MyCena Manufacturing

The pattern

Three incidents. Production stopped in all three. Same entry point.

Every major manufacturing breach follows the same sequence: a credential enters the IT network, moves laterally into OT, and production halts. The cost is not measured in records — it is measured in days of lost output.

MKS Instruments — February 2023

$200M

Ransomware encrypted production systems across the semiconductor equipment manufacturer. Facilities suspended. More than a month to restore all operations.

MKS Instruments — a major supplier to the global semiconductor supply chain — lost its ability to process orders, ship products, or provide services. The attack cascaded immediately: chip maker Applied Materials reported $250M in additional losses from supply chain disruption. MKS confirmed post-incident that it had not maintained sufficient IT controls to prevent or detect unauthorised access — specifically calling out failures in access authentication and intrusion detection. A former employee filed a class-action lawsuit citing negligent cybersecurity practices. Moody’s rated the incident as credit negative.

Entry point: compromised access credentials, production systems

Varta & ThyssenKrupp — February 2024

5 sites

Ransomware halted all five of Varta’s global battery production sites simultaneously. ThyssenKrupp’s Automotive Body Solutions unit was taken offline one week later.

Varta — one of Europe’s largest battery manufacturers — shut down all production globally as a precautionary measure and disconnected from the internet. Systems were proactively taken offline across all five facilities. ThyssenKrupp, the German steel and engineering giant, suffered a separate attack on its Automotive Body Solutions division days later, halting production. Both incidents demonstrated that credential-based entry into IT systems can cascade into complete OT shutdown even where the OT systems are not the primary target — the “out of an abundance of caution” shutdown is itself a production loss event.

Entry point: credential access to IT network, OT cascade

Jaguar Land Rover — September 2025

£1.9B

Five weeks of halted production across Solihull, Halewood, and Wolverhampton. Wholesale sales fell 43% in the following quarter. Declared the most damaging cyberattack in British history.

Attackers used social engineering to impersonate insiders and extract employee credentials. Armed with valid logins, they moved through normal authentication flows into core infrastructure before deploying ransomware. JLR had invested £800 million in a cybersecurity and IT support contract with Tata Consultancy Services. The UK’s Business and Trade Committee launched an investigation into whether TCS infrastructure was the means of access — it was the third major attack affecting TCS clients in 2025, following M&S and Co-op. JLR had no cyber insurance. Every pound of lost production came directly out of the company’s accounts. Moody’s downgraded Tata Motors’ outlook to negative.

Entry point: employee credentials extracted via social engineering — third-party IT provider also under investigation

In every case the attacker authenticated as a legitimate user. The production system saw a valid credential. At JLR, that credential was extracted via social engineering — an employee was deceived into handing it over. At MKS, it was the credential layer itself that lacked sufficient controls. In both cases the failure was not inside the production system. It was at the authentication layer above it — the point where a human held something that could be taken.

Risk landscape

Six credential risks specific to manufacturing

Manufacturing carries the standard enterprise credential gap — amplified by one factor that exists nowhere else at the same intensity: the direct, physical consequence of a stopped production line.

01 — Production cost

Every hour of downtime has a number

Manufacturing downtime costs are immediate and specific — not insurable losses on a spreadsheet but real production hours that cannot be recovered. At MKS Instruments, $200M in lost revenue was the direct consequence of compromised access credentials on production systems.

A manufacturer running at full capacity has no recovery window for lost production days. Overtime cannot recapture a missed shipment on a full schedule. A semiconductor fab losing one day of output loses that output permanently. The cost of a credential breach in manufacturing is not the cost of the breach — it is the cost of the production line at a standstill, multiplied by the dwell time before restoration.

02 — IT/OT boundary

The credential that crosses from IT into OT

Three-quarters of manufacturing ransomware shutdowns are indirect — IT credentials cross the IT/OT boundary and trigger precautionary OT shutdowns. The credential does not need to reach the PLC. It only needs to reach the network that the PLC depends on.

