3 takeaways from the recent Nucor cyberattack

COMMENTARY: The recent cyberattack on Nucor Corporation, the largest steel producer in the United States, serves as a stark reminder of the vulnerabilities faced by asset-intensive organizations.

Nucor took parts of its network offline to contain the impact and temporarily halted production at several facilities. This disruption underscores a critical reality: cyber threats are no longer hypothetical risks, but operational realities that can impact production with ripples across supply chains and national security.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Manufacturing companies like Nucor operate complex industrial environments in which cyber–physical systems (CPS) that are digitally connected and impact the physical world are foundational. While these systems are essential for maximizing productivity, they also create a vast and expanding attack surface for cybercriminals. According to recent research, 82% of organizations have experienced at least one cyberattack in the past year originating from third–party supplier access to their CPS environments.

This lack of visibility to CPS represents a glaring risk in the defense of critical infrastructure. Cyber adversaries frequently exploit third–party vendor access to bypass traditional security measures and gain entry into networks that control vital manufacturing operations, energy grids, transportation, and water systems.

Manufacturing’s unique cybersecurity challenges

Defending manufacturing organizations against cyber-attacks has become uniquely challenging because of the convergence of IT (information technology) and OT (operational technology) systems. While IT security has matured over decades, OT environments were traditionally air-gapped and designed for safety and reliability rather than cybersecurity. This historic isolation has eroded as manufacturers adopt smart manufacturing practices, including cloud and remote connectivity, expanding modern enterprises’ exposure to the threat landscape exponentially.

Manufacturers now find it challenging to manage the proliferation of legacy and obsolescent assets that are insecure by default and design and rife with unpatched vulnerabilities open for exploitation. Moreover, manufacturers have limited ability to implement patches – taking a production line offline directly impacts business results.

The problems caused by remote access tool sprawl

Manufacturers also face challenges with the increased sprawl at plants of remote access tools. While they let vendors, maintenance teams, and engineers connect remotely to production lines for troubleshooting, upgrades, and monitoring, this convenience often comes at a cost.

Uninterrupted production from a multitude of automation vendors results in the deployment of multiple, disparate remote access products, leading to what industry experts call “remote access tool sprawl.” This fragmentation reduces visibility, control, and governance, creating gaps that attackers can exploit. It’s impossible to enforce consistent security policies with unmanaged and fragmented remote access capabilities.

Manufacturers must have a unified approach to managing remote access so they can mitigate the risk. Centralized visibility and control over remote connections lets organizations verify identities, apply least privileged access approaches, and log all activities for forensic analysis. Moreover, centralizing access reduces the risk of attackers exploiting legitimate remote access connections to deploy ransomware or even sabotage production lines.

The need for next–gen cyber defense in smart manufacturing

To defend against increasingly sophisticated threats, manufacturers need next–generation cybersecurity strategies tailored for their converged IT/OT environments. Here's three ways manufacturer's can learn from Nucor's experience and make it happen:

The consequences of a cyberattack on a manufacturer extend beyond production lines. Disruptions can cascade through supply chains, delaying deliveries of essential goods, increasing costs, and undermining customer confidence. On a national scale, attacks on critical infrastructure can impact economic stability and public safety, highlighting the strategic importance of cybersecurity investments as evidenced by the regional gas shortages and price spikes following the Colonial Pipeline hack in 2021.

Organizations must therefore think beyond perimeter defenses and individual assets. Building resilience means securing the entire ecosystem from suppliers, vendors, and partners, while fostering collaboration among stakeholders to share threat intelligence and best practices.

Security teams at manufacturers should consider the recent Nucor incident a cautionary tale and an opportunity to reevaluate and strengthen their cybersecurity postures. As attackers exploit the increasing digitization of manufacturing, the path forward lies in comprehensive visibility, unified remote access management, and advanced threat detection tailored to OT environments.

Grant Geyer, chief security officer, Claroty

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.