A robot dog on a car production line

Connected factories are productive factories. Data from drives, relays and sensors helps you save energy, prevent downtime, and react fast. These same networks that help keep your systems running can, however, expose your equipment to cyber security risks. This isn't about scaremongering, this is about making sure your comms are tidy, your devices are up to date, and your people know the basics.

Why this matters now

In late August 2025, Jaguar Land Rover was hit by a cyber attack that forced a production pause while systems were restored. A phased restart only began in early October, with knock-on effects across suppliers and dealerships. This is a reminder that - with the growing interconnectivity of Industry 4.0 - cyber threats can reach beyond the digital and into the physical. From IT to OT.

Industrial revolutions through history: 1st = mechanisation, water and steam power. 2nd = Mass Production, electricity. 3rd = Computer and automation. 4th = Cyber Physical Systems.

Legislation and standards to know

Because of this increased threat level, Cyber security standards are changing across the globe. This means it's important to make sure your systems are up to code for your site's location.

Upcoming UK Legislation

Cyber Security and Resilience Bill. The government has trailed new measures to lift baseline security and resilience across essential services and the wider economy. Details are still being shaped, but the intent is clear: raise the bar and tighten incident reporting and oversight.

Product Security and Telecommunications Infrastructure regime. Since 29 April 2024, consumer connectable products must meet security requirements such as no default passwords, clear vulnerability handling and minimum update policies. While aimed at consumer devices, it sets a baseline for industrial standards and compliance.

EU standards

EU Cyber Resilience Act. Adopted by the European Parliament in 2024, with phased obligations coming into force over the next few years for cyber security in “products with digital elements”. UK makers selling into the EU should track it.

Other key standards and laws

  • ISA / IEC 62443 – the global reference for industrial cybersecurity, newly updated in 2024/2025 to emphasise risk governance, supply chain security and microsegmentation
  • NIS2 / UK NIS – mandates for operators of essential services and critical infrastructure, binding incident reporting, governance and accountability
  • EU Cyber Solidarity Act – boosts Europe’s joint cyber response and resilience mechanisms
  • DORA – increasing ICT service resilience obligations that may cascade into industrial control supply chains
  • Emerging laws in other jurisdictions:
    • Hong Kong (to take effect in 2026) passed a law requiring operators of critical infrastructure to conduct annual risk assessments, audits every two years, and report serious cyber security incidents within two hours.
    • Japan has enacted an “Active Cyber Defence Law", increasing government powers to track and neutralise certain external threats and requiring critical infrastructure operators to report breaches.
    • The United Nations Convention against Cybercrime (which was adopted in December 2024) aims at harmonising cybercrime laws and improving cross-border cooperation. While not specific to industrial control systems, it shifts the backdrop of legal enforcement in many countries.
Cyber Security at LED Controls

Types of industrial cyber attack

Cyber attacks on industrial systems come in many forms, and they are not always dramatic. Some are quiet and opportunistic, others are highly targeted. Understanding the main types helps you spot weak points before someone else does.

  • Phishing and credential theft
    Also known as Social Engineering Scams - this is still the most common way in. Attackers trick users into revealing passwords or installing remote-access tools through fake emails or websites. Once inside, they move laterally into operational technology (OT) networks.
  • Ransomware
    Malware (literally "bad computer program") that encrypts data or locks devices until a payment is made, holding your computer system and everything on it to ransom. In industry, this can halt production lines for indeterminate amounts of time. Even if backups exist, restoring complex systems takes time and money, and some victims find that the quickest way out is to pay the ransom which can mean a huge financial hit of its own.
  • Network intrusion and unauthorised access
    If OT networks are flat or poorly segmented, attackers can reach PLCs, drives and relays through shared connections. They might change setpoints, disable alarms, or simply gather information for a later strike.
  • Supply chain compromise
    Sometimes the weakness is upstream. A trusted vendor’s software update, support connection or shared cloud platform can be hijacked to introduce malicious code into otherwise secure systems.
  • Denial-of-service (DoS)
    Flooding a network or device with traffic can make it unresponsive. While more common in IT, DoS attacks can also overload controllers or gateways, causing downtime and safety risks.
  • Insider misuse
    Not all threats come from outside. A disgruntled or careless employee with access to engineering tools can unintentionally (or deliberately) alter settings or leak credentials.
Robot Arm in a factory