The Waterfall 2024 Threat Report found that 75% of manufacturing ransomware shutdowns were indirect — OT systems went down not because they were directly attacked but because the IT network they depended on was compromised. Network segmentation is the standard response, but segmentation does not govern the credential that crosses the boundary at the point of human use. A technician with valid credentials to both IT and OT systems is a crossing point regardless of segmentation architecture.

03 — Supply chain

Vendor and contractor credentials to production systems

Manufacturing depends on dozens of OEM vendors, maintenance contractors, and system integrators who hold credentials to production systems. The MKS breach cascaded to Applied Materials. One supplier’s credential gap became $450M in combined losses across two companies.

Supply chain attacks on manufacturers nearly doubled from 154 incidents in 2024 to 297 in 2025. Every vendor with remote access to a production environment holds a credential that reaches that environment. When the vendor is compromised, the manufacturer’s production floor is the blast radius. MyCena governs vendor credentials from the manufacturer side — the vendor never holds a credential the manufacturer did not generate and cannot instantly revoke.

04 — Legacy OT

Unpatched systems that cannot be protected but can be reached

80% of manufacturers still carry critical vulnerabilities in legacy OT systems. These systems cannot be patched without production downtime. They can, however, be reached through a compromised IT credential. The vulnerability in the OT system is permanent — the credential that reaches it does not have to be.

Legacy PLCs, SCADA systems, and industrial controllers run firmware that is years or decades old — designed before network connectivity was assumed. They cannot be updated without halting production. The security architecture response is network segmentation and access control at the IT/OT boundary. But that boundary is crossed by every technician, vendor, and remote support engineer who holds a credential to both sides. MyCena controls the credential at the human layer — the only layer where governance is possible without touching the OT system itself.

05 — Regulatory

NIS2 and personal liability for operational technology failures

Manufacturers classified as essential or important entities under NIS2 face personal management liability for ICT risk governance failures. A production shutdown following a credential breach that management knew about and did not structurally address is an NIS2 enforcement event — not just an operational incident.

NIS2 Article 20 places direct personal accountability on named senior management for cybersecurity governance failures at essential service operators. Manufacturing companies in sectors including food, chemicals, automotive, and semiconductor supply chain are classified as essential or important entities. The management team briefed on a credential governance gap that did not act has documented its awareness of a known risk under Article 20 — awareness without action is the liability.

06 — AI and automation

AI agents and automated systems accessing production infrastructure

Manufacturers are deploying AI agents for quality control, predictive maintenance, and process optimisation. Every AI agent holds credentials to the systems it accesses. Those credentials are typically ungoverned — created by developers, stored in configuration files, and never entered into any revocation process.

An AI agent decommissioned or compromised carries the same credential breach risk as a human operator — at machine speed, without the behavioural signals that anomaly detection systems rely on. As manufacturers automate more of the production environment, the ratio of AI agent credentials to human credentials grows. MyCena governs AI agent credentials on the same platform as human operators — with the same central generation, the same individual attribution, and the same instant revocation capability.

Where MyCena operates

The manufacturing credential entry points MyCena closes

MyCena does not replace OT security tooling — Dragos, Claroty, and Nozomi govern the OT network layer. MyCena governs the credential layer above it: the remote access layer, the engineering workstations, the ERP and MES interfaces, and the vendor connections that every major manufacturing breach has used as its entry point.

Where credential control applies in a manufacturing environment

MyCena governs

Vendor and contractor remote access

OEM engineers, maintenance contractors, system integrators accessing production systems

Every vendor and contractor accesses production systems through credentials the manufacturer generated and controls — the vendor never holds them. When a relationship ends or an incident is detected, all access is revoked in seconds across every system simultaneously. The MKS supply chain cascade — one supplier credential reaching a customer’s production environment — is closed when the manufacturer owns every credential that touches their network.

✓ Supply chain credential entry point — closed structurally

MyCena governs

ERP and MES interfaces

Engineer and operator authentication to SAP, Oracle, and manufacturing execution systems

ERP and MES systems are the primary entry point for IT-layer manufacturing breaches — JLR’s SAP system was among the first systems compromised. MyCena governs authentication to these systems: credentials generated centrally, injected invisibly, never visible in human hands. Nothing for a social engineering attack to extract.

