Building cyber resilience in always-on industrial environments

In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments.

Dr. Sattler also shares practical strategies for working with third-party partners and preparing for the next wave of automation.

What unique cybersecurity challenges arise from smart warehouse systems and industrial control systems?

Smart warehouses incorporate a range of technologies, from programmable logic controllers (PLCs) and warehouse management systems to autonomous mobile robots and IoT-enabled forklifts. While these innovations optimise throughput and efficiency, they also expand the attack surface significantly.

Industrial control systems (ICS) were traditionally designed with safety and reliability in mind, rather than security. Many still rely on legacy protocols without encryption or authentication. Introducing connectivity, whether for monitoring, remote maintenance, or integration with ERP systems, adds layers of complexity and risk. ICS environments are also highly sensitive to latency, so the application of traditional security controls or frequent patching can result in unintended consequences.

Furthermore, there has been a notable convergence of IT and OT (operational technology), both of which have historically functioned in isolation. This convergence poses a significant challenge. A vulnerability in a connected system – for example, a misconfigured WMS or an unpatched forklift telemetry unit – can become a pivot point for attackers. It is crucial to understand these interdependencies in order to build effective defences.

How can CISOs balance operational continuity with cybersecurity in environments that can’t afford downtime? What does cyber resilience mean for a company with 24/7 operational demands?

Even minor disruptions in a warehouse can have significant knock-on effects across the entire supply chain. It is important to note that cyber resilience encompasses more than perimeter defence. It is the ability to maintain core functions during and after a cyber incident.

Achieving the right balance between continuity and security begins with the decisions made during the architectural planning stage. Segmenting critical OT environments, implementing strict access controls, and designing for failure containment are all essential. Investing in real-time monitoring tailored for industrial environments is also crucial. Such tools must be capable of detecting anomalies without compromising performance.

It is also important to understand that preventing an attack is not sufficient; the ability to swiftly restore operations is equally crucial. This includes offline backups of configurations, tested incident response playbooks, and defined failover processes that are co-developed with operations teams.

Furthermore, it is essential to consider cyber resilience beyond the warehouse environment. Maintenance workflows and the timely delivery of critical parts also depend on secure digital communication and system availability. A system that is compromised has the potential to delay repairs, create backlogs and increase operational risk across the board.

What’s your strategy for building a security-first culture among engineers and plant operators?

Security must be an integral part of all business operations. This is particularly relevant in industrial environments where personnel working closest to the systems are not always IT professionals. In order to obtain their buy-in, it is essential to communicate in a manner that they can understand and demonstrate that security measures do not hinder, but rather support, their objectives.

We conduct regular awareness campaigns, but we avoid generic messaging. Operators are not required to be familiar with, for example, email encryption; however, they must be able to recognise a suspicious USB device. Our security awareness content is designed to be modular, easily digestible in small units, and tailored to the operational context of the shopfloor. We are committed to adapting our training content to align with the unique needs of each work environment, whether it is a shift briefing or a 3-minute training module.

Finally, we reward secure behaviour. In the event of an operator reporting an incident or near-miss, they will be recognised and not reprimanded. Positive reinforcement has been shown to be a more effective approach.

How do you assess and manage cybersecurity risks posed by third-party logistics (3PL) partners and suppliers?

Supply chain risk is one of the most complex aspects of industrial cybersecurity.

We manage partners through a tiered supplier risk programme. All suppliers undergo a security assessment based on their level of criticality. For high-risk partners, such as those with remote access, we require contracts to include clear cybersecurity clauses, including obligations to report incidents and requirements for handling data.

We also incorporate scenarios involving attacks originating from third parties in our tabletop exercises. This helps us to identify weak links.

Furthermore, we recognise that security is a shared responsibility. We actively support our partners in improving their security posture by offering best practice recommendations where appropriate.

How can industrial CISOs future-proof their security investments as automation and robotics continue to evolve?

Ultimately, cybersecurity in industrial environments is about managing risk wisely while enabling progress.

To stay ahead, CISOs should focus on the following four principles:

• Modularity: Invest in security architecture that can evolve, such as zero-trust network segmentation or containerised application environments.
• Visibility: Invest in OT visibility tools that integrate with IT monitoring and support root cause analysis across domains.
• Partnership: Work closely with R&D, product security and vendor partners to incorporate security into the earliest stages of innovation. Security by design must be more than just a slogan.
• Talent: Build hybrid teams with expertise in both cybersecurity and industrial engineering. Future-proofing isn’t just about tools; it’s about people who can think across domains.