COMMENTARY: Manufacturers worldwide are being pushed to make emissions data timely, auditable, and operationally meaningful. Moving carbon telemetry from after‑the‑fact reporting into the control plane of production systems changes the security calculus: it’s not simply an issue of collecting more data, but ensuring that sustainability signals become part of the operational fabric without creating new avenues for disruption.Work by industrial AI specialist Lesia Yanytska on embedding carbon monitoring within manufacturing execution systems (MES) illustrates how we can approach this integration securely from the ground up.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]Known as the agentic manufacturing systems (AMS) framework, the approach builds on Yanytska’s carbon intensity monitoring whitepaper (SSRN: 5344292), which introduced the MES-embedded CI framework and ESG synchronization architecture, and her agentic manufacturing systems framework (SSRN: 5710202), which formalizes the autonomous agent coordination and governance controls described below.Core security prioritiesIntegrating carbon intensity monitoring into an MES requires a clear set of security priorities treated as design constraints rather than optional add‑ons. Device identity, protocol integrity, perimeter preservation, and governance at the decision layer are prerequisites for making emissions telemetry trustworthy and actionable. Here are the three core areas to address, each followed by concise, practical controls:Operational controls and supply‑chain hygieneSecurity relies as much on process as it does on architecture. Secure provisioning and authenticated firmware updates with rollback protections reduce supply‑chain risk for edge devices. Patch management, controlled device lifecycles, and strict access controls for system integrators and cloud endpoints that receive ESG exports are non‑negotiable.Third‑party risk management should require contractual security commitments and attestations of controls. Continuous monitoring that correlates carbon telemetry with process and network indicators helps detect manipulations that single‑stream checks would miss, and incident response playbooks must explicitly include scenarios where emissions data is weaponized to influence production.Regulatory alignment and practical deploymentRegulatory pressure has been tightening: real‑time, auditable emissions reporting has become an expectation in many jurisdictions, and OT security frameworks are under greater scrutiny. Designing carbon monitoring to align with industrial security standards and embedding governance at the decision layer addresses both operational and compliance demands.Here's the practical takeaway for security and operations teams: if the organization wants sustainability data to be actionable, we must engineer it as OT data from Day 1. That alignment reduces friction with auditors and regulators while lowering the operational risk of integrating sustainability into automated decision flows.Protocol‑level security, device attestation, perimeter preservation, and governance at the decision layer – the pillars of Yanytska’s Agentic Manufacturing Systems approach – turn real‑time carbon tracking from a liability into a trustworthy operational capability. For manufacturers and integrators, it’s a stark difference: treating sustainability telemetry as an afterthought adds risk, while designing it as OT data offers a resilient, compliant lever for efficient production.David Balaban, owner, Privacy-PCSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
- Device and protocol security: We must treat carbon sensors and edge gateways as industrial endpoints, not consumer IoT. This implies using secure industrial protocols (certificate‑based authentication, encryption, role‑based access) so telemetry gets authenticated and runs confidential from the field. End‑to‑end signing and tamper‑evident logs strengthen data provenance, critical when emissions statistics feed scheduling and compliance workflows. The security community has long warned about IoT deployments with inadequate controls, flat networks, and default credentials. Applying industrial device practices avoids those pitfalls.
- Preserving the OT perimeter: Sustainability telemetry becomes another stream inside the existing OT boundary rather than a new ingress point. Carbon data needs to flow through SCADA and PLC channels into an MES within a perimeter hardened through OT/IT segmentation and DMZs for IT-side processing. Additionally, it’s best to tune monitoring and anomaly detection for OT‑specific telemetry so subtle manipulations are visible. Designing under IEC 62443 principles and following NIST SP 800‑82 guidance helps ensure carbon data does not expand the attack surface but remains within an already‑secured boundary.
- Risk at the decision layer: When carbon metrics influence autonomous schedulers or energy managers, the attack surface shifts to decision logic. A compromised agent that acts on falsified inputs can cause production loss, safety incidents, or regulatory breaches. Mitigations include immutable governance rules enforced outside learning models, explainable audit trails of agent inputs and reasoning, and human‑in‑the‑loop controls with plain‑language overrides and emergency stops. These governance controls make autonomy auditable and controllable rather than an opaque risk.
