Critical Manufacturing is now the most frequently attacked U.S. critical infrastructure sector, surpassing energy, financial services, and transportation.
According to the Cybersecurity and Infrastructure Security Agency (CISA), manufacturing plays a foundational role in national defense by supplying metals, machinery, electronic systems, and advanced materials essential to modern weapons platforms and critical industrial supply chains1.
The Attack Architecture: Persistent, Strategic, and State-Aligned and Devastating
Cyber intrusions in this sector frequently target operational technology (OT) and industrial control systems (ICS) — the technologies that directly govern physical and industrial processes. While information technology (IT) focuses on data, OT governs the production environment. Any disruption can lead to halted operations, equipment damage, quality failures, and missed delivery schedules, all of which carry direct national security implications2.
Historically, ICS and SCADA environments depended on physical isolation and proprietary interfaces. Today, these systems are deeply integrated with IT networks, cloud analytics, remote access services, and interconnected supply-chain partners. This IT–OT convergence has exponentially expanded the attack surface2.
State-aligned cyber actors from China, Russia, Iran, and North Korea are increasingly targeting American and allied industrial systems using zero-day exploits, network infiltration, and software supply-chain compromises3. These operations are not opportunistic; they represent long-term, strategic investments in asymmetric warfare designed to erode industrial capability over time3.
A 2024 analytical threat summary described these intrusions as “latent acts of industrial sabotage calibrated to coincide with military escalation,” emphasizing that adversaries maintain persistent access for potential use during geopolitical crises3.
The strategic effect is clear: compromising even a single node within the vast defense supply chain offers opportunities for insight or disruption across multiple U.S. military programs concurrently2.
Industrial control systems heighten the threat of systemic attacks.
Traditionally people think of cyber risk as an adversary attacking an entity, such as a bank or retail operation, to steal data which can be resold or held for ransom. The victim entity must either replace the data or pay a ransom to get their property back. However, the interconnected nature of modern manufacturing means that even a single supplier disruption can cascade through multiple tiers of the defense industrial base, affecting mission-critical programs.
One of the clearest demonstrations occurred is the EKANS/SNAKE ransomware disruption of Honda’s global production which caused multiple plants to halt operations (Honda Motor Co., 2020). EKANS included functions tailored to ICS environments, indicating that adversaries are intentionally engineering malware to target industrial control systems4.
Similarly, the Norsk Hydro’s LockerGoga attack forced weeks of manual operations across its global aluminum production network, illustrating how industrial ransomware can degrade essential physical manufacturing systems in the defense supply chain5.
In still another instance, Boeing’s parts distribution network suffered a LockBit ransomware incident, disrupting key aerospace logistics and supply operations—a direct reminder that even incidents in adjacent commercial aerospace supply chains can ripple through defense-critical manufacturing ecosystems 2,6.
Operational Technology Neglect: A Strategic Blind Spot
OT systems have received far less attention and investment than IT systems, despite adversaries increasingly targeting physical processes. Many OT environments lack modern segmentation, authentication controls, and real-time monitoring capabilities1.
Independent assessments documented over 1,600 industrial ransomware incidents in 2024, with manufacturing bearing the brunt of operational losses2. Analysts consistently note that compliance frameworks emphasize data confidentiality (an IT priority) rather than availability, safety, and continuity (OT priorities).
It’s important to recognize that this is an entirely different form of cyber-attack which implies a far wider impact on victims who may have no direct capability related to being attacked. Moreover, the trans-sectoral nature of these threats requires its own properly calibrated regulatory model attuned to the unique economics of the OT, as opposed to the IT systems.
Public Policy Needs to be Updated to Account for Modern Cyber Threats
As public policy evolves to address this unique and multi-sectoral aspect of the modern cyber threat, it is important not to attempt to simply cram “square” OT policy into the existing round holes in IT policy. The redundancies and lack of adequate cost-benefit measures that characterize and undermine effective federal IT security laws need to be eliminated when addressing OT.
For example, arguably the most successful piece of cybersecurity legislation ever enacted was the Cybersecurity Information Sharing Act of 2015, which relied on providing market incentives, as opposed to regulation, to promote effective best practices, specifically broadened information sharing between industry and government. Unfortunately, this Act expired earlier this year, although there are bipartisan efforts to have it reauthorized. However, the 2015 statute was drafted before widespread IT–OT integration and does not adequately address systemic risk in industrial environments7. The Act needs to not only be reauthorized but also modernized to address issues such as systemic cyber risk. Given the centrality of OT systems to the minutiae of our core defense systems, the National Defense Authorization Act is the logical place for this updating to take place.
Conclusion
The evidence is overwhelming: the defense industrial base has evolved into a contested battlespace. Adversaries are not aiming to destroy U.S. industrial capacity outright, but to impose steady attrition and unpredictability. Persistent cyber campaigns targeting OT systems threaten to slow the pace of U.S. military capability, disrupt supply continuity, and erode deterrence.
A nation that cannot guarantee the continuity of manufacturing output cannot guarantee the readiness of its armed forces.
Endnotes
- Cybersecurity and Infrastructure Security Agency. (2024). Critical manufacturing sector landscape. U.S. Department of Homeland Security. https://www.cisa.gov.
- (2024). Industrial cyber risk report: Supply-chain vulnerabilities in manufacturing. PwC. https://www.pwc.com.
- (2024). Analysis of state-aligned threats targeting industrial systems. https://industrialcyber.co.
- Dragos Inc. (2020, June 10). EKANS ransomware and ICS operations. https://www.dragos.com/blog/industry-news/ekans-ransomware-and-ics-operations/.
- Temet & Associates. (2020). Threat analysis of the ransomware EKANS: How Honda had to stop production. https://www.temet.ch/en/publications/bedrohungsanalyse-der-ransomware-ekans-wie-honda-seine-produktion-einstellen-musste/.
- (2023). Boeing confirms LockBit ransomware incident impacting parts distribution. https://www.reuters.com.
- Internet Security Alliance. (2024). Cyber risk economics and systemic risk analysis whitepaper. Internet Security Alliance.
- Honda Motor Co. (2020, June 9). Honda halts output at some plants after cyber-attack. Assembly Magazine. https://www.assemblymag.com/articles/95733-honda-halts-output-at-some-plants-after-cyber-attack.
- National Audit Office. (2017, October 24). Investigation: WannaCry cyber-attack and the NHS (HC 414). https://www.nao.org.uk/wp-content/uploads/2017/10/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf.
- United Kingdom Parliament, House of Commons, Committee of Public Accounts. (2018, April 18). Cyber-attack on the NHS: Thirty-Second Report of Session 2017–19 (HC 787). https://publications.parliament.uk/pa/cm201719/cmselect/cmpubacc/787/787.pdf.
