In partnership with
Disclaimer: All views presented here, in this newsletter, are my own.
Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.
Hey there,
Hope you are doing well.
This is Cybersecurity & AI across IT-OT Automation Stack - Monthly Digest # 3.
✍️↪️ In this newsletter:
TL;DR — Summary
AI is now a security axis across the stack. Cloud AI workloads and model supply chains introduce new integrity and provenance risks that must be mitigated alongside traditional IT / OT controls.
ERP remains a top ransomware vector for manufacturers. A high percentage of ransomware incidents touch ERP systems — treat ERP hardening as high priority for business continuity.
Standards & guidance have advanced. ISA/IEC 62443 updates and NIST OT guidance continue to refine program-level and technical controls for IACS/OT. Use these as the program spine.
OT-specific advisories keep arriving. CISA/CERT vendor advisories (recent Schneider / CISA ICS advisories and multiple CVEs affecting PLCs / controllers) mean patch + segmentation programs must be operationalized.
Practical priority: inventory (including models & data), isolate and protect ERP and OT control planes, implement DMZ controls between IT/OT, embed AI security lifecycle controls, and prepare tested recovery playbooks.
📘Conclusions for CDO / CIO and CISO’s.
‼️ And some references.
But before we begin, do me a favour and make sure you “Subscribe” to let me know that you care and keep me motivated to publish more. Thanks!
Ready? let’s dig in.
Yours truly.
— Yousuf.
Note: |
Some email service providers (ESPs) (e.g., Gmail / google) may clip a portion of the post after a certain length; in that case, make sure to checkout the online version by going to top right corner of the email and clicking the “Read Online” or link here. |
Together With (Sponsor)
How can AI power your income?
Ready to transform artificial intelligence from a buzzword into your personal revenue generator
HubSpot’s groundbreaking guide "200+ AI-Powered Income Ideas" is your gateway to financial innovation in the digital age.
Inside you'll discover:
A curated collection of 200+ profitable opportunities spanning content creation, e-commerce, gaming, and emerging digital markets—each vetted for real-world potential
Step-by-step implementation guides designed for beginners, making AI accessible regardless of your technical background
Cutting-edge strategies aligned with current market trends, ensuring your ventures stay ahead of the curve
Download your guide today and unlock a future where artificial intelligence powers your success. Your next income stream is waiting.
Quick recap from previous Digests!
✍️ In Digest # 0, we covered basics around the IT-OT automation stack and its importance and relevance to building a competence framework for the next generation of IT & OT cyber professionals, whether they are Solution Architects and or Security Architects. Also shared some initial thoughts on the coverage across the project lifecycle stages.
✍️ In Digest #1, we covered brief introduction to each layer of IT-OT automation stack, related Purdue levels, industry 3.0 vs. 4.0 differences, insights, risks and threats, and few interesting resources on Cybersecurity and AI.
✍️ In Digest #2, we outlined a Competence Framework for both an Cybersecurity & AI architects / professionals as well as Industry 4.0 solution architects / professionals.
↪️ Let us know, in the future Digest # 4, what you’ll want me to cover more?
My YouTube Videos
In case you’ve missed, I’ve recently posted a couple of videos on YouTube.
Parallels between Digital Transformation & IT OT Cybersecurity Strategies (a 20-Minute Masterclass!)
In this ⏳20-minute short Masterclass, M. Yousuf Faisal (20+ years in IT/OT cyber) explains steps for #DigitalTransformation and #Cybersecurity Strategy execution and drawing parallels between the two.
Learn how to treat these not as separate projects but as a journey.
Getting Started in IT/OT Cybersecurity - A 3 Phase & 12 Steps Blueprint
This is for the following different persona types:
A recent graduate or learner- interested in getting started in IT/OT Security.
An IT security professional - interested in getting started in OT Security.
An automation professional - interested in getting started in OT security.
An experienced professional from a non-IT/Security/Automation field - interested in getting started in IT/OT security.
OT Cybersecurity Requirements Specification Dos and Don'ts
✅ Deadly Sins (Common Mistakes) & Quick Wins (recommended fixes) for Industrial environments 🚨- You Can’t Afford to Ignore! Plus🚨
Cybersecurity Levers - Secure By 3Ds (Demand, Design & Default) - The Trifecta for Organizations
Explains what they mean? Why should you care? & how to leverage these to protect your business / industrial operations.
