profiles, ensuring end-to-end protection across the supply chain.
Operational Efficiency
AI-driven cybersecurity enhances operational efficiency by streamlining security measures and resource allocation. Automated security response systems can autonomously contain threats without human intervention, reducing response times and minimizing potential damage. Smart manufacturing safeguards integrate cybersecurity protocols directly with IoT sensors and industrial control systems, ensuring real-time protection against cyber threats targeting connected manufacturing environments. Additionally, AI optimizes resource allocation by analyzing real-time threat intelligence, ensuring that cybersecurity efforts are focused on the most pressing risks, ultimately improving overall security effectiveness without unnecessary expenditure.
Competitive Advantage
Security is no longer just a protective measure— it’s a market differentiator. For manufacturers handling sensitive client data, an enhanced security posture can set them apart from competitors, reassuring customers that their information is safeguarded with the highest standards. Additionally, AI-driven regulatory compliance automation ensures that manufacturers stay ahead of
evolving security requirements. By continuously monitoring changes and adjusting security protocols in real time, AI helps companies avoid compliance risks and streamline security operations.
“Executives must acknowledge the importance of cybersecurity by showing employees they are acting on it before employees take cybersecurity seriously,” Guo said.
Cody Schaub, economic development director for U.S. Rep. Haley Stevens’ office, emphasized the importance of cybersecurity culture in preventing attacks.
“Organizations need to ensure they are fostering a culture of reporting and reviewing suspicious emails,” Schaub said. “The culture of an organization around cybersecurity can be the key to avoiding a breach.”
Innovation Acceleration
The integration of AI in security enables manufacturers to innovate without exposing their operations to undue risks. Secure digital twin implementation allows companies to create protected
“Organizations need to ensure they are fostering a culture of reporting and reviewing suspicious emails. The culture of an organization around cybersecurity can be the key to avoiding a breach.”
Cody Schaub
Economic Development Director
U.S. Rep. Haley Stevens’ Office
virtual replicas of their physical environments, facilitating risk-free experimentation and process optimization. Trusted data-sharing ecosystems further enhance collaboration by enabling manufacturers to exchange insights within a secure environment, preserving proprietary knowledge. Additionally, AI-powered security solutions protect intellectual property—such as manufacturing processes, formulas, and designs—ensuring that critical innovations remain safeguarded against cyber threats and unauthorized access.
Workforce Augmentation
AI is reshaping cybersecurity by augmenting human expertise rather than replacing it. Human-AI collaborative defense models enhance security teams by automating routine monitoring tasks, allowing human analysts to focus on strategic decision-making and incident response. Moreover, AI-driven democratized security expertise translates complex security concepts into actionable insights for non-technical staff, making cybersecurity accessible across all levels of an organization. Finally, AI-powered threat hunting capabilities empower security teams to proactively search for indicators of compromise, strengthening an organization’s ability to detect and neutralize potential cyber threats before they escalate.
Challenges
Cybersecurity was already a pain for manufacturers across America and around the world before AI. Businesses of all sizes could barely keep up with evolving strategies used by criminals to launch attacks on everything from digital to real-world organizational infrastructure. A malware, Denial-of-service (DoS), and zero-day exploit attack could easily spell its own kind of disaster in its own way, whether financially or operationally.
Now, with AI smart enough to outperform most students on bar exams, the gravity and scale of these threats are magnified. Data breaches in the industrial sector cost an average of $5.56 million in 2024, according to IBM’s Cost of a Data Breach (CODB) report . That’s significantly above the global average of $4.88 Million, which is an astounding number nonetheless. Perhaps even more concerning is the fact that experts believe it will only worsen as time goes on.
“AI can help us, but we cannot trust all AI,” Qu said. “You need to have a trustworthy AI to rely on.”
Schaub pointed to the cybersecurity talent shortage as another major hurdle. “There is a cybersecurity talent shortage,” he said. “There is a lot of potential to educate in the workplace with mentors, working with educational institutions to develop curriculum.”
“If you are in the leadership role, pay attention to the culture you create with employees you serve. Often social engineering phishing attempts are successful because they leverage an unknown culture by the bad actor of leadership consistently making ‘demands.’ So, when that strategy is leveraged, the cultural deficiencies could be exposed.”