✓ JLR ERP entry point pattern — closed structurally

MyCena governs

SCADA and HMI workstations

Production floor operators, process engineers, quality control technicians

Every operator has individually generated credentials. No shared logins on production floor workstations. Every access event is attributed to a named individual, timestamped to the second. The NIS2 and ISO 27001 audit trail is generated automatically as a byproduct of normal operation. When an operator leaves, access is revoked with one command.

✓ Shared credential and insider risk — removed architecturally

MyCena governs

AI and automation agents

Quality control AI, predictive maintenance systems, process optimisation agents

AI agents deployed in manufacturing workflows authenticate through MyCena alongside human operators. Their credentials are centrally generated, individually attributed, and instantly revocable when a deployment changes or an agent is decommissioned. As automation increases the ratio of non-human to human credentials in production environments, credential governance needs to scale with it.

✓ AI agent governance — same platform as human operators

Outside scope

PLC firmware & device credentials

Hardcoded device credentials, PLC proprietary protocols, embedded firmware

Hardcoded credentials in PLC firmware and legacy device protocols operate below the standard authentication layer. These are governed by OT-specific platforms such as Dragos, Claroty, and Nozomi. MyCena operates above this layer.

The manufacturing stack — credential governance by layer

MyCena governs · Level 5

Enterprise IT — ERP, email, SaaS, corporate workstations

Full credential governance for all users, vendors, and AI agents. Central generation, invisible injection, instant revocation. JLR’s SAP ERP compromise happened at this layer.

MyCena governs · Level 4

IT/OT boundary — MES, historians, jump servers, remote access

The convergence layer between enterprise IT and production systems. Remote access VPN endpoints, Manufacturing Execution Systems, data historians. The entry point in three-quarters of manufacturing ransomware shutdowns.

MyCena governs · Level 3

Operations network — SCADA, HMI workstations, production control

Engineer and operator authentication to SCADA interfaces and HMI workstations. Individual attribution, shared credential elimination, full audit trail. Every operator credential individually generated and instantly revocable.

OT platform scope · Level 2

Control network — PLCs, DCS, RTUs, industrial controllers

Process control systems. Governed by Dragos, Claroty, Nozomi for OT network monitoring and anomaly detection. Below the standard authentication credential layer.

OT platform scope · Level 1

Field devices — sensors, actuators, robots, embedded systems

Physical production layer. Hardware-specific firmware governance. Outside the standard authentication credential model. Hardcoded device credentials governed at the OT platform layer.

Complementary, not competing. MyCena and OT security platforms (Dragos, Claroty, Nozomi) address different layers of the same problem. OT platforms monitor what happens inside the production network. MyCena governs the credentials used to enter it. Both are necessary. Neither is sufficient alone.

What MyCena delivers

Credential governance without touching production infrastructure

MyCena deploys above existing production systems. No PLC is modified. No SCADA architecture changes. No OT system is disrupted. Operators notice one difference: they click to connect instead of typing a password.

Remote access credentials — nothing to phish or steal

Engineers connect to production systems by clicking — MyCena injects the credential invisibly at authentication. Industrial access credentials selling for up to $70,000 on dark web markets require a credential to exist in human hands. MyCena ensures there is nothing to find, buy, or steal.

Vendor access revoked in seconds, not days

Every OEM vendor, maintenance contractor, and system integrator accesses your production network through credentials you generated. When a relationship ends or an incident is detected, all access across every production system is revoked in seconds — not after a manual offboarding process that takes days and is rarely complete.

NIS2 and ISO 27001 audit evidence — generated automatically

Every access event is attributed to a named individual, timestamped to the second, and logged continuously. NIS2 access governance evidence and ISO 27001 access control requirements are satisfied architecturally — not assembled before audit under examination pressure.

Deployed in two weeks — no production disruption

MyCena deploys as a software overlay above existing production systems. No OT architecture is modified. No production line is interrupted. No maintenance window is required. The production team experiences one change: click to connect instead of type a password.

