Cyber risk stops being abstract the moment a control panel becomes a bridge between the plant floor and the outside world. We pull back the door on modern industrial control panels and show how they’ve evolved into the central hub for switches, firewalls, remote access, and data pathways that keep production moving—or bring it to a halt. Using a smart home as a simple frame, we unpack why a physical lock isn’t enough and how layered defenses protect uptime, quality, and safety.
We walk through the real risks leaders face: unauthorized access by outsiders or insiders operating beyond their role, subtle shifts to setpoints and logic that quietly degrade OEE, and incidents where cyber failures trigger physical consequences. Then we get practical. Secure design starts inside the panel with segmentation between control networks and enterprise IT, industrial firewalls, managed switches, and well-defined remote access. Governance matters as much as gear, so we outline clear authority boundaries, human override rules, and audit trails that build trust and accountability on the floor.
Security doesn’t end at commissioning. We emphasize lifecycle patching, documentation, and future-proofing so updates aren’t scary and “temporary” workarounds don’t become permanent backdoors. Because people make or break any control, we share tactics to reduce friction: role-based access that’s fast, labeled interfaces, simple credentials, and training that explains the why behind every safeguard. Finally, we invite you to pressure-test these ideas in our hands-on labs, where you can validate architectures with real PLCs and HMIs before deploying to live lines.
Keep Asking Why...
Read our latest article on Industrial Manufacturing here
https://eecoonline.com/inspire/panels_202
Online Account Registration:
Video Explanation of Registering for an Account
Register for an Account
Other Resources to help with your journey:
Installed Asset Analysis Support
System Planning Support
Schedule your Visit to a Lab in North or South Carolina
Schedule your Visit to a Lab in Virginia
Submit your questions and feedback to: podcast@eecoaskwhy.com
Follow EECO on LinkedIn
Host: Chris Grainger
Episode Transcript
Welcome to Eco Ask Why, a podcast that dives into
industrial manufacturing topicsand spotlights the heroes that
keep America running.
I'm your host, Chris Granger,and on this podcast, we do not
cover the latest features andbenefits on products that come
to market.
Instead, we focus on advice andinsight from the top minds of
(00:20):
industry because people andideas will be how America
remains number one inmanufacturing in the world.
Welcome to Eco Ask Why.
I'm your host, Chris Granger.
Looking forward to spending sometime with you today, and we're
going to continue our look intoindustrial control panels.
(00:41):
And right now, what we're goingto focus on is how you can
protect the connected operationsthat we find in our industrial
facilities these way these days.
Okay.
Now, there's a simple way tounderstand the risk, and we're
going to try to break this downto help you just encourage you
as you grow in yourunderstanding of industrial
control panels.
And if you start thinking aboutindustrial cybersecurity, one
(01:06):
way that I found useful is startthinking about the security
system of your modern home.
And sometimes they're calledmodern modern smart homes,
right?
And before that, go back to yourold fashioned house, like when
you maybe when you grew up.
Security there meant justlocking the front door.
Maybe that was it.
Like the house wasn't connected,right?
(01:27):
You didn't have uh the threatsthat we have these days, it
seems like, where you have thesethese big physical, more obvious
threats.
But in a smart home now, uh youhave locks, you have lights, you
have cameras, thermostats,alarms, everything's connected,
right?
It's all connected through theinternet.
And security becomes a layeredconcern that we need to be
(01:49):
understanding, right?
And it's continuous, right?
Secure, your house is securewhen you're there, and when
you're not there, there'slights, there's there's cameras,
there's all sorts of thingshappening.
Uh physical lock, we recognizeit's no longer enough, right?
We we want more.
Uh, and in that case, you needfirewalls, you need you need
credentials, you need to havethe right network and the
(02:09):
segmentation setup, and thatconstant monitoring to make sure
that the systems designed toimprove convenience uh uh don't
just go down and next thing youknow, you got an open door for
intruders, right?
We don't want that.
So in modern manufacturing, it'sthe same way.
It's the exact same way.