To continue reading about each layer of the automation stack for Trends/Risks, Why CXOs should care and immediate actions, subscribe and access for free.
Cloud (AI) — what’s new & what to do
Trend / risk: Cloud service providers and enterprises are rapidly embedding AI into industrial workflows (predictive maintenance, visual inspection, process optimization).
This accelerates value — and model & data supply-chain risk.
Analysts now call for model provenance, SBOM-like practices for models, and runtime integrity checks for LLM / AI agents used in operations.
Large consultancies warn that AI must be “secure by design” not bolt-on.
Why CXOs should care: A poisoned or exfiltrating model in a cloud-hosted service can silently corrupt decisions (e.g., control parameter recommendations), leak IP, or become a lateral foothold into OT networks when integrated.
Cloud vendor and partner risk is now business-critical.
Immediate actions:
Require AI asset inventory (models, training data, third-party model sources).
Require vendor attestations for model provenance and implement runtime checks (input / output anomaly detection).
Shift to an AI security review for every dev → prod pipeline (threat model + test data poisoning scenarios). (See Accenture and recent Q2 2025 analysis for why embedding security into AI initiatives is mandatory).
ERP — the business crown jewels
Trend / risk: ERP applications continue to be frequent collateral in ransomware incidents; many ransomware campaigns target ERP or use ERP access to escalate impact.
Surveys indicate most organizations hit by ransomware saw ERP affected at least once.
Why CXOs should care: ERP downtime = production stoppage, heavy regulatory exposure, supply-chain cascade.
Attackers now combine exfiltration + extortion (double extortion) and target ERP backups and availability.
Immediate actions:
Multi-layer protection: strong segmentation for ERP networks, privileged access management (PAM) for ERP admins, mandatory 2FA, and isolated immutable backups.
Implement ERP-specific monitoring and integrity checks (file integrity, transaction anomaly detection).
Run pre-war-room tabletop exercises simulating ERP compromise with the business continuity team.
(See Onapsis research for empirical attack/impact data on ERP.)
DMZ and IT↔OT boundary — keep the bridge narrow and observable
Trend / risk: Clear separation between IT and OT remains the single most effective risk reducer for many industrials.
Industry best-practice blogs and vendor guidance reiterate the need to disconnect unnecessary connections and to design DMZs with strict allowed flows.
Resource guides emphasize removing direct internet access from OT.
Why CXOs should care: A weak DMZ or bilateral access can allow IT threats (ransomware, compromised cloud accounts, phishing) to cascade into safety-critical OT environments.
Immediate actions:
Enforce a hardened DMZ architecture with jump hosts, one-way replication where possible, and tightly scoped protocols / ports.
Segment by zone and apply compensating controls (application gateways, IDS/IPS tuned for OT protocols, strict change control).
Apply CISA primary mitigations for OT and ensure the OT team controls inbound/outbound connections.
MES / OT integration layer — the control plane for manufacturing execution
Trend / risk: MES is an integration point between ERP and OT.
As MES moves to cloud or hybrid deployments, it becomes a pivot point for attackers to bridge business logic and control logic.
Industry events and conferences highlight MES security as an emerging program priority.
Why CXOs should care: Compromise of MES can alter production orders, BOMs, or sequencing — directly impacting quality, safety, and regulatory reporting.
Immediate actions:
Treat MES as a domain requiring both application security (OWASP controls, patching, secure configs) and OT-aware network segmentation.
Harden connectors and APIs between MES↔ERP and MES↔SCADA/HMI (least privilege, mutual authentication, TLS, audit logging).
Implement continuous OT monitoring that covers MES telemetry and integrity.
2) SCADA / HMI / PLC / Edge devices — technical realities
Trend / risk: CISA and other CERTs continue to publish ICS advisories (recent Schneider Electric Modicon / other controller advisories) and CVEs for controllers and field devices.
Attackers exploit default credentials, unauthenticated services, and outdated firmware.
Why CXOs should care: These devices are often safety-critical; attacks can cause physical damage, safety incidents, and extended downtime.
Immediate actions:
Inventory + EOL discipline: Know every PLC/HMI/edge node and its firmware version. Prioritize patching where advisories exist.
Network micro-segmentation & allow-list: Only allow required control traffic. Remove management ports from general networks.
Compensating controls: Read-only data diodes for telemetry, strict change management, and OT-aware EDR / IDS where possible. (Refer to CISA advisories for actionable CVE recommendations and mitigations.).