£1.9B

estimated UK economic damage from one manufacturing cyberattack — declared the most damaging in British history

Five weeks of halted production at JLR. Over 5,000 UK organisations affected. Wholesale sales down 43% the following quarter. The entry was employee credentials extracted via social engineering. The attacker group used those valid logins to move through normal authentication flows into core infrastructure — no exploit, no zero-day, just a credential that should never have existed in human hands.

How it works

Credential governance without modifying production infrastructure

No PLC modified. No SCADA architecture changed. No production line interrupted. No maintenance window required.

Step 01

Manufacturer generates all credentials centrally

Every credential for every production system — operator, engineer, vendor, AI agent — is generated by the manufacturer through MyCena. No individual creates their own access. No vendor brings their own credentials to your network. Credential ownership is the manufacturer’s from the moment of creation.

Step 02

Invisible injection — click to connect, nothing to steal

Operators and engineers click to connect to any production system. MyCena injects the credential at authentication — never displayed, never typed, never held in memory or clipboard. Industrial credentials selling for $70,000 on dark web markets require a visible credential to purchase. MyCena provides nothing to find.

Step 03

Continuous access log — NIS2 evidence generated automatically

Every access event is logged — which operator, which production system, timestamp to the second. The NIS2 access governance evidence and ISO 27001 audit trail are generated continuously — not assembled before inspection. Regulators receive the log, not a document prepared under examination pressure.

Step 04

Instant revocation — vendor, operator, or AI agent

A vendor relationship ends or a suspected breach is detected: one command, all access revoked across every production system in seconds, timestamped log produced. The manual offboarding process that leaves former vendor credentials live for days or weeks is eliminated. The audit finding category does not exist.

Regulatory framework

NIS2, ISO 27001, IEC 62443, and cyber insurance — all require what MyCena delivers

Manufacturing access control requirements demand demonstrable evidence of individual accountability and supply chain governance. MyCena generates that evidence continuously.

NIS2 — Articles 20 & 21

✓ Personal liability — structurally mitigated

Essential and important entity manufacturers face personal management liability for ICT risk governance failures (Article 20) and must demonstrate supply chain security including third-party credential governance (Article 21). MyCena generates the continuous technical evidence both articles require — not policy assertions assembled before a regulatory examination.

ISO 27001 — Access Control

✓ Individual attribution and audit — architectural

ISO 27001 Annex A.9 requires access control including individual user accountability, user registration and deregistration procedures, and secure authentication. MyCena satisfies all three architecturally — individual credentials per user, instant deregistration, invisible authentication. The ISO 27001 access control audit evidence is generated automatically.

IEC 62443 — OT Security

✓ Identity management at IT/OT boundary — satisfied

IEC 62443 requires identity management and access control at the IT/OT boundary, including authentication requirements for human and non-human users of industrial automation and control systems. MyCena governs the credential that crosses that boundary — the point where every manufacturing ransomware attack has entered.

GDPR — Employee and operational data

✓ Article 32 technical measures — architectural

Manufacturing companies hold employee personal data, operational data, and in some sectors customer data. GDPR Article 32 requires appropriate technical measures. Structural credential control — central generation, invisible injection, instant revocation — demonstrates the technical measures the ICO and European DPAs require in the event of a breach investigation.

Cyber Essentials Plus

✓ Access control requirements — structurally satisfied

Cyber Essentials Plus requires access control verification, user account governance, and authentication security. Manufacturers supplying UK government contracts or public sector supply chains must hold CE Plus certification. MyCena satisfies the technical access control requirements architecturally rather than through self-attestation.

Cyber insurance

✓ Level 4–5 maturity — premium reduction evidence

Manufacturing cyber insurance premiums are at record highs as the sector becomes the most targeted industry globally. Underwriters are explicitly assessing remote access credential governance and third-party access controls as rating factors. Structural credential governance provides the Level 4–5 maturity evidence that supports premium negotiation at renewal.