Close this search box.

We are creating some awesome events for you. Kindly bear with us.

EXCLUSIVE! Digital Resilience: Prioritising Cybersecurity in Manufacturing Operations

Digital technologies have had a positive impact on manufacturing in terms of productivity, efficiency, and inventiveness. Manufacturers are increasingly embracing IoT-enabled digitalisation and integration throughout their facilities and supply chains to maintain a competitive advantage in the global market.

However, as the Internet of Things (IoT) and remotely connected devices become more common in industrial settings, safety is at risk as there are more opportunities for cyber intrusions with a larger surface area to attack.

Moreover, the increased adoption of digital technologies in manufacturing has raised the risk of cyber threats, which can potentially compromise sensitive manufacturing data and disrupt production processes.

In light of these challenges, digital resilience has become a top priority for manufacturers as they seek to safeguard their operations against possible intrusions. Most companies are designing more robust strategies or are looking to bolster existing measures.

Cybersecurity threats to the manufacturing sector include phishing, ransomware, malware, supply chain disruptions and insider threats. Manufacturers must create a thorough cybersecurity plan that considers both operational technology (OT) and information technology (IT) systems to effectively tackle these dangers.

Given that many OT systems were developed without taking security precautions into account, manufacturers are extremely vulnerable to cyber threats. This is a matter of great concern, as it leaves their systems open to cyberattacks and increases the likelihood of their production processes being compromised.

The impact of cyber breaches on manufacturing operations

In an exclusive interview with OpenGov Asia, Jagathesh Rajavasagam, Risk & Cyber Security Officer, Abbott, Singapore acknowledges that the current cybersecurity landscape presents several challenges for the manufacturing industry and emphasised the need for a holistic approach to address them.

“One of the challenges is that manufacturing is not designed to focus on security but rather functionality. Secondly, Operation Technology (OT) devices are designed and developed for specific purposes by third-party vendors. Thirdly, people are trained to deliver results from an engineering perspective, but not to address cybersecurity challenges,” Jagathesh elaborates.

He recognises that the supply chain in the manufacturing industry involves multiple suppliers throughout the entire product lifecycle, from raw material suppliers to end consumers. A risk-based approach should be taken to safeguard it, with critical vendors identified and prioritised for attention.

The importance of managing cybersecurity risks in the supply chain, especially with external vendors, cannot be understated.  Moreover, emerging regulatory expectations require businesses to report any cyber incidents within a specific period.

From an external perspective, businesses need to ensure that they have a well-thought-out system to manage the risks and enforce contract clauses related to data security and cybersecurity.

Internally, measures need to be put in place to mitigate inadvertent or malicious exposures to attacks. Account takeovers and Business Email Compromises (BEC) are commonly employed by hackers as means to breach systems. The attackers look at the extended nature of the OT network and IT interface and find the weakest link to get into the (Operational Technology) OT network.

“To address the entire spectrum of possibilities and issues, businesses need to focus on both inside-out and outside-in approaches,” Jagathesh suggests. “Overall, the goal is to ensure that the end-to-end supply chain is secure from a risk and cybersecurity perspective.”

The inside-out approach requires businesses to focus on their suppliers and ensure that they comply with cybersecurity requirements. The outside-in approach requires businesses to evaluate the cybersecurity practices of their vendors and the access they have to critical systems.

From Jagathesh’s observations, the current operating environment of the manufacturing industry has evolved from a people-centric to a process-centric to an automation-centric approach by leveraging data and technological advancements. Moving towards connected interfaces, the adoption of new technologies and IoT devices for automation and integration is inevitable in the near future.

However, the manufacturing industry challenges include, identifying critical assets,  classifying IoT devices & understanding the business impacts with a legacy environment are considered significant security risks. Often, Emerging technological devices are deployed without being added to asset inventories and lack risk assessment, leading to unknown security risks. It is important to consider security from a device’s operational, security & Business impact standpoint.

To mitigate this, companies can collaborate closely with their business units to understand their needs and requirements, ensure that devices meet baseline security requirements from third-party vendors, and appropriately inventory the devices with the right security tools installed. Furthermore, automation capabilities can be utilised to address cybersecurity concerns, with visibility provided by a security operation centre (SOC).

Jagathesh agrees that there is a need to identify key risks before looking at ways to address them. Risks can be classified as known knowns, known unknowns and unknown unknowns. “The biggest challenge is the unknown unknowns, as many manufacturing systems were not designed with security in mind and may not be able to cope with the sophisticated attacks.”

He recommends a three-step approach: first, gain visibility of the environment; second, collect data and filter it into a data-centric model; and third, use a risk-based approach to develop mitigation strategies. Without these steps, it can be difficult to know where to focus efforts and what risks to address.