Conclusion — message to CXOs
AI and the cloud are not optional improvements — they change your attack surface.
The board question is no longer “if” AI will change operations but “how safely” we will adopt it.
For manufacturing leaders, the safe path is clear: inventory everything (including models), treat ERP/MES/OT as mission-critical products, enforce DMZs and least-privilege, and operationalize patching & recovery.
Start with a 90-day sprint (inventory + ERP backups + DMZ lock-down + AI asset register) and build program maturity from there.
References:
Accenture State of Cybersecurity Resilience 2025 (AI/security guidance).
NIST SP 800-82r3 — Guide to Operational Technology Security. (OT guidance & controls).
IEC / ISA 62443-2-1:2024 — Asset owner program requirements.
CISA — ICS advisories (recent Schneider Modicon advisory). (Actionable CVE & mitigations.).
CISA — Primary mitigations to reduce OT threats. (Practical mitigations for OT owners).
Onapsis — ERP ransomware research. (ERP as a ransomware target; mitigation focus).
Dragos OT best practices — DMZ/segmentation guidance for SMBs. (OT separation & pragmatic steps).
Industry roundups & incident trackers (e.g., SOCRadar / Arctiq blog Q2 2025 landscape) for incident trend context.
Competency Model for Industry 4.0 Employees, Technical University Munich.
AI Skills for Business Competency Framework, The Alan Turing Institute.
ENISA Multilayer Framework for Good Cybersecurity Practices for AI.
My Recent Most Viewed Social Posts
In case you’ve missed - here are some of my recent most viewed social posts.
🗞️ 🗞️ Cybersecurity Insights from Q2 2025 - [ST # 73] ✅ IT, OT, AI Cybersecurity Market (M&As, fundings, start-ups), Incidents, breaches, ransomware, cyber threat landscape, regulations and CISOs evolving role - Things are changing very fast.🚀 [Securing Things by M. Yousuf Faisal] 🗞️ 🗞️
🗞️IIOT Security Guide - [ST # 72] 🗞️ What is IIOT, key threats, industry demands, best practices, & strategies to secure your IIOT implementations and more.✍️ [Securing Things by M. Yousuf Faisal] 🗞️ 🗞️
[ST # 71] 🗞️2025 Guide to Cybersecurity in Digital Transformation Projects✅Discover the 2025 guide to cybersecurity in digital transformation. Learn key threats, best practices, and strategies to protect your digital initiatives.✍️[Securing Things by M. Yousuf Faisal]📰
📰[ST # 70] 🗞️Jump Servers - Workgroup / Domain? ✅ Pros & Cons of joining Jump servers to IT Domain, OT Domain or workgroup, some reference resources and more ✍️ [Securing Things by M. Yousuf Faisal]📰
📰[ST # 69] 🗞️ OT Cybersecurity Procurement Process & Practices (OTCS PPP) an ultimate guide - Part 2 ✅Tailored strategies for the Water & Wastewater Utility sector by Alana Murray, related resources, upcoming part & webinar etc. ✍️[Securing Things by M. Yousuf Faisal].📰
📰[ST # 68] 🗞️ OT Cybersecurity Procurement Process & Practices (OTCS PPP) an ultimate guide - Part 1 ✅The foundations & international best practices for OT cybersecurity procurement with Alana Murray, reference resources and more ✍️ [Securing Things by M. Yousuf Faisal]📰
📰[ST # 67] The Real Security Risks - Divide between Cyber & Physical ✅Guest Post by Jamie Williams on Modern Cyber-Physical Threats and What Does Good Security Look Like Today? plus my views on the same ✍️ [Securing Things by M. Yousuf Faisal]📰
Ways in which I can help?
Whenever you are ready - I can help you with:
A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.
B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.
C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.
Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.
D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.
Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.
✉️ Wrapping Up
Have questions, comments, or feedback? Just reply directly, I’d love to hear from you.
Also, if you find this or previous newsletter edition(s) useful and know other people who would too, I'd really appreciate if you'd forward it to them. Thanks a ton.
Thanks for reading - until the next edition!
It’s a Great Day to Start Securing Things for a Smart & Safer Society.
Take care and Best Regards,
Rate the newsletter content
If you are reading this online don’t forget to register; validate your email, and request a login link to submit the poll.
Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society. Thank you for your trust and continued support.