Where industrial equipment can be vulnerable

Common cyber security weak spots we see in the field include:

  • Flat networks. Everything is on one VLAN or subnet, so if an attacker gains access to one network node, they can reach them all.
  • Legacy protocols. Classic protocols like Modbus TCP do not include encryption or authentication, so are more vulnerable to attack.
  • Default credentials and shared logins. Quick to set up, easy to abuse.
  • Unpatched firmware. Security fixes exist, but upgrades get postponed or ignored, leaving systems vulnerable as malware and attackers level up but your systems do not.
  • Remote access tunnels. Handy for support, risky if left always-on without multi-factor checks.
  • Supply chain exposure. A partner’s breach can impact your own operations, as large incidents have shown.

What is the real-world impact of an Industrial Cyber Attack?

  • Safety risk. Loss of control of your machines can create unexpected hazards for your workforce and your customers. An unexpected switch-off could hurt an operator, but an altered recipe on an automated food production line could allow allergens into meals or make food unsafe.
  • Quality drift. If an attacker changes a drive’s speed command or sensor reading, for instance, the process may produce parts or batches that don’t meet specification. The system will continue running, which would make the attack hard to spot, and can lead to wasted materials or warranty issues.
  • Downtime and cost. A serious breach can force a full shutdown while systems are cleaned and restored. As recent factory incidents show, recovery can take weeks, delaying deliveries and affecting everyone in the supply chain.
  • Reputation and compliance. Beyond the technical fix, companies now face stricter rules on reporting and disclosure. Both the UK and EU are tightening requirements, meaning that a poorly handled incident can also damage trust and invite penalties.

Read more about Industrial Cyber Attacks here.

Cyber Security in factory work.

Sensible protections that won't slow you down

Secure your networks

Strong network design is the backbone of industrial cyber security. The goal is to keep operational systems talking only to what they need, while keeping the rest of the world out.

  • Segment OT from IT.
    Separate your production network from office systems and the wider internet. Drives, relays and PLCs should live on their own VLANs or security zones, with only ports and protocols they genuinely require. This means, even if something does get in, they don't have the run of the place immediately. Like why medieval castles were built in concentric circles.
  • Use an allow-list.
    Rather than trying to block every possible risk, define exactly what traffic should be allowed and drop everything else. Industrial firewalls or managed switches can enforce this, ensuring that only approved devices and command paths are active.
  • Plan for remote access.
    Remote support is often essential, but it needs to be controlled. Use secure VPNs, multi-factor authentication, and detailed user permissions. Record sessions when possible, and keep access time-limited so that remote connections close automatically when the job is done.
  • Keep visibility high.
    Monitor network traffic and logs so that unusual activity stands out quickly. A good view of normal operations makes it much easier to spot when something is off.

Learn more about OT Network Security here.

Danfoss iC7 drive - securing the future

Harden your devices

Once you've secured your network, you're going to want to check on your devices themselves. Modern drives, PLCs and relays are powerful but can also be entry points for a cyber attack if not configured with care.

  • Change default logins.
    Default, factory-set usernames and passwords are widely known and often published online. Replace them during commissioning, and give each device its own unique credentials. This stops attackers from moving easily between systems.
  • Disable unused services.
    Many devices ship with extra features or open ports that you might never use. Turning off unused web interfaces, telnet, or diagnostic tools reduces your attack surface and helps your drives run leaner and safer.
  • Keep firmware up to date.
    Manufacturers release updates for good reasons: they fix bugs, improve stability and patch security gaps. Schedule regular maintenance windows to apply updates and keep everything consistent across your site.
  • Use signed firmware only.
    Where possible, choose hardware that supports cryptographically signed firmware. This ensures that only genuine, verified code can run on the device, protecting against tampering and counterfeit software.
  • Limit configuration access.
    Not everyone needs full engineering rights. Assign access based on role, so operators can monitor status without changing control parameters. This reduces both accidents and insider risks.
  • Keep backups offline.
    Store copies of clean firmware and configuration files in a secure, disconnected location. If a device is ever compromised, you can restore it quickly without relying on the infected network.
Cyber security for the planet

Protect the process

Even with secure networks and hardened devices, things can still go wrong. Protecting the process means building resilience into the way your system behaves, so that faults or attacks don’t turn into hazards or long shutdowns.