Factories have become moreconnected, and industrial
control panels now function likethis smart uh home hub within a
(02:34):
plant, okay?
And we understand we need tothink through the point where
physical operations right now ismeeting digital access, right?
This is come together.
And just like that smart home,if you don't have that hub
intentionally secure, thatconnectivity can be exposed.
And we don't want that, right?
So again, electrical equipmentcompany, we're all about helping
(02:55):
you in these areas.
So if you have some umapplications that you would like
for us to dig into, we have theresources, we have the experts
that can come do that diagnosisand help help you understand at
least what your risk points are.
Okay, so connect with us.
That's a big thing.
Connect with us and let us havea conversation because you need
to know when connectivitybecomes an operational risk.
(03:17):
Because manufacturing, again, inthe middle of a digital
transformation, so many thingsare happening.
Industrial control panels areincreasingly housing Ethernet
switches, uh, routers,firewalls.
You got these modems, you haveremote access gateways that
connect to PLCs and HMIs anddrives and safety systems, all
this stuff, right?
(03:38):
And this is good, but it alsoenables, you know, real-time
productivity, remotediagnostics, predictive
maintenance, data-drivenoptimization.
And here's the deal (03:50):
it also removes so much of the old
safety net of isolation becausethink about how old the OT
systems they used to be reallybuilt and designed around their
security through up security,right?
Systems weren't connected,right?
They weren't reachable.
So if that system went down, itjust affected that part of the
(04:10):
plant, right?
Not anymore, right?
No longer anymore.
Everything is connected.
Control networks are accessiblesometimes intentionally,
sometimes unintentionally, andyou have this IT infrastructure
you got to think about.
And the result is cybersecurityfailures now directly translate
into safety incidents or todowntime and the scrap or lost
revenue.
It's a big deal.
(04:31):
So we need to take some steps todesign the secure panels from
the start.
This is what we're going to tryto help you with, okay?
And as we start thinking aboutthis, what are the real risks
inside these connected controlpanels?
Just need to know what some ofthose real risks are.
And it's because this is notjust some theory, okay?
This is operational, this isfunctional to your plant.
(04:54):
One of the first big risks isunauthorized access because
control panels often providedirect pathways to critical
assets.
Just think about what thesecontrol panels are touching
again, a the PLC, the HMI, yourmotion systems, your safety
systems.
And if you don't have propersegmentation or authentic or
being authenticated, um, ormaybe you don't even have that
(05:16):
physical protection in place,access can be gained by external
hackers or internal usersoperating outside of their role.
Okay, so look, this isn't justan IT breach, guys.
Don't think about it that way.
It's someone standing at thecontrols, right?
You have to be careful.
Now, you also have dataintegrity and process control.
(05:36):
So manufacturing decisionsdepend on trusted data.
So if a sensor uh values or setpoints of control uh the logic
are altered, even in theslightest, the system may
operate, but performance can godown.
And that bad data, when you makethose changes, right, that bad
data can result in poor quality.
Maybe your OEE goes down, maybeyou're starting to wear your
(05:59):
equipment more and more, oryou're creating some unsafe
operating conditions.
So an OT, that that integritymatters more than
confidentiality because thephysical outcomes depend on it,
right?
Now, system disruption andphysical consequences are also
areas of concern because unliketraditional IT system, OT cyber
(06:20):
incidents don't just disruptscreens and files, they stop
lines, right?
Equipment stops moving and itcan damage equipment and it can
create all sorts of safetyhazard.
So a compromised panel can shutdown production for sure, but it
could cause uncontrolledbehavior in your machinery.
(06:40):
And downtime isn't always theworst case scenario.
Loss of control is like if youlose control of your equipment,
that is a big deal.
And this is again why I'm nottrying to paint like a doomsday
picture here, but we're tryingto help you see that industrial
control panels are the frontline, they are non no longer can
be viewed viewed as passiveenclosures, they are
(07:02):
architectural decision points.
Think about that.
Architectural decision points.
