What NIST’s new cybersecurity framework 2.0 means for the industry.
By Joel Burleson-Davis, Chief Technology Officer, Imprivata
This summer, Britain’s largest car manufacturer, Jaguar Land Rover, was forced to shut down operations for nearly a month following a major cyberattack on its global IT system with a likely vector of a third-party supplier. The impact rippled across supply chains, costing the British economy an estimated $2.5 billion and providing a stark reminder of how tightly coupled and fragile modern manufacturing systems can be.
Incidents like this underscore the growing urgency for manufacturers to adopt cybersecurity frameworks that account for interconnected supply chains and digital operations, not just traditional IT networks with segmented and offline OT networks.
As digital transformation reshapes manufacturing, cyber threats are rising in both volume and sophistication. Industrial control systems, connected devices, and smart factories increase efficiency but add exposure. To help, the National Institute of Standards and Technology (NIST) has released an initial public draft of its Cybersecurity Framework (CSF) 2.0 Manufacturing Profile. This update gives manufacturers a timely roadmap to strengthen resilience without compromising productivity on the plant floor.
Introduced in 2014, the original NIST Cybersecurity Framework became a de facto standard for managing cyber risk. Version 2.0, newly released in 2024, reflects a decade of change, expanding beyond IT networks to include operational technology (OT) and cyber-physical systems (CPS). It also adds a new “Govern” function, emphasizing leadership, supply chain risk, and identity management as first-class concerns rather than afterthoughts.
The Manufacturing Profile builds on these concepts, translating the high-level framework into sector-specific guidance for production environments, helping manufacturers:
Crucially, the industry profile acknowledges the convergence of IT and OT, which is both a source of innovation and a key vulnerability. This merging enables manufacturers to leverage real-time production data through cloud analytics and AI-driven optimization, boosting efficiency, predictive maintenance, and decision-making across the enterprise. But it also exposes control systems to threats that were once confined to traditional IT networks.
The Jaguar Land Rover breach demonstrates that cyber risk extends far beyond the factory floor. It originated from a third-party supplier and highlighted how dependent manufacturers are on external partners for everything from logistics to remote maintenance.
Attackers often enter through vendors with outdated credentials, shared logins, or poor oversight. In fact, a recent Ponemon Institute study found that nearly half of industrial organizations experienced a cyberattack involving third-party vendors in the last year. The NIST Manufacturing Profile offers practical ways to reduce this exposure by encouraging companies to:
When these principles are applied with discipline, third-party threats can be quickly contained or prevented altogether. In manufacturing, trust without verification is now too risky.
Stronger cybersecurity doesn’t have to slow production. In practice, a good framework boosts productivity by reducing downtime, cutting rework, and improving data integrity.
The NIST Manufacturing Profile offers a scalable, risk-based approach. Rather than trying to secure everything at once, manufacturers can start by focusing on the systems that would cause the most safety, financial, or reputational damage if compromised:
Done well, these measures integrate into existing systems with minimal disruption, establishing adaptive resilience so your organization can provide secure, low-friction access to the tools people need to do their jobs.
Identity and access management (IAM) is becoming the control point for all production facilities navigating digital transformation. Manufacturers must authenticate, authorize, and monitor every user, device, and application—especially shared workstations, kiosks, and mobile devices, which complicate access management on the plant floor.
Firewalls and passwords, on their own, are no longer enough against AI-driven attacks. Adversaries use automation and AI to bypass legacy defenses, mimic legitimate users, and exploit forgotten access points. By contrast, with identity-based security, trust is continuously earned and never assumed.
The Manufacturing Profile recognizes this shift by emphasizing access control, continuous monitoring, and governance—aligning closely with the principles of modern IAM:
Embedding identity into your security strategy reduces vulnerabilities and builds confidence in connected operations. With unified identity management, teams move faster, collaborate securely, and recover quickly—proving that access management can drive both agility and security.
The release of NIST’s CSF 2.0 Manufacturing Profile is an opportunity for the industry to redefine secure manufacturing in the digital age. Cyberattacks like the one that hit Jaguar Land Rover will only grow more frequent and sophisticated.
Manufacturers that treat cybersecurity as a strategic business function, rather than just a compliance exercise, will be best positioned to innovate safely and sustain trust across their ecosystems. The future of manufacturing won’t only be defined by what we build, but by how securely we build it.
Frictionless, secure access and strong identity management enable manufacturers to modernize with confidence—verifying every connection, protecting every identity, and keeping operations running.
About the Author:
Joel Burleson-Davis is the Chief Technology Officer at Imprivata, where he’s responsible for building, delivering, and evolving the suite of Imprivata’s cybersecurity products that include Privileged Access Management, Privacy Monitoring, and Identity Governance solutions. Prior to joining Imprivata, Joel was Chief Technical Officer at SecureLink, the leader in critical access management for organizations in need of advanced solutions to secure access to their most valuable assets, including networks, systems, and data. While at SecureLink, Joel was responsible for the overall technology and operational strategy and execution including direction and oversight for Product Development, Quality Assurance, IT and Cybersecurity Operations, Compliance, and Customer Success.
The Rise of American Manufacturing: A New Industrial Era
In this episode, I sat down with Beejan Giga, Director | Partner and Caleb Emerson, Senior Results Manager at Carpedia International. We discussed the insights behind their recent Industry Today article, “Thinking Three Moves Ahead” and together we explored how manufacturers can plan more strategically, align with their suppliers, and build the operational discipline needed to support intentional, sustainable growth. It was a conversation packed with practical perspectives on navigating a fast-changing industry landscape.
Get In Touch
Google news and SEO compliant, Industry Today’s state-of-the-art digital media platform offers bespoke media campaigns that target key decision makers and buyers to achieve your marketing and promotional goals.
Contribute
Showcase your brand and promote your business to our highly targeted audience. We offer detailed Google Analytics with measurable ROI to assure success. Submit your content for review by our Editorial team who will contact you to discuss the project further.
About Us
Reach Your Targeted Audience and Grow Your Business. Learn more About Industry Today.
Contact Us
© 2025 Industry today. All Rights reserved.