Dwight Levens. Chief Technology and Information Officer Oakland Schools
Broadened Attack Capabilities
AI is revolutionizing cyberattacks by making them more sophisticated, adaptive, and difficult to detect. AI-powered phishing utilizes machine learning to craft hyper-personalized messages that are nearly indistinguishable from legitimate communications, increasing the success rate of social engineering attacks. Meanwhile, autonomous malware evolution enables malicious code to modify itself in real time, adapting to defense mechanisms and rendering traditional signature-based detection methods obsolete. Additionally, deepfake social engineering presents a new threat, with attackers using voice cloning technology to impersonate executives and manipulate employees into granting unauthorized access or approving fraudulent transactions.
“If you are in the leadership role, pay attention to the culture you create with employees you serve,” said Oakland Schools Chief Technology and Information Officer Dwight Levens.
“Often social engineering phishing attempts are successful because they leverage an unknown culture by the bad actor of leadership consistently making ‘demands.’ So, when that strategy is leveraged, the cultural deficiencies could be exposed.”
Expanded Attack Surface
As manufacturers embrace digital transformation, their attack surface expands significantly. Smart factory vulnerabilities arise from the widespread deployment of IoT devices, each of which serves as a potential entry point for cyber threats. Supply chain infiltration further amplifies risks, with AI-powered attacks identifying and exploiting weak links within supplier networks to gain unauthorized access. Additionally, digital twin exploitation poses a critical threat, as compromised virtual environments can manipulate production data, leading to incorrect outputs, operational disruptions, and even physical damage to manufacturing equipment.
Resource Asymmetry
Cybercriminals are leveraging AI-driven tools that were once exclusive to nation-states, creating an imbalance between attackers and defenders. Democratized attack tools mean that even smallscale criminal organizations can access advanced hacking capabilities, increasing the frequency and severity of cyber threats. At the same time, the manufacturing sector faces a defensive talent
shortage, as it competes with higher-paying industries for skilled cybersecurity professionals. Budget constraints further exacerbate the issue, particularly for small and mid-sized manufacturers that struggle to afford AI-powered security solutions while simultaneously facing increasingly sophisticated AI-driven threats.
Regulatory Uncertainty
The rapidly evolving cybersecurity landscape presents significant regulatory challenges for manufacturers. Compliance complexity arises from frequently changing regulations, making it difficult for organizations to determine and meet minimum security requirements. Cross-border data challenges add another layer of difficulty, as inconsistent international cybersecurity standards complicate global manufacturing operations. Furthermore, liability questions remain unresolved, with unclear legal frameworks regarding responsibility when AI-driven security systems make decisions that result in breaches, leaving manufacturers uncertain about potential legal and financial consequences.
Workforce
Amidst all of this pressure to get computers ready for an oncoming age of cyber risk, we’re forgetting an element that may end up defining the success of that effort. Humans, the ones who actively deploy AI and other Industry 4.0 assets in their day-to-day work, will ultimately determine the longterm viability and ROI of even the most promising cybersecurity solutions.
Below are methods that the living can deploy to be more effective in the fight against cyber threats:
Credential Programs
As cyber threats grow more sophisticated, manufacturers must invest in credential programs to develop a skilled cybersecurity workforce. Industry-recognized certifications such as Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH) help employees build expertise in threat mitigation, compliance, and risk management. These programs provide hands-on training, ensuring that security professionals can effectively detect and respond to attacks in complex industrial environments. With manufacturing increasingly targeted by cybercriminals, credentialed professionals offer a crucial line of defense against evolving threats.
Penetration Testing
Regular penetration testing is essential for identifying and addressing vulnerabilities before attackers can exploit them. Cybersecurity professionals trained in ethical hacking techniques simulate real-world attack scenarios, exposing weaknesses in operational technology (OT) networks, IoTconnected devices, and supply chain infrastructures. By integrating penetration testing into routine security practices, manufacturers can proactively strengthen their defenses and prevent costly breaches. As the demand for these skills grows, companies must ensure their cybersecurity teams have the expertise to conduct rigorous assessments and implement effective remediation strategies.