What gets installed in the paneluh and how it's designed
determines so much.
It determines about your networksegmentation, it determines
about your physical uh uh accesslimitations, it were it
determines your upgrade andpatching feasibility, it
determines what your long-termcybersecurity posture is going
(07:25):
to be.
So again, effective OT securitystarts with that intentional
panel design.
Right?
We're not just adding on fixes,we're not just patching stuff.
And so much of that comes downto layered, right?
There's a layered security bydesign.
Just like your smartphone andseparates guest Wi-Fi.
Think about that.
Your guest Wi-Fi from like yoursecurity cameras, industrial
(07:47):
systems must segment controlnetworks and from enterprise and
external uh access paths, right?
So think about this is includingyour industrial firewalls, your
manned switches.
Uh, it's this includes securedremote access methods.
So you're being very defined onwhat that looks like.
This is this is setting upencrypted encrypted
communications where it's whereit makes sense, and then having
(08:09):
physical separation of criticalsystems, like physically having
that separation there.
Okay, so all things to thinkabout.
Uh you want to be very clear aswell on defined authority and
oversight.
So as systems become moreautonomous, clear boundaries are
essential, and controlarchitectures uh must must
really be clear on whatdecisions automation can make
(08:29):
versus when does humanintervention need to come in?
And what does an override looklike?
And if it override happens, howis it logged and how is it
audited?
Okay, so all these things startrunning together because uh
security is is as much about thegovernance as much it is about
the technology.
You have to have the processesin place.
So as we think about this, thelife cycle support, and and and
(08:53):
this is not just a one-timedeal.
This is not when you think cybercybersecurity, it isn't a
commissioning activity, it'songoing life cycle
responsibilities.
Panels they these days have tobe designed with with the
ability for updates andpatching.
They need to have the tons ofdocumentation and traceability
(09:13):
to understand what goes who andwhere and why.
It needs to have audits andstandard compliance, and then
ultimately thinking forwardabout future expansion without
creating uh any new exposure.
Like if you want to add thisequipment to the future, that's
great.
Is that gonna be an access pointfor cybersecurity threat?
These are what we need to startthinking about.
And the human factor is such abig deal because most secure
(09:36):
systems fail if people can'twork with them.
We're gonna find a way to bypassit, right?
So operators and maintenanceteams interact with this
equipment every day.
So if security controls areunclear or maybe they're it
causes too much friction, orthey're just they're poorly
explained.
Guess what?
They will try to find a wayaround it.
(09:56):
And that's why OT security hasto be tied to training as well,
to make sure that the peopleunderstand the workflows, to
make sure they understand theirtheir access points of what they
have access to and what theydon't have access to, and and
ultimately uh has the safeoperation uh design under
pressure.
So the a secure system has tobe, guys, has to be one that
(10:19):
people understand first andforemost and trust.
Because if they don't understandit, they don't trust it, they're
gonna do all they can tocircumvent it, and that's when
things happen.
That is where we have to besuper careful.
So, again, it's all aboutbuilding secure, resilient
systems because connectivity isnot the image, is not the enemy
(10:40):
here.
Poorly governed connectivity isthat's a big deal.
And manufacturers out there, ifyou're treating cybersecurity as
a core design principle, notsomething that's like absolute
as an afterthought, and thenyou're like, oh, yeah, we need
to do this.
But if you think of it as a coreprinciple, you're better
positioning yourself, okay,because you're gonna be able to
scale much better.
You're gonna be able to adoptnew solutions so much better,
(11:02):
and you're gonna be able toprotect uptime and safety, which
is ultimately what we're allabout.
And we're partnering, electricalequipment company, we're
partnering with manufacturingmanufacturers right now to
design and support secure,resilient industrial control
solutions.
Think about from enclosuredesign to component selection to
network architecture tomodernization.
(11:22):
This is what we do.
This is how we step in and serveat us at a significantly high
level.
So look, great way to connectwith us, go to ecoonline.com.
There we have opportunities forour labs, and we have labs all
throughout our geography.
