________________________________________________________________________________________________________________________
The SolarWinds effect
The 2020 SolarWinds breach starkly illustrated the risk posed by software supply chains. Attackers, identified as a group known as Nobelium by Microsoft, inserted malicious code into an update of SolarWinds’ Orion IT management software. This‘ trojanized’ update was installed by 18,000 SolarWinds customers globally, including US federal agencies and major corporations. Once installed, it allowed attackers to silently surveil and infiltrate systems for months.
While SolarWinds wasn’ t a manufacturingspecific incident, it proved the point that a single compromised software vendor can act as a springboard into highly sensitive systems across multiple sectors. It also highlights how attackers don’ t need to target critical infrastructure directly; they can infiltrate through less defended but deeply connected sectors like manufacturing.
Wider impact: how linked systems spread risk
The risks involved in cyberattacks on the manufacturing sector aren’ t just technical, they’ re structural. Many CNI operators depend on just-in-time supply chains to source specialized equipment or services from manufacturers. They’ re not storing spare parts in a warehouse somewhere – they’ re depending on manufacturers to deliver exactly what they need, exactly when they need it. All of this is coordinated by a web of digital platforms, maintenance tools, and remote diagnostic systems that are more connected than a LinkedIn influencer’ s profile.
A cyberattack that disables a manufacturing firm’ s logistics platform or data environment can trigger delays or failures in the delivery of critical components. This not only disrupts maintenance schedules but can also undermine resilience across multiple infrastructure sectors.
Another major risk is that manufacturers and CNI operators often use the same service
16