Cybersecurity Is Now a Fundamental Requirement in Industrial Systems
Industrial systems are becoming increasingly interconnected and complex. At the same time, the importance of cybersecurity is growing rapidly. At Promeco, cybersecurity is seen as an essential part of system reliability and safe operation.
The development of the company’s cybersecurity is led by Cybersecurity Specialist Matti Mäkinen, who works with cybersecurity solutions related to products and systems.
“Cybersecurity is no longer an optional add-on that can be sold with a product. Today, it is a fundamental requirement,” says Mäkinen.
Cybersecurity has evolved rapidly
Mäkinen began his career at Promeco as a mechanical designer in 2017 and transitioned into a cybersecurity specialist role in autumn 2025. However, his interest in the field developed years earlier.
According to him, the importance of cybersecurity has increased significantly over the past decade:
“Systems have become more complex and more interconnected. When systems communicate with each other and are accessible from outside, the number of vulnerabilities also increases.”
At the same time, the threat landscape has changed.
“In the past, attacks were often carried out by individual hackers or small groups. Today, these groups may be supported by state actors, which has significantly professionalized cyber operations.”
Cybersecurity is embedded in processes and design
In industrial environments, cybersecurity is a comprehensive approach that extends from design to operation and maintenance.
“Cybersecurity is inherently invisible, but it is present everywhere. In industrial solutions, it is made visible through processes, risk management, testing, and documentation.”
An important aspect of cybersecurity is considering the entire lifecycle of a product already at the design stage.
“Cybersecurity must be included from the tender phase onwards. This allows