Securing the Modern Factory Floor
As industrial automation and connected machinery drive efficiency, safeguarding operational technology (OT) from cyber threats has never been more critical. STACK Cybersecurity provides the specialized guidance, threat intelligence, and compliance frameworks required to protect production lines, mitigate supply chain risks, and maintain regulatory standards. Explore our dedicated manufacturing resources below to defend your infrastructure and secure your operations.
Cybersecurity and Compliance Resources Built for Manufacturers
Articles, assessments, vulnerability notices, and legislative updates for manufacturers.
Manufacturing Cyber Stats
Updated quarterly. This section reflects current threat intelligence from the FBI's Internet Crime Complaint Center (IC3), IBM X-Force, Verizon DBIR, Bitsight, and Dragos.
Most Targeted Sector
Manufacturing accounted for 27.7% of all cyberattacks according to IBM X-Force, marking its fifth consecutive year as the most targeted industry. Notably, attacks bypassing human interaction via public-facing application vulnerabilities surged 44%.
IT, OT Converging
A joint April 2026 advisory warned Iran-affiliated actors were targeting internet-facing Rockwell Automation/Allen-Bradley PLCs across U.S. critical infrastructure. Poor segmentation makes the production floor far more reachable once OT systems are exposed to enterprise or internet-connected networks.
Supply Chain Exposure
Business Email Compromise (BEC) cost U.S. companies over $3 billion in 2025. Attackers compromise vendor email accounts, intercept payment instructions, and redirect wire transfers. The FBI also reported more than 22,000 AI-enabled scam complaints and about $893 million in losses, showing how generative AI is amplifying phishing, invoice fraud, and BEC at scale.
IC3 2025 Report(PDF)
IC3 2025 Report (PDF)
Infosecurity Magazine
Know your gaps before someone else finds them for you.
STACK's gap analysis evaluates your current controls against the frameworks that matter for manufacturers, including NIST 800-171, CMMC, and your contractual obligations. You get a clear report and a practical remediation plan.
What Manufacturers Asked to Prove
Cybersecurity requirements aren't just coming from inside the industry. Legislation, regulation, and contractual obligations are stacking up.
The regulatory environment around cybersecurity is moving faster than most manufacturers' compliance programs. CMMC is the most visible requirement for military contractors, but it isn't the only one. State privacy laws, federal incident reporting obligations, Securities and Exchange Commission (SEC) disclosure rules, and prime contractor flow-down requirements are creating new demands.
The legislative calendar reflects the most significant current and upcoming requirements. This section is updated as new rules are finalized.
CMMC: Verification of Security Controls
CMMC moves cybersecurity from self-attestation to third-party verification. If you're in the defense supply chain and haven't started your gap analysis, the clock is running.
Schedule a CMMC Gap Analysis to protect your defense contracts →
SEC Cybersecurity Disclosure Rules
Public companies must report material cybersecurity incidents on Form 8-K within four business days. The SEC launched its Cyber and Emerging Technologies Unit (CETU) in February 2025 to enforce compliance.
CMMC 2.0 (Cybersecurity Maturity Model Certification)
Defense contractors and their supply chains are required to certify cybersecurity controls. Level 2 requires all 110 NIST SP 800-171 controls and third-party assessment for most contracts involving CUI.
State Privacy Law Expansions
New CCPA regulations took effect Jan. 1, 2026, adding strict data privacy framework structures and expanded risk assessments. However, multi-state manufacturers must now actively track compliance timelines extending to states like Texas, Virginia, and Indiana that directly impact supply chain operations.
CIRCIA Final Rule (CISA Cyber Incident Reporting)
CIRCIA will require covered entities to report significant cyber incidents within 72 hours and ransomware payments within 24 hours. While CISA previously targeted May 2026 for the final rule publication, a federal appropriations lapse earlier this year disrupted and rescheduled several sector town halls. The final publication date likely will be postponed. Core reporting thresholds based on SBA standards will remain unchanged.
