Maintenance Matters Focus on: Smart Maintenance 12 | Plant & Works Engineering www.pwemag.co.uk October/November 2025 The manufacturing sector is entering a new era of digital transformation, one where automation, robotics, and datadriven production processes are deeply embedded in everyday operations. This transformation has created extraordinary opportunities for efficiency and growth. It has also exposed manufacturing environments to a surge of new cybersecurity risks. Increasingly, cybercriminals are targeting operational technology (OT) and exploiting vulnerabilities in interconnected supply chains. Ransomware, in particular, has emerged as one of the most disruptive threats, capable of halting production lines and, supply networks, while inflicting lasting reputational damage. As factories embrace digital maintenance and data-driven operations, security is becoming a core part of reliability. In response, policymakers are introducing tougher cybersecurity regulations. In the United Kingdom, the Cyber Security and Resilience Bill will strengthen existing frameworks and expand the scope of security obligations for organisations. Meanwhile, in the European Union, the NIS2 Directive, which came into effect in October 2024, significantly raises the bar for compliance across critical sectors, including manufacturing. Together, these regulations mark a turning point in how governments expect industry to defend itself against escalating cyber threats. The UK Cyber Security & Resilience Bill The UK Cyber Security and Resilience Bill represents the next step in the country’s strategy to strengthen its national cyber defences. Building on the earlier Network and Information Systems (NIS) Regulations 2018, the new Bill will modernise requirements in several ways. First, the Bill expands the scope of sectors and organisations that fall under its remit. Advanced manufacturing and critical suppliers of components or services are now considered part of the UK’s critical national infrastructure. This reflects the government’s recognition that a single disruption in the manufacturing supply chain can ripple across the economy. Second, the Bill emphasises resilience as much as protection. Organisations will be expected to show not only that they can prevent attacks, but also that they have effective continuity measures in place to recover from them. This shift acknowledges the reality that cyber incidents are inevitable, and what matters is how quickly and effectively a business can respond. Finally, the Bill gives regulators stronger supervisory powers. Authorities will be able to carry out audits, request compliance evidence, and impose stricter penalties for organizations that fail to meet requirements. For manufacturers, this means increased scrutiny of both IT and OT environments, along with supply chain practices. Operational Technology under the microscope One of the most important aspects of the UK Bill is its focus on operational technology. In many factories, production equipment is still controlled by legacy systems that were not originally designed with cybersecurity in mind. These systems often cannot be patched easily and may be exposed through remote access or poorly segmented networks. For maintenance teams, securing these systems is essential to ensuring continuous, predictable performance. The Bill requires manufacturers to adopt a risk-based approach to OT security. This includes conducting regular risk assessments, monitoring for threats, and ensuring that incident response plans are tailored to production environments. For example, if a ransomware attack locks up control systems, organisations must be able to isolate affected areas quickly, switch to backups, and restore production without compromising safety. The EU’s NIS2 Directive The European Union’s NIS2 Directive goes further still, creating one of the most comprehensive cybersecurity frameworks in the world. Effective from October 2024, NIS2 applies to both “essential” and “important” entities, with manufacturing explicitly listed as a critical sector. Sub-sectors range from electronics and automotive to chemicals and machinery production, meaning that most medium and large manufacturers in the EU will fall within scope. Smart maintenance starts with cybersecurity Smart maintenance depends on connected systems, automation, and remote access but these same technologies also increase exposure to cyber threats. With the UK’s Cyber Security and Resilience Bill and the EU’s NIS2 Directive setting higher expectations, manufacturers must embed cybersecurity into every layer of maintenance to protect uptime and resilience. Maria Else, Senior Global Product Manager Industrial Network & Cybersecurity at Rockwell Automation explains further.
RkJQdWJsaXNoZXIy MjQ0NzM=