AI Familiarity
The integration of AI in cybersecurity requires professionals who understand both its defensive and offensive capabilities. AI-driven threat detection systems, automated security responses, and predictive analytics are becoming industry standards, necessitating workforce training in AI tools and methodologies. Cybersecurity teams must also be aware of AI-enhanced attack techniques, such as deepfake phishing and adaptive malware, to stay ahead of emerging threats. By fostering AI familiarity among security personnel, manufacturers can better leverage AI for protection while ensuring their workforce remains vigilant against AI-powered cyberattacks.
Reskilling Initiatives
With 39% of workers concerned about not receiving adequate training in new technologies, there’s clearly a benefit to establishing clear pathways for career evolution. Organizations should create comprehensive programs that not only train employees on new technologies but also provide a roadmap showing how their roles will evolve rather than disappear. It’s worth considering the following additional supports.
Fostering a Reporting Culture
Cross-Functional Exposure
Rotating employees through different departments to understand how cybersecurity technologies protect various aspects of operations builds broader organizational awareness and creates versatile team members who can identify potential vulnerabilities from multiple perspectives.
Encouraging employees to report potential cybersecurity threats without fear of retaliation is crucial for maintaining a strong security posture. When employees feel empowered to share concerns, organizations can proactively address vulnerabilities before they escalate into major issues. Establishing clear, anonymous reporting channels and rewarding vigilance through recognition programs can help normalize security-conscious behavior across all levels of the organization.
“Cybersecurity training is more effective when equipped with real-life stories of past breaches,” Guo said.
Schaub stressed the importance of training scalability. “We need to ensure cybersecurity training is effectively utilized and scalable for each manufacturer or organization,” he said.
“When cyber incidents occur, you want to disclose as quickly as allowable the appropriate details to the impacted stakeholders,” Levens added. “The reputational harm behind not disclosing could be catastrophic for your business.”
Closing Thoughts
Although nothing new, cyber risk doesn’t look the same in 2025 as it did in 2024.
The cybersecurity landscape will continue evolving regardless of organizational readiness. Manufacturers who prioritize workforce trust alongside technological advancement will be
best positioned to navigate the challenges ahead. Those who successfully balance technological innovation with workforce development will create resilient operations capable of withstanding increasingly sophisticated threats.
“It is important to encourage collaborative action and cultivate a cybersecurity mindset,” Qu said. “Follow the established procedures and frameworks.”
Cybersecurity Workforce Readiness and AI Integration
CDr.
Guangzhi
(Mark) Qu Professor and Chair of Computer Science and Engineering Department Oakland University
ybersecurity threats are evolving rapidly, with attackers leveraging artificial intelligence (AI) to create sophisticated threats, including AI-generated phishing attacks and deepfake-based social engineering. As digital transformation accelerates, companies—particularly small and medium-sized enterprises (SMEs) in the manufacturing and energy sectors—must adopt proactive cybersecurity strategies to safeguard their operations.
To address these challenges, our DOE-sponsored Cybersecurity Center at Oakland University, in collaboration with Automation Alley, SensCy, Grimm, and Fraunhofer, has developed a certificate program designed to enhance cybersecurity expertise. This program focuses on penetration testing, malware reverse engineering, AI-driven cybersecurity and privacy, Protection cyber-physical systems (CPS), IoT, industrial control systems (ICS), and digital twinning. By offering multi-level training with hands-on lab exercises, we aim to equip employees and engineers with the skills needed to defend against modern cyber threats while benefiting the local community and the entire industry.
Key strategies include:
1. Enhance cybersecurity workforce readiness by tailoring training programs for different industry needs.
2. Utilize AI in cybersecurity to counter AI-driven threats like phishing attacks and malware.
3. Develop effective cyber incident response and disclosure strategies that balance transparency with reputation management.
1. Cybersecurity workforce training
Challenges in workforce readiness: For Small and Medium-Sized Enterprises (SMEs), they often face budget constraints, have limited cybersecurity expertise, and don’t have dedicated IT security teams. On the other hand, Large Enterprises require scalable cybersecurity training programs to accommodate global operations, supply chain risks, and regulatory compliance.
