Cybersecurity in Factory Automation: Why Software Vendors and Manufacturers Must Act Together

In this blogpost:

The Regulatory Framework: Security Gains Structure

The Technical Reality: Old Systems, New Threats

Security as a Process: From Design to Daily Operations

Security from a Developer’s Perspective at Kontron AIS

Shared Responsibility as a Future Model

Modern production environments tightly interconnect IT and OT. Machines, sensors, and software communicate in real time, data streams control entire production lines, and an unplanned downtime can result in significant costs within minutes.

For many years, availability and performance were the highest priorities. Today, another critical factor is gaining importance: the security of the systems themselves. Cyberattacks on industrial facilities are no longer theoretical risks but daily reality. According to IBM, the average cost of a data breach in Germany has decreased, yet still amounts to 3.87 million euros.¹

Cybersecurity is no longer an IT-only topic. It affects the entire industrial value chain, from line control to software development in equipment manufacturing. And it requires something that often falls short in practice: close, trusted collaboration between vendors and manufacturers.

European legislation is tightening significantly. With NIS-2 (Network and Information Security Directive) and the Cyber Resilience Act (CRA), clear requirements for software vendors, integrators, and manufacturers are defined for the first time. Their goal is to address security gaps before they reach the field by building protection into the development process.

The DIN EN IEC 62443 standard provides an additional framework for industrial automation and control systems. It describes how these systems can be systematically secured – from risk analysis to IT and software architecture to long-term maintenance.

All regulations share the same message: security is not an add-on, but an end-to-end concept. Anyone who develops software or machines must consider cybersecurity from the beginning. Anyone who operates them must actively implement it.

Many production environments run a mix of new and legacy software. Legacy systems often form the backbone of manufacturing – robust and familiar, but difficult to maintain. Their isolated design may seem secure at first, yet once integrated into connected production, risks increase. As soon as data flows across networks, cloud interfaces, or remote access, new attack vectors emerge. An attack vector is a way or method that an attacker can use to penetrate a system or network.

Custom-developed applications are also common. While they deliver tailored functionality, they are often poorly documented, difficult to maintain, and rarely assessed from a security perspective. Missing patch processes or outdated frameworks can create significant security vulnerabilities.

A persistent misconception is prioritizing availability over security. A system that remains unpatched out of fear of downtime jeopardizes long-term production safety. As the saying goes: security costs far less than a successful attack.

Manufacturers are responsible for the secure operation of their systems. This includes organizational, technical, and personnel measures – from regular updates and patches to network segmentation and disaster recovery strategies. Continuous risk assessment becomes especially important when new software or equipment is integrated.

It is equally important to raise awareness among employees, since human error remains one of the most common causes of security incidents. Training and clear processes form a solid foundation against potential threats.

We consider cybersecurity a fundamental part of our product development for factory automation software. Whether FabEagle®LC, FabEagle®MES, or FabEagle®Connect – each software product follows clearly defined security processes that begin in the development phase.

Source code is stored in a protected TFS repository to prevent tampering. Development follows an agile Scrum process with defined roles and regular reviews, ensuring security through structured quality checks. A Software Bill of Materials (SBOM) provides full transparency about libraries and external components, while dependency tracking highlights new vulnerabilities.

Automated build pipelines with unit tests ensure that releases are reproducible and secure. Automated tests and a four-eyes principle for code reviews catch errors early. Additionally, code quality is continuously monitored with SonarQube, a platform for static code analysis and technical quality assessment.

The focus of all activities is on both technical security and the reliability of the software during operation. Security features should support users, not hinder them.

Close collaboration with customers plays a vital role in improving data security. Practical feedback directly influences product enhancements, resulting in security mechanisms that are not theoretical but aligned with real-world operations – from secure authentication to robust update processes in brownfield environments.

Cybersecurity is not a static condition but an ongoing process. Vendors, integrators, and manufacturers must actively share information, insights, and risks. Only by working together across the entire supply chain can the industry achieve a resilient security level.

We see regulatory requirements such as NIS-2 and the CRA not as a burden, but as an opportunity to strengthen processes and software products and make them more resilient in the long term. Industrial data security neither begins nor ends in the data center or the production floor – it emerges wherever software development, equipment manufacturing, and operational safety align. Only when vendors and manufacturers share responsibility can technical security evolve into operational stability.