Cyber security in smart factories: Is zero trust the answer?

Posted on 24 Oct 2022 by The Manufacturer
Partner Content

Smart factories lead to improved productivity and performance in manufacturing. Key Performance Indicators (KPI) such as factory output, utilisation and labour productivity can increase by 12%. Beyond manufacturing focused KPIs, wider benefits can include the creation of a hyperconnected supply chain, called a digital supply network. However, this increases the risk to cyber. In this article we not only explore challenges but also the potential solutions. 

Smart factory and new commercial models

A smart factory is a physical and virtual space where Industry 4.0 technologies optimise operational performance across the digital enterprise. They are key components within a digital supply network and sit within a hyperconnected ecosystem to allow rapid access to systems and the movement of technical, performance, operational and commercial data inside and outside the organisation. This improves visibility, productivity and safety. Hyperconnectivity creates the digital thread through the core parts of the business, giving the real time view of the product lifecycle.

The smart factory then becomes part of the wider digital supply chain that many companies are using to develop Anything-as-a-Service (XaaS) business models to deliver annuity based, usage-driven revenue for the manufacturer, and reduced capital costs for the consumer. This is enabled by real time product monitoring, product usage and rapid improvements and updates, leading to data-rich, intelligence driven organisations.

Implications of hyperconnectivity

To harness the business benefits and opportunities presented by these technological developments, the cyber risks need to be better understood as many organisations are moving to a hyperconnected business without understanding the real risk to themselves and others. This is particularly important given that manufacturing replaced financial services as the top cyber-attacked industry in 2021.

Hyperconnectivity increases the blast radius of an attack, which means that a cyber incident at the manufacturer is not an isolated event. Compromising one area could impact the entire organisation, and consequently all of its business partners. Many incidents we have responded to have either been caused by or impacted other organisations in the supply chain. This can be detrimental for organisations with highly stringent quality assurance standards as their products risk being rendered completely unsellable.

What is the approach?

There is no ‘silver bullet’, but a ‘zero-trust’ security model and building incident response capabilities are a great start.

Controlling the blast radius with strong prevention, detection and response capabilities reduces the negative impacts of hyperconnectivity and minimises the level of recovery required. Rapid recovery capabilities are also essential to limiting disruptions and getting operations back to the levels required for a viable business. These four fundamental capabilities should be practised and carried out in a quantifiable manner with known costs and timeframes.

Smart factories and digital supply networks need an approach that breaks down the perceptions of traditional ‘business-disabling’ cyber and brings them closer something that is aligned with the principles of the digital supply chain. Deloitte believes that the zero-trust security model could have significant potential, the core principle of which is ‘never trust, always verify’. The zero-trust model moves away from the traditional ‘perimeter-based’ concept that constrains business freedom, to one where trust is created between individual resources and customers.

The zero-trust strategy is therefore uniquely placed to provide agility and scalability while minimising the costs and complexity of cyber management. This is important when moving to a borderless model where traditional technology boundaries no longer exist. It allows data to move freely as it interacts with the business across the digital thread. Accomplishing free movement of data is the prerequisite to realising a smart factory and its digital supply chain.


Smart factory initiatives are becoming more prevalent. Make sure that you manage the risk from the start, integrate security into the design, and do it in a way that enables your smart factory and digital supply network journey. Understanding supply chain vulnerabilities and implementing solutions to mitigate them is key.

Will you be at Digital Manufacturing Week 2022?

Visit Deloitte at stand F37 or join our session in the Leadership & Strategy solutions theatre at the Smart Factory Expo to discuss maximising security across the connected supply chain.

To attend Smart Factory Expo from 16-17 November at this year’s Digital Manufacturing Week, head over to com/expo and book your ticket. Admission is free for manufacturers. Solution providers, schools, institutions and press representatives are advised to contact us to find out how they can get involved.


*Tickets are for manufacturers only.

rob hayes, deloitteRob Hayes is a director at Deloitte. He has an international engineering and consulting background with over 20 years’ experience in operational technology cyber security and digital transformation. He helps large industrial organisations deliver significant benefits to core operations through business driven technology and cyber security for industrial control systems (ICS) and SCADA and where operational technology (OT) converges with IIT (Internet of Industrial Things).​

His industrial clients are from the manufacturing, maritime, oil and gas, utilities, nuclear, transport and engineering sectors.​