The financial performance and impact of a cyber-attack on a manufacturing company can be significant. Manufacturing availability is crucial, and a successful cyber-attack can disrupt the supply chain, leading to financial impacts on the business, and other economic, and environmental issues.

The regulatory environment and emerging reporting scrutiny expect organisations and responsible individuals to be prepared for a cyber event and predict and plan for how to manage a crisis. Most importantly the resilient nature of the business mitigates productivity loss and prevents supply chain destruction in the entire supply chain ecosystem.

The cybersecurity imperative for manufacturing companies

Jagathesh acknowledges the crucial role of network service providers in the digitally connected world and notes that attacks on them can result in the complete disruption of communication. He cited real-time examples of successful Distributed Denial of Service (DDoS) attacks on telco providers.

The manufacturing industry faces challenges in terms of cybersecurity and legal frameworks are still in the learning and evolving stage. “There are emerging legal/regulatory frameworks, but existing standards (ISO, IEC) and zero trust models can provide guidelines. Strong industry partnerships, consensus on baseline security and public-private partnerships are some evolving themes to address emerging cybersecurity trends,” Jagathesh is convinced.

Singapore has taken the lead in developing cybersecurity OT competency frameworks and cybersecurity master plans for the Critical Information Infrastructure, while other APAC countries are catching up. Some countries are leading the maturity focus in this area, while Europe and APAC are trying to address challenges through discussions and building capabilities.

The manufacturing industry is transforming from Industry 3.0 to 4.0, with strategic initiatives focused on dealing with the consequences of not incorporating security in innovation. The implications of failing to account for risk and cybersecurity can result in supply chain interruptions, reputation, and revenue loss.

Cybersecurity practitioners in the manufacturing industry must prioritise worker safety, reliability, and security. By leveraging technology, they can drive innovation and generate new business ideas while securing a disruption-free supply chain. Therefore, comprehending the manufacturing ecosystem and appropriate prioritisation is crucial.

The journey so far and the road ahead

Jagathesh has been in the IT industry for 20 years and has always had a focus on Risk management, information security and cybersecurity. He recounts his career path, which began with a focus on risk management and security in his initial job. He quickly realised the importance of cybersecurity and dedicated himself to developing his skills and understanding the various security products and technologies. He builds his Cyber career from a multi-dimensional perspective which includes technology, regulatory framework, consulting, and business skills to provide a trusted advisory solution to the enterprise.

His experience working in diverse industries such as Banking and Financial Services Industry (BFSI), Webhosting and Healthcare verticals with a razor-sharp focus on stakeholder engagement, program management, Enterprise Application Integration (EAI), Audit and regulatory engagement gave him an appreciation of the interdependence of cyber and risk management.

He was approached by headhunters who were looking for someone who can bring transferable skills in the areas of technology and translate tech jargon into business understanding language. Build relationships with internal and external stakeholders to strategise the risk and Cybersecurity program. He transitioned from banking and financial service industries (BFSI) to healthcare and manufacturing security, with a focus on building strong capabilities in critical information infrastructure.

The transition from BFSI to manufacturing and healthcare posed some challenges, but his transferable skills and new learning helped in shifting priorities. Indeed, his diverse experience has given him a wider and deeper appreciation of cyber resilience.

He explains that in the banking and financial industry, the focus is on a data-centric approach, while in the manufacturing and healthcare industries, safety is the primary concern followed by availability and security.

As a cybersecurity practitioner, he always prioritises the three fundamental principles of confidentiality, integrity, and availability. He also follows a three-pronged approach, which includes understanding the business, identifying how cybersecurity and risk management capabilities bring value to the business and understanding external factors like emerging trends, regulations, and cross-border issues impacting the business.

The manufacturing sector is a critical industry that operates continuously 24/7/365 days a year. The key challenge in manufacturing cybersecurity is to ensure that the business keeps running without downtime, while also addressing cyber threats like email compromises, PLC attacks, supply chain disruptions and account takeovers.

Jagathesh thinks the approach to cybersecurity in the manufacturing industry has evolved from a people-centric to a process-centric to a machine-centric model in the past. Moving forward the focus is on data-centric to autonomous models with the key focus on the automation capabilities. Building resilience is a multi-faceted methodology that requires addressing cybersecurity risks from a people-centric, process and technology-centric perspective.

A comprehensive paradigm that incorporates new technologies, process improvement, regulatory compliance and cybersecurity awareness can help organisations to develop and maintain a secure and efficient manufacturing operation.

“Building resilience requires addressing cybersecurity risks from both a people-centric and technology-centric approach. This means not only implementing technical controls such as firewalls and encryption but also training employees on cybersecurity best practices and creating a culture of security awareness,” Jagathesh concludes.

(Disclaimer: This interview is based on Jagathesh Rajavasagam’s personal views and has nothing to do with his current organisation)


Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.


CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.


Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit


SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.


HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 


IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.