  • Keep safety independent.
    Safety relays, interlocks and emergency stops should always be able to act independently, even if communication networks are disrupted. That way, a fault or cyber incident cannot stop your plant from shutting down safely if it needs to.
  • Watch your parameters.
    Regularly verify key process values such as speed, temperature or pressure. Simple limits and alarms help you spot when something has drifted or been tampered with before it causes real damage.
  • Test your recovery plan.
    Run through what you would actually do after a cyber incident or major failure. Knowing who to call, where backups are kept, and how to bring systems back online safely will save valuable time when it matters.
Cyber security from IT to OT

People and partners

Technology alone can’t keep a site secure. The people who build, operate and support your systems are just as important. A few good habits and clear expectations go a long way.

  • Keep training practical.
    Short, focused sessions work best. Teach engineers and operators how to recognise phishing emails, spot odd HMI behaviour, and report anything unusual right away. Real examples stick better than long lectures.
  • Encourage a no-blame culture.
    Mistakes happen, and hiding them only makes things worse. Make it easy for staff to speak up if they think they’ve clicked something suspicious or noticed strange system behaviour. The quicker you respond, the less damage is done.
  • Manage third-party access carefully.
    Suppliers, system integrators and remote support teams often need to log in to your systems. Agree access rules in writing before they connect, use secure VPNs with time limits, and monitor sessions where possible.
  • Ask the right questions of your suppliers.
    Before buying new equipment, ask how the manufacturer handles vulnerabilities, firmware updates and end-of-life support. Look for companies that are transparent about their security practices and aligned with recognised standards like IEC 62443.
  • Stick together.
    Make sure IT, engineering and management are on the same page. A shared understanding of what’s critical, who’s responsible, and how to respond to incidents turns good individual practice into a strong, joined-up defence.
Danfoss iC7 - Cyber Security by design

Security-by-design: Danfoss iC7

Variable Speed Drives are a key element of tomorrow's connected industrial systems. If you're looking for a future-proof drive to beef up the cyber security of your process, they don't come much better than the Danfoss iC7:

  • Secure by design
    The iC7 series includes built-in hardware encryption, secure boot technology and protected firmware updates. These features make sure only verified code runs on the drive, blocking unauthorised modifications or counterfeit software before they can cause harm. Data transferred between the drive and the control system is encrypted, keeping command signals and process values safe from interception or tampering.
  • Aligned with global standards
    The iC7 supports compliance with the IEC 62443-3-3 industrial cybersecurity standard, which sets clear requirements for securing control systems. Danfoss provides implementation guidance that helps integrators design secure zones, manage user roles, and maintain strong authentication across connected devices. This means your system can meet recognised industrial security benchmarks without extensive redesign.
  • Built for the connected factory
    Unlike older generations of drives, the iC7 is designed to handle the high data demands of modern automation without exposing your network. It collects detailed sensor-level diagnostics and performance data but transmits them through authenticated, encrypted channels. This allows you to use real-time analytics, predictive maintenance and energy optimisation tools safely, without creating new vulnerabilities.
  • Future-proof protection
    As the regulatory landscape evolves - from the EU Cyber Resilience Act to the UK’s Cyber Security and Resilience Bill - products with digital elements will face stricter requirements for update handling, vulnerability disclosure and secure design. The iC7 already meets many of these expectations, giving it a long operational life in a changing compliance environment.

What this means in practice

  • Controlled access. You can lock down who configures and updates the drive, preventing unauthorised changes.
  • Trusted firmware. Each update is signed and verified before installation, ensuring authenticity and integrity.
  • Encrypted communication. The drive supports secure, authenticated links between PLCs, SCADA and other devices, reducing the risk of spoofed commands or data leaks.
  • Simpler compliance. Built-in features and clear documentation make it easier to align with standards such as IEC 62443 and the EU Cyber Resilience Act.
Learn more about the security capabilities of iC7 here.

Keeping optimistic about Industry 4.0

The good news is that secure-by-design kit, clear standards and simple digital hygiene will go a long way in the industry of tomorrow. Modern drives like the Danfoss iC7 show that you can collect rich data and still keep control of who does what, when and how. Add smart network design, planned firmware updates and basic training, and you can enjoy the benefits of connected manufacturing with confidence.

For more tips on future-proofing your Factory Automation systems, or to get your hands on an iC7 drive, get in touch with LED Controls:

01706 242050
[email protected]
www.ledcontrols.co.uk