BLOG

Author
Denrich Sananda

Date
02-02-2026

Industrial Cybersecurity

Boosting cybersecurity in pulp & paper manufacturing

As the complex, 24/7 industrial environments of pulp & paper mills move more deeply towards digital optimization, cybersecurity has become a core component of operational reliability, safety, and product quality. The more distributed control systems (DCS), quality control systems (QCS), manufacturing execution systems (MES), remote analytics, and cloud data flows are integrated, the more potential targets there are for a cyberattack.

Operational technology (OT) and IT systems in most mills are so intertwined that a compromise in one environment almost inevitably affects the other. A cyberattack is not an abstract IT issue: it is a direct threat to production, people, and the bottom line.

This is not theoretical. The industrial sector, in general, is seeing a rise in ransomware incidents, with manufacturing the most attacked segment in Q3 2025[1]. With many mills continuing to run ageing assets that cannot be patched without stopping production, operators are now forced to balance cybersecurity risk against operational continuity.

The weak point: where OT meets IT

The problem is that most facilities were designed long before cyber risk was a consideration, and many still operate in the flat and minimally segmented manner of pre-digitalization networks.

DCS, QCS, and MES systems, generally supplied by different vendors at different times over the course of a decade, are now expected to interoperate more closely than ever. Production planning is built upon QCS data. Control systems depend on parameters pushed from MES devices.

Operationally, this kind of tight integration is essential. From a security perspective, the diversity of assets in a typical mill poses a challenge. One compromised engineering workstation, human-machine interface, or vendor laptop could serve as a gateway to critical equipment such as paper machine controls, boiler systems, or QCS hardware.

Attackers have options. They get numerous potential entry points, a wealth of lateral movement opportunities, and relative safety, knowing that operators cannot simply reboot or update a system that is part of an ongoing process.

A unique cyber landscape

Strict uptime requirements put pulp and paper mills in significant technical debt. Unpatched systems, insecure protocols, and out-of-date accounts and services continue being used because they work. VPN tunnels to third-party vendors remain open due to frequent remote access requirements. The flaws of pre-digitalization systems may still exist. It is time for the industry to be honest with itself about its flaws and work to close the cyber gap.

OT networks should be clearly segmented into zones aligned to process functions, allowing only the minimum required communication between, for example, DCS, QCS, safety systems, and enterprise interfaces. Using firewalls, allowlists, and one-way data gates, failures (and the lateral movement of attackers) can be contained.

Mills must also look at identity and access. Shared accounts are commonplace, but they offer no traceability or protection against privilege abuse. Unique credentials, multi-factor authentication, and time-limited access reduce risk without preventing legitimate work.

Monitoring deserves focus, particularly on the OT side of the equation, to detect events such as unauthorized configuration changes, modifications to controller logic, or unexpected network behavior, which often precede an attack.

OT cybersecurity: Time for action

All of these changes are relatively small, but they make a big difference to cyber resilience in pulp and paper production. The pace of OT upgrades or downtime should dictate the effort put into upgrading IT systems.

Identify the most critical systems and vulnerabilities and prioritize these for patching during planned downtime. To reduce the risk of unplanned downtime, a clear, tested backup procedure that covers both IT and OT systems can make the difference between a two-day and a two-week outage.

The pulp and paper industry is no stranger to engineering disciplines and is very familiar with the constant pursuit of process improvements and stability upgrades. Cybersecurity should now be part of that operational makeup. An investment in OT security is an investment in continuity, product quality, and future digital innovation.

 

Discover Arista Cyber solutions for manufacturing: https://aristacyber.io/industries

[1] https://www.cybermaxx.com/resources/whats-driving-the-rise-of-ransomware-in-manufacturing/