Prime Contractor Flow-Down Requirements
Large primes are including cybersecurity requirements in subcontract agreements. These requirements arrive through contracts, not rulemaking, which means they can appear with less warning.
Resources
Articles, assessments, legislation updates, and funding opportunities.
AI, Cyber Regulations Moving Fast
Explore how rapidly evolving AI and cybersecurity regulations across the U.S. and EU are increasing accountability for businesses.
Additive Manufacturing and AI at the Moment of Convergence
Automation Alley's foreword to the Integr8 2026 playbook, examining how AI is reshaping design and production across the manufacturing sector.
Verizon Data Breach Investigations Report
Annual Verizon Data Breach Investigations Report. Breaks down data breaches by method, industry, and size, providing valuable insight into the manufacturing threat landscape.
FBI IC3 2025 Internet Crime Report
The FBI's annual cybercrime report. In 2025, reported losses surpassed $20 billion nationally. Michigan reported $381 million in losses.
CMMC Terminology: Key Terms and Definitions
A complete reference of CMMC terms and definitions as defined by the Cyber AB for defense contractors.
NIST MEP Cybersecurity Self-Assessment for Manufacturers
The Manufacturing Extension Partnership's self-assessment tool designed for small and mid-sized manufacturers benchmarking their security posture.
CISA Critical Manufacturing Sector Security Guidance
CISA's framework for protecting operational technology and industrial control systems in manufacturing environments.
Michigan Defense Resiliency Consortium (MDRC)
Led by the University of Michigan, the MDRC offers up to $75K in cost-share funds for technical assistance for Michigan manufacturers entering the DoD energy storage and battery supply chain.
DoD Manufacturer Gets CMMC Compliant
A defense manufacturer achieves CMMC compliance by addressing security gaps and modernizing its IT environment. The transformation strengthens cybersecurity while supporting long-term growth and operational stability.
State & Federal Privacy Laws: Executive Guide for Cyber Accountability Laws
A growing patchwork of state & federal level requirements affect how manufacturers collect and handle employee and customer data.
2024 Michigan Cyber Roadmap
Michigan's statewide cybersecurity strategy names advanced manufacturing and mobility as one of five priority domains.
Report a Cyber Incident: Michigan Cyber Command Center (MC3)
Michigan businesses hit by ransomware, phishing, BEC, or network intrusions should contact MC3 at mc3@michigan.gov or 877-MI-CYBER. After hours: 517-241-8000.
STC Grant: Mobility Manufacturing Funding
Up to $100,000 in matching funds from the GEM initiative for Michigan manufacturers in mobility and transportation sectors. Requires fewer than 500 employees and 10%+ mobility revenue.
MDRC: Defense Supply Chain Cost-Share Funds
Up to $75K in cost-share technical assistance for Michigan manufacturers entering the DoD energy storage and battery supply chain.
State and Local Cybersecurity Grant Program (SLCGP)
A federally funded, reimbursable pass-through grant program aimed at improving cybersecurity posture for state and local government organizations in Michigan.
Physical Security and the Tailgating Threat
Unauthorized physical access is a cybersecurity issue. Learn how tailgating exposes your facility and your network, and what you can do about it.
End-of-Support Edge Devices: A Hidden Risk on Your Network Perimeter
Routers, firewalls, and VPN gateways past their manufacturer support date are actively exploited. A February 2026 joint advisory from CISA, FBI, and the UK's NCSC urges immediate action.
Cybersecurity Consultation
Do you know if your company is secure against cyber threats? Do you have the right security policies, tools, and practices in place to protect your data, reputation, and productivity? If you're not sure, it's time for a cybersecurity risk assessment (CSRA). STACK Cybersecurity's CSRA will meticulously identify and evaluate vulnerabilities and risks within your IT environment. We'll assess your network, systems, applications, and devices, and provide you a detailed report and action plan to improve your security posture. Don't wait until it's too late.