Strategies in training: for SMEs, cost-effective and modular training are the best choices. The training focuses on basic cybersecurity practices, such as phishing recognition and provides hands-on labs with real-world cyberattack simulations relevant to Cyber Physical Systems (CPSs), IoT and energy infrastructure. Cloud-based training tools are leveraged to provide remote access to learning materials and simulations. For Large enterprises, a more comprehensive training program is needed to cover foundational awareness to advanced topics like malware reverse engineering, the training should also utilize AI techniques to drive the personalized learning based on the employees’ knowledge background. Such AI techniques include adaptive learning that evaluates individual performance and adjusts the training content dynamically. Also, generative AI methods could be adopted to generate simulated scenarios to help employees identify and respond to emerging threats. Leverage Large Language Models (LLM) to provide on-demand guidance during the simulated security incidents. It is also very importation to build collaboration for continuous learning. SMEs, large manufactures, universities, cybersecurity firms, government agencies should build partnerships to share cybersecurity best practices, and ongoing education and research insights.
2. AI-Driven Cybersecurity in combating evolving phishing and malware threats
Challenges in AI-Generated Cyber Threats: AI has become a double-edged sword in cybersecurity. While it can be leveraged for threat detection and defense, attackers are also using AI to generate highly sophisticated phishing emails, deepfake attacks, and automated malware.
Strategies to Counter AI-Driven Threats: AI gets pervasive in the security infrastructure very quickly. AI-driven email filters can help analyze phishing messages for synthetic text, sender behavior anomalies, and deepfake indicators. Natural language processing (NLP) models can help detect fraudulent emails that traditional filters might miss. AIbased anomaly detection for network traffic can identify irregular activities that could signal a cyberattack. From the training perspective, AI generative model could be deployed to generate phishing simulations which could be used to train employees to recognize and report suspicious emails. Gamified security quantification mechanism and awareness programs driven by AI can create interactive training experiences. Strengthening identity and authentication security involves implementing multi-factor authentication (MFA) and AI-enhanced biometric authentication to reduce the risk of stolen credentials. Developing voice and video verification systems can prevent deepfake-based impersonation attacks.
3. Cyber Incident Response: Balancing Transparency with Reputation Management
Challenges in Cyber Incident Disclosure: when a cyberattack is successfully mounted, there is always a risk on the reputation that if the cyber incidents are disclosed then the trust from the customers would be impacted, the company may receive more regulatory scrutiny besides the financial losses caused by the attacks. Also, if the disclosure is not mature then it may affect the forensic investigations and incident containment efforts. The security teams should be trained to be aware of the regulatory compliances.
Best Practices for Responsible Cyber Incident Disclosure: A cyber incident disclosure framework is recommended that it establishes predefined reporting protocols that categorize incidents by severity and outline disclosure timelines. Depending on if there exists a security team, internal and external communication strategies should be defined for notifying stakeholders, customers, and regulators. It is critical to reinforce the best industry regulations and practices, such as General Data Protection Regulation (GDPR), DHS Cybersecurity and Infrastructure Security Agency (CISA), and NIST guidelines.
Workforce Education on Cyber Crisis Management: Train employees on how to respond to cybersecurity incidents, including when and how to report potential breaches. Conduct tabletop exercises and cyber crisis drills to ensure teams are prepared for real-world cyberattacks. Develop an internal response playbook outlining who is responsible for incident communication and escalation. Again, AI techniques could be leveraged in incident response and public messaging through monitoring public perception following a cyber incident. AI-powering inquiring and providing real-time updates on cyber crisis. Fostering industry collaboration on cyber resilience includes sharing lessons learned from cyber incidents to improve industry-wide resilience. Cross-sector cybersecurity initiatives that promote transparency and shared threat intelligence should be encouraged. Positioning cybersecurity awareness as part of corporate social responsibility (CSR) efforts can enhance public trust.
Conclusion
As cyber threats grow more advanced, organizations in the manufacturing and energy sectors must adopt a multi-layered cybersecurity approach that combines tailored workforce training, AI-driven security solutions, and strategic cyber incident disclosure frameworks. Our DOE-sponsored cybersecurity certificate programs provide industry-aligned training in penetration testing, malware reverse engineering, AI-driven cybersecurity, protection CPS, IoT, ICS, and digital twinning. With real-world scenarios, hands-on labs, and different levels of training, these programs prepare employees and engineers to tackle the most pressing cybersecurity challenges. Through continuous research, industry collaboration, and AI-powered cybersecurity solutions, we can strengthen the local community, small and medium manufacturers, and the broader industrial ecosystem against cyber threats.
