Guides

ICS Security for SMB Manufacturing

Practical guide to ICS security for SMB manufacturers with simple, low-cost solutions to protect industrial plants and systems.

Industrial Control Systems (ICS)

5 August 2025

Table of contents

  • What is ICS security and why is it critical for SMBs?
  • Step 1: ICS asset mapping
  • Step 2: ICS Network Segmentation
  • Step 3: Software Update and Patching
  • Step 4: Secure Remote Access and Access Control
  • Step 5: Backup and recovery plan
  • Step 6: Staff training
  • Step 7: Monitoring and logging events
  • Step 8: Security policies and emergency plan

Small and medium-sized manufacturing companies (SMEs) face a crucial challenge: protecting their industrial control systems (ICS) from increasingly sophisticated cyber attacks.

Often, these companies have neither the specialized technical staff nor the substantial budgets to implement complex security solutions. However, this does not mean that security should be neglected. On the contrary, it is possible to undertake a step-by-step path to strengthen one’s cyber resilience, even starting from low-cost solutions and good organizational practices.

This article is intended as a practical guide for manufacturing SMEs who want to start or improve their ICS security, with simple but technical language, practical examples and operational indications.

What is ICS security and why is it critical for SMBs?

ICS security is about protecting Industrial Control Systems (ICS), which are systems that manage and automate manufacturing processes on the factory floor: PLCs, SCADAs, HMIs, DCSs, sensors and actuators.

Unlike traditional IT systems, ICS are often designed to run in real time, on older hardware, with legacy software and in high-availability environments.

For a manufacturing SMB, an ICS breach can mean much more than a disruption: it can lead to physical damage to the plant, production interruption, data loss, reputational damage and regulatory fines.

Furthermore, ICS cyber attacks have grown exponentially in recent years, affecting even small businesses thanks to the spread of generic malware and industrial ransomware.

Step 1: ICS asset mapping

The first step to effective security is knowing what needs to be protected. In many SMBs, there is no up-to-date inventory of industrial assets.

What to do:

  • Create an asset map
    PLC, SCADA, industrial switches, routers, servers, sensors, HMI panels, etc.
  • Document for each asset
    Device type, manufacturer, firmware/software version, IP address, physical location, and role in the process.
  • Also include connected systems, such as operator PCs, programming stations, and VPNs.

Recommended low-cost tools:

  • Using nmap for initial network scan.
  • Open source solutions like Ralph or Snipe-IT for inventory management.

Step 2: ICS Network Segmentation

One of the most common mistakes in SMBs is to have a flat network where ICS and IT coexist without barriers. This exposes industrial systems to infections from the office (e.g. malware carried by email).

Solution:

  • Logically separate the industrial network (OT) from the corporate network (IT) using firewalls .
  • Apply the zones and conduits model of the ISA/IEC 62443 standard .

How to get started:

  • Even a simple router with VLAN support can create a first barrier.
  • Use a low-cost industrial firewall or PC with pfSense as a gateway between IT and OT.

Step 3: Software Update and Patching

Many industrial plants still run on outdated operating systems (e.g. Windows XP, Windows 7) and PLCs with old firmware. Updates are often avoided for fear of causing downtime.

Step-by-step strategy:

  • Create a list of versions of each component.
  • Contact vendors to check available patches.
  • Apply patches in test environments or during planned downtime.

Example
 An older HMI running Windows XP can be placed behind a firewall that only allows specific communications to the PLC, reducing the risk of infection.

Secure Remote Access

Step 4: Secure Remote Access and Access Control

Remote access to ICS systems is often used for vendor or technical support, but if misconfigured it can open the door to attackers.

What to do:

  • Disable undocumented or left active logins for convenience.
  • Use VPN with two-factor authentication (2FA).
  • Keep a log of remote access (access log).

Free or low-cost solutions:

  • OpenVPN or WireGuard to create a secure VPN.
  • 2FA authentication with Google Authenticator or Duo Security.

Step 5: Backup and recovery plan

An effective backup can make the difference between getting up and running in an hour or being stuck for days. In the ICS space, backup often involves:

  • PLC Projects
  • HMI Configurations
  • Production database

Best practices:

  • Save backups to non-network connected (air-gapped) drives.
  • Periodically check the integrity of your files.
  • Simulate recovery at least once a year.

Step 6: Staff training

Security is not just technology. Many attacks start with human error , such as clicking on a phishing email or plugging in an infected USB stick.

Recommended actions:

  • Train operators on cyber risks specific to the ICS context.
  • Introduce a USB device usage policy.
  • Create simple procedures in the event of a suspected incident.

Practical example
 A technician who needs to update the PLC firmware should follow a checklist: disconnecting from the network, using a dedicated laptop, checking the downloaded file, etc.

Step 7: Monitoring and logging events

Monitoring what happens on the ICS network allows you to detect suspicious activity before it turns into real damage.

How to get started:

  • Enable logging in devices (PLC, HMI, firewall).
  • Collect logs in a central server (even open source ones like Graylog or ELK Stack).
  • Set up alerts for abnormal events.

Step 8: Security policies and emergency plan

Finally, a minimum of governance is needed to put security actions in order.

What you need:

  • A written ICS safety policy shared with those working in the factory.
  • An incident response plan , even a simplified one, that indicates:
    • Who to call
    • How to isolate the system
    • Where to Recover Backups

To conclude

Cyber security for manufacturing SMBs does not necessarily require large initial investments. Even with free tools , a segmented network, well-managed backups and trained staff, it is possible to drastically reduce the risk of attacks.

The important thing is to start, one step at a time, with awareness and method.

Questions and answers

  1. What is ICS Security?
         ICS Security protects industrial systems from cyber threats that could compromise production, data, or physical safety.
  2. Where does a SME without dedicated IT staff start?
         From asset mapping and IT/OT network separation, using free or low-cost tools.
  3. Can I use regular antivirus to protect my PLCs?
         No. PLCs do not support antivirus: it is essential to isolate them on the network and limit connections.
  4. How much does it cost to implement a VPN for secure remote access?
         A basic OpenVPN solution can cost 0€ in licensing, requiring only a compatible PC or router.
  5. Are there any free tools to manage ICS logging?
         Yes: Graylog, ELK Stack or Syslog-ng are great open source solutions.
  6. Is a backup really necessary if everything is working?
         Yes. In the event of ransomware or crashes, an up-to-date backup can save you days of downtime.
  7. Is it useful to update old PLC firmware?
         Yes, but with caution. It should be done on test plants or during scheduled downtime.
  8. Do IT firewalls also work for OT?
         Yes, but industrial firewalls offer specific protocols (e.g. Modbus, S7) and are more suitable.
  9. Are cloud solutions suitable for ICS?
         Only in well-segmented contexts and with secure gateways. In many cases, local management is better.
  10. Is there a reference standard for ICS safety? Yes, the
     IEC 62443 standard is the most widely used international reference.
6
To top