Smart manufacturing is transforming the industrial landscape, enabling unprecedented levels of efficiency, connectivity, and data-driven decision-making. However, as manufacturers rapidly digitize their operations, cybersecurity risks are expanding just as quickly. Too often, cybersecurity is treated as an afterthought—addressed only once systems are already deployed. This reactive approach is proving to be insufficient for today’s highly connected industrial environments.
In Deloitte’s 2025 Smart Manufacturing and Operations Survey, 68 percent of respondents had conducted a cybersecurity risk or maturity assessment in the last year, yet 91 percent still experienced a breach. This disconnect seems to highlight a deeper issue — while compliance exercises are broadly accepted, the hard work of actual security implementation is still a challenge. Without embedding cybersecurity directly into system design, assessments alone do little to prevent real-world incidents.
To prevent these issues from further escalating as new technologies are implemented on the plant floor, manufacturers must make cybersecurity a core component of their system design. But despite this reality, only 26 percent of manufacturers surveyed say they enforce secure-by-design principles when implementing new technologies, and they do it only when it doesn’t delay deployment. In other words, cybersecurity is still being sidelined in favor of speed and productivity, even if the reality is that inadequate cybersecurity can greatly hinder these metrics when a breach occurs.
To address this gap, manufacturers must adopt a fundamentally different approach—one that treats cybersecurity as an engineering discipline rather than a bolt-on control. This approach is known as Cyber-Informed Engineering (CIE). CIE integrates cybersecurity considerations into every stage of system development, recognizing it as a core requirement alongside performance, reliability, and safety.
Unlike traditional reactive cybersecurity, CIE focuses on limiting the consequences of a cyber event rather than assuming breaches can be completely prevented. It acknowledges the cyber-physical nature of industrial systems, where digital compromise can lead directly to physical damage or unsafe conditions. Key CIE principles include consequence-driven design, secure architectural segmentation, fail-safe system behavior, and an understanding of how cyber threats propagate through industrial environments.
When these principles are applied effectively, systems become Cybersecure by Design. Risks are identified early, system architectures inherently support security objectives, and resilience is built into the system rather than added later through compensating controls. This approach significantly reduces the likelihood that a cyber intrusion escalates into a high-impact operational failure.
The Automation Solution Security Lifecycle as defined in ISA/IEC 62443 aligns directly with the principles of CIE and provides a detailed framework for engineering cybersecurity into industrial automation systems.
By mapping out the phases and responsibilities for the key stakeholders — asset owners, system integrators, product suppliers and maintenance providers — this standard helps ensure cybersecurity is adequately addressed throughout every phase of the system lifecycle.
This lifecycle includes seven phases: Specification, Design, Implementation, Verification and Validation, Operation, Maintenance, and Decommissioning. However, the opportunity for creating a Cybersecure by Design system is presented in the first four phases (Figure 01). In these phases, a systems integrator experienced in OT cybersecurity can make and enforce the design decisions necessary for unifying security and functionality.
This structured lifecycle ensures cybersecurity is addressed systematically and maintained throughout the system’s operational life.
Designing cybersecurity into industrial systems delivers measurable business benefits. Cybersecure by Design systems experience fewer disruptions, reduced recovery time after incidents, and lower long-term costs compared to systems that rely on retroactive fixes. They also better protect intellectual property and sensitive operational data, while aligning with established frameworks such as NIST 800-82.
Most importantly, this approach enables innovation rather than hindering it. When cybersecurity is embedded into system architecture, manufacturers gain confidence to adopt new technologies, expand connectivity, and pursue continuous improvement without increasing risk exposure.
As smart manufacturing continues to evolve, cybersecurity can no longer be treated as optional or secondary. By embracing CIE and applying the ISA/IEC 62443 lifecycle, manufacturers can shift from reactive defenses to proactive, resilient system design.
Cybersecure by Design is not just a cybersecurity strategy—it is a prerequisite for reliable, safe, and sustainable smart manufacturing.
Original article featured in Control Engineering and the latest Global System Integrator Report.
Learn more about our Cybersecurity Solutions or chat with an ACE expert today.