AI’s Influence
AI is driving cybersecurity threats and is becoming more sophisticated with phishing emails, cyberattacks (data breaches and ransomware), and deepfakes. Industries must be prepared to fight AI with AI through pattern and behavioral recognition software and scanning for closed and open system vulnerabilities.
Future Trends for Cybersecurity
Zero Trust Security Models
Since the COVID-19 pandemic, remote work has become commonplace, increasing the surface area for cyberattacks. Each interaction on every device must have its own security check. However, technology must make defenses seamless and perform behind the scenes.
Digital Connectivity Risks
As companies couple with each other through computer connections, the surface for cyberattacks increases. Be aware of exposing vulnerabilities. Attackers seek the weakest perimeter to break in.
Understanding the Rules
It is essential for businesses of all sizes to understand the complexities of cybersecurity compliance, protocols, procedures, and regulations. To keep systems secure, everyone has to be a responsible citizen in the business world.
Human Involvement
Humans are both the weakest link and strongest defense with cybersecurity. People must be aware of the increasing complexity of cyberattacks and be prepared to craft the next generation of defenses.
What’s Up With Quantum Computing?
Quantum Computing involves using physics, math, and computer science to increase the speed of traditional computers. It’s a complex technology that has yet to make major inroads into the manufacturing and technology industries. Despite its infancy, leaders must be aware of its potential impact on cyberattacks and defenses.
BUILDING CYBER RESILIENCY: Preparing for the Cyber Incident Before it Happens
CClaudia Rast Shareholder
ybersecurity articles and webinars are quick to advise on what to do when the cyber incident happens. While this advice is extremely helpful, my recent focus has been to advocate the steps one can take in advance of the cyber incident. This is particularly true for small and emerging companies as well as middle-market companies that don’t have the multi-million-dollar budgets to implement the security tools and hire the forensically trained IT staff to stave off the daily onslaughts from threat actors and nation states that intend to do us harm. In other words, short of implementing the typical cyber defenses that these high-end budgets can afford, what should companies do? My simple response is this: build resiliency into your everyday network and employee training, prepare for the event as if it will happen, and never assume that you’re done. This is not a one and done world, and no IT defense is perfect as long as humans are involved.
There
are
3 basic steps to building resiliency:
1. Create the Incident Response Plan (IRP)
2. Recruit the Incident Response (IR) team
3. Implement robust and comprehensive training that includes full-scale tabletop exercises
Building Resiliency
So, how does a company build that resiliency? There are three basic steps: (1) create the Incident Response Plan (IRP), (2) recruit the Incident Response (IR) team, and (3) implement robust and comprehensive training that includes fullscale tabletop exercises. In my experience, it is the rare client who appears with its IRP in hand and IR team in the wings. Most clients need immediate help and advice, and hours, if not days, can be wasted in the aftermath of a cyber incident with the client wondering if its insurance policy will cover the event, and if so, what will it cover, whether its policy requires paneled experts (and if not, where does one find those experts), what laws apply, who needs notification, and more. When properly prepared and used, IRPs are well worth the time and energy it takes to prepare them because most of these questions will be answered as the IRP is drafted. IRPs become valuable roadmaps for navigating the early chaotic hours of a cyber incident. In addition, and as noted above, IRPs are extremely useful tools during the process of their preparation, for as the initial IR team drafts the IRP, they must identify, connect with, and gain buy-in from their internal and external IR teams and familiarize themselves with the function and interconnection of the entity’s basic digital infrastructure. The IRP and IR team are critical to the entity’s successful response and recovery from a cyber incident. The real trick is to ensure that the IRP does not languish on the company server, and the internal IR team does not forget its training. The IRP should be readably available in hard copy and tucked into the laptop case or backpack of every internal IR team member, and training that includes expansive tabletop drills engaging all members of the IR team should be an annual exercise.