So wherever, if you're listeningto this podcast and you're
within our service area, thereis a lab close to you within, I
(11:46):
would say, reasonable drivingdistance.
Get connected with us.
Come in.
Let's have let's let's bring youin.
Heck, we'll we'll buy you asandwich, we'll sit down, we'll
have a conversation, and let'stalk technology.
Let's talk and see your project.
Let's talk and see what yourapplications are.
And then from in our labenvironment, do some testing.
Do some throw some thingsagainst the wall, see what
(12:07):
sticks, right?
You have a good better feel forthis technology, particularly
for your industrial controlpanels, so that when you make
the decision to implement it inyour plant, you're not just
coming off a uh a YouTube video.
You have real-world experience.
And that's what we're trying toprovide you at Electrical
Equipment Company, is theopportunity to get those to get
(12:27):
those reps before you actuallybring it into the facility.
And that's a big deal.
And that is why we made theinvestment in these labs, and we
highly encourage you to checkthem out and come see us.
In fact, in this podcast, thereis a link to if you're in
Virginia or if you're in in theCarolinas, wherever you find
yourself, there's a link whereyou can schedule time directly
(12:49):
to come in, visit our labs, andhave these conversations because
that's where the rubber meetsthe road.
And I'll tell you, our team ofexperts, they are absolutely
incredible.
They're smart, they'rebrilliant, they're amazing,
they're ready to serve, they'reready to help.
So go check that out in the shownotes, okay?
So that is it on cybersecurity.
Hopefully, you enjoyed that.
We're just trying to do theseepisodes just to give you some
(13:09):
insights, some things to thinkabout.
Hopefully, you're beingencouraged by it.
If you want to uh connect withus again, ecoonline.com or we're
on LinkedIn.
If you check uh search forElectrical Equipment Company on
LinkedIn, that's a great way toconnect with us there.
We have a lot of followersthere.
We try to put out information ona regular basis on our LinkedIn
profile.
Uh, and other than that, we'dlove to see you at one of our
(13:30):
branches.
So, yeah, if you're in ourservice area, connect with us,
come in.
Again, look, we'll love to buyyou a sandwich and sit down and
just talk about what's going onin your industrial facility and
see how we can serve andhopefully help you uh through
your modernization goals.
All right.
So have a great day.
Thank you so much for listening.
And um, we just enjoy doing thisand sharing this information.
(13:51):
Hopefully, you're finding valuein it and uh share it with
others.
Uh, give us a rating review ifyou don't mind, that'd be great.
And at the end of the day, justremember to keep asking why.
Thank you for listening to EcoAsk Why.
This show is supported ad-freeby Electrical Equipment Company.
EECO is redefining theexpectations of an electrical
(14:12):
distributor by placing peopleand ideas before products.
Please subscribe and share withyour colleagues and friends.
Also leave comments, feedback,and any new topics that you'd
like to hear.
To learn more or to share yourinsights, visit ecosy.com dash
e-d O.
A S A S W H Y.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Kingdom of Fraud
It’s the unlikeliest of criminal partnerships: a devout polygamist from an insular Utah sect joining forces with a shadowy Armenian tycoon from LA. The result - a billion dollar fraud conspiracy. In Kingdom of Fraud, investigative reporter Michele McPhee traces the origins of the extraordinary alliance between Jacob Kingston and Levon Termendzhyan. Together, the two men trigger the largest tax investigation in American history and weave around themselves a web of dirty cops, influential political relationships and transnational money laundering. All this is set against the backdrop of Jacob Kingston’s clan – The Order. A powerful and secretive polygamist organization in Salt Lake City. To whom Jacob is desperate to prove his worth. Kingdom of Fraud is produced by Novel for iHeart Podcasts. For more from Novel, visit https://novel.audio/. You can listen to new episodes of Kingdom of Fraud completely ad-free and 1 week early with an iHeart True Crime+ subscription, available exclusively on Apple Podcasts. Open your Apple Podcasts app, search for “iHeart True Crime+, and subscribe today!