Retain External IR Experts
Whether your IT staff is internal or external, unless their day job involves digital forensics and cybersecurity, you should engage specialized and experienced third parties to assist with incident response, and the same goes for your legal team. Necessary decisions in the early days of the cyber incident have far-reaching legal ramifications: a cyber incident is not an event for the legal novice to gain on-the-job experience without guidance. Experts in forensics, law, and public relations are the main external partners of the IR team, and their skill and experience are invaluable. Cyber insurance policies will generally list paneled legal and forensic teams, but it is the rare insurer that will refuse qualified experts as long as they agree to the insurer’s panel rates. Once vetted and engaged, these external IR team members can conduct periodic vulnerability assessments and be active participants in your tabletop exercises with internal IR members. Contact your insurance broker to confirm pre-approval of these external IR team members.
Access FBI & CISA Resources
The Cybersecurity & Infrastructure Security Agency (CISA) is a federal agency that offers free tools and templates for incident response, such as cyber hygiene services that include vulnerability scanning and web application scanning. Check out the link here: https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools. CISA also offers a wide variety of tabletop exercise packages for download: https:// www.cisa.gov/resources-tools/services/cisa-tabletop-exercise-packages.
The FBI is another helpful partner when the cyber incident occurs. The Office of Private Sector oversees the Bureau’s effort to increase collaboration and information sharing with the private sector. Check out this link describing how the FBI works with businesses: https://www.fbi.gov/how-wecan-help-you/office-of-private-sector. Building relationships with the FBI and/or CISA agents in advance of an event allows sufficient familiarity for all to be ready, willing, and able to work together when the inevitable incident happens.
Final Thoughts
Perhaps the most important message is the realization that you are never “all set.” The measures you implement, the tools you deploy, and the training you roll out must be subjected to continuous scrutiny and updating. Everyone from the C-Suite to the storeroom must participate in—successfully—cyber scenario training. Every person in your company represents a potential pathway for threat actors to find and exploit. In sum, draft your IRP, recruit and assemble internal and external IR members, and conduct periodic tabletop exercises. These measures create the resilience needed to survive a cyber-attack. Entities that actively prepare and train for cyber incidents are those that recover faster, better, and with far less economic loss than those who do not.
Vultara Supports Auto Industry Cyber Resilience
Cybersecurity threats to vehicles have been around since the first car with cloud-based features, such as real-time navigation and remote diagnostics, rolled off the assembly line and onto the street.
For more than a decade, vehicles have become mobile computers, and with each new feature added internally and external devices connected, the surface for cyberattacks has become greater. While innovations in technology and features have advanced exponentially, cybersecurity has lagged - until recently.
Yuanbo Guo, CEO of Vultara, described the automotive cybersecurity world as “chaotic” but it has improved. He said manufacturers focused more on protecting the factories and less about the vehicles. “Five years ago, it was easy to hack a car,” he explained. “Now, it’s more protected.”
Guo recognized the deficiencies in protection and founded Vultara, a Troy, Michigan-based cybersecurity firm specializing in the automotive field. Their products and services are not used in vehicles but strengthen a company’s cyberdefenses within the manufacturing facility with the mission to “secure the connected world by promoting the secure-by-design principle for cybersecurity in cross-functional product engineering teams. Risks should guide design decisions for products that transform our lives so that our physical world will not be threatened.”
Vultara helps automakers maintain effective cybersecurity through its software and consulting services designed to help navigate the myriad of technical hurdles and knowledge shortfalls. The company works within the factories, ensuring the processes of building vehicles are followed. Its software is a tool to help accomplish that objective.
“They already have requirements and regulations, but the problem at the site is that no one understands them,” Guo said. “We help them follow those mandates.”
One such regulation is UNECE WP29 R155, which stipulates the requirements for cybersecurity and cybersecurity management systems. The goal is to promote cooperation and sustainable development and create common terminology. The United States is not required to follow the regulations, but they are mandatory for all new vehicles produced and sold in the European Union.
Another set of guidelines is found in ISO/SAE 21434, which was developed by the International Organization for Standardization and SAE International. The standards are not required but offer a framework of best practices and processes for the automotive industry. Guo helped create the standards outlined in ISO/SAE 21434.
Cyberattacks encompass phishing scams, ransomware, malware, software piracy, and bruteforce attacks, in which hackers continuously try different usernames, passwords, or encryptions to gain access to a system.
The ways a company is under cyber threats can be intimidating, but the key, Guo said, is to deal with the “more feasible” or “easier to do” cyberattacks by looking at “the entire spectrum of cybersecurity threats and identifying the low-hanging fruit. Once a manufacturer can handle those, it’s a big start.” Vulatara’s protection of the production system includes:
• Security key handling - Generate symmetric or asymmetric secret keys, derive security keys according to your customer’s specifications, store keys in your production site securely, and inject keys securely into your electronics product.
• Certificate handling - Generate certificates, extract certificate signing requests, or register certificates according to your customer’s specifications.
• Secure communications - Build security channels with your products, with other servers, or throughout your supply chain. Establish your own global secure manufacturing system.
Vehicle vulnerabilities
Vehicle cybersecurity has advanced greatly during the past five years, but automakers and owners must remain vigilant to prevent attacks. Surface areas that are vulnerable include:
Wireless Attacks: CAN Bus Exploits, Bluetooth & Wi-Fi Exploits, Cellular & Telematics Attacks
Key Fob & RF Attacks: Relay attacks (signal boosting to steal fob’s signal); Rolling Code Attacks (intercepting older codes)
Malware & Software Exploits: OTA (Over-the-Air) Update Exploits, Compromised Mobile Apps
Physical Access Attacks: OBD-II Port Hacking, USB Exploits
Sensor Spoofing: GPS Spoofing, LiDAR & Camera Manipulation
“AI has two edges. It can help the bad guys, but it can help the defenders in so many applications.
“
The company offers consulting services that assess threat levels and examine process development, gap analysis, TARA services, cybersecurity design, culture and training, and requirements.
AI’s increasing use in cybercrimes has not gone unnoticed by Vultara. “AI has two edges,” Guo explained. “It can help the bad guys, but it can help the defenders in so many applications. AI filters online traffic between a car and the OEM (Original Equipment Manufacturer), and it can see what’s malicious.”
He said researching the likelihood of attacks requires a great deal of time, but AI reduces the labor needed to assess risks and predict the feasibility of an attack. Vulture currently uses AI in its cyber defense and plans to increase its use. AI can aid hackers in stealing cars, turning back the mileage on odometers, and unlocking features that automakers charge the consumer, costing the industry money.
“At the end of the day,” Guo said, “each car and each device has secrets. The goal is to protect those secrets and the interactions between the devices.”
Based in Troy, Michigan, Vultara is a company at the cutting edge of automotive cybersecurity. Founded by a team of seasoned automotive engineers and cybersecurity experts, we specialize in providing a comprehensive SaaS Cyber Security Management System (CSMS). Their solutions cover every phase of cybersecurity engineering, from concept design to manufacturing and post-production monitoring. Vultara is dedicated to safeguarding the future of transportation through innovation and expertise.
Their mission is to secure the connected world by promoting the secure-by-design principle for cybersecurity in cross-functional product engineering teams. Risks should guide design decisions for products that transform our lives so that our physical world will not be threatened.
Cybersecurity Key Takeaways
Cybersecurity and AI Integration – AI-driven security solutions offer manufacturers opportunities to enhance threat detection, automate responses, and mitigate supply chain risks, positioning them ahead in Industry 4.0.
Evolving Cyber Threats
–
Cyberattacks are becoming more sophisticated, with AI-powered phishing, malware evolution, and deepfake social engineering increasing the risks for manufacturers.
Human Error & Financial Risks
– The latest Verizon DBIR report highlights that 68% of breaches stem from human mistakes, while ransomware and extortion remain dominant, with a median loss of $46,000 per breach.
Regulatory & Compliance Challenges
– Rapidly changing cybersecurity regulations, cross-border data concerns, and unclear liability laws make compliance a growing challenge for manufacturers worldwide.
Expanded Attack
Workforce
Development is Key – Investing in credential programs, AI training, and reskilling initiatives ensures that human expertise evolves alongside cybersecurity advancements.
Surface –Increased digitalization in smart factories, IoT adoption, and digital twins create new vulnerabilities that cybercriminals can exploit.
Competitive Advantage through Security – Strong cybersecurity measures are not just defensive but serve as a market differentiator, building customer trust and ensuring long-term resilience.
Michigan Resources
Cybersecurity Center at Oakland University - Automation Alley, in partnership with the U.S. Department of Energy, SensCy, Oakland University, Fraunhofer, and Grimm, has launched the Cybersecurity Center at Oakland University to enhance Michigan’s cyber resilience. The center focuses on reducing energy sector disruptions through R&D, education, and collaboration while offering workforce training, business support, and free cybersecurity evaluations for manufacturers.
The Michigan Small Business Development Center - This center offers information about cybersecurity training, finding support, and links to the latest blogs. The organization has an email newsletter.
The Small Business Association of Michigan (SBAM) - SBAM provides legal resources, including cyber liability insurance coverage information.
The Michigan Economic Development Corporation (MEDC) - The MEDC provides technology grants to statewide businesses, including for cybersecurity upgrades as well as other Industry 4.0 technology.
University of Michigan Economic Growth Institute - The Michigan Defense Resiliency Program (MDRP), administered by the U of M Economic Growth Institute, assists Michigan-based defense suppliers with fewer than 500 employees and at least 10% of revenue from Department of Defense contracts in the past five years by providing support for DFARS 252.204-7012 compliance and succession planning for anticipated transitions within the next decade.
National Resources
The United States Small Business Administration (SBA) – The SBA provides information about cybersecurity threats and tools to assess business risks.
The Cybersecurity and Infrastructure Security Agency (CISA) – CISA offers free cybersecurity resources and outlines the roles of company members in cyber protection.
Cybersecurity Guide – This online portal provides access to cybersecurity training, degree programs, and certifications.
The Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA) – These agencies provide information on cybersecurity grants and funding opportunities.
FBI Cybercrime – The FBI Cybercrime division offers a platform for reporting cyberattacks and launching investigations to identify culprits.
The NIST Cybersecurity Framework – NIST provides a structured approach for businesses to implement cybersecurity measures and reduce cyber risks.
ABOUT:
Automation Alley is a nonprofit technology business association and Digital Transformation Insight Center focused on driving the growth and success of businesses in Michigan and beyond through innovation and automation. With a global outlook and a regional focus, we foster a vibrant community of manufacturing and technology innovators, entrepreneurs, and business leaders through opportunities for collaboration and learning. Our programs and services help businesses develop the skills and expertise needed to effectively jumpstart or accelerate digital transformation. By bringing together industry, academia, and government, we aim to create a dynamic ecosystem that drives innovation and growth across Michigan.
MISSION: VISION:
At Automation Alley, our mission is to help businesses thrive in the rapidly changing digital economy. We equip them with the knowledge, insights, and tools to develop a software-first mindset that leverages the power of automation, AI, and other cognitive technologies. We believe that by working together, we can build a stronger, more innovative, and more competitive economy for the future.
Wealth, prosperity and equality through technology.
To
SOURCE LIST
Verizon - Data Breach Investigations Report 2024 https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf
IBM - Cost of a Data Breach Report 2024 https://www.ibm.com/reports/data-breach
Forbes - Which Jobs Will AI Replace? These 4 Industries Will Be Heavily Impacted https://www.forbes.com/sites/ariannajohnson/2023/03/30/ which-jobs-will-ai-replace-these-4-industries-will-be-heavilyimpacted/
CISA - Cybersecurity Services and Tools https://www.cisa.gov/resources-tools/resources/free-cybersecurity-services-and-tools
FBI - How the FBI Works with Businesses https://www.fbi.gov/how-we-can-help-you/office-of-private-sector
World Economic Forum - The Cybersecurity Industry has an Urgent Talent Shortage https://www.weforum.org/stories/2024/04/cybersecurity-industry-talent-shortage-new-report/
Publication Credits
Editorial: Nicole Kampe, Dennis Burck and Joseph Gray
Graphic Design: Laura Gearhart
Photography: Sean Healey and Corey Sims
This content is based upon work supported by the Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response (CESER) under Award Number(s) DE-CR0000023.
This content was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.
Made possible in part through ongoing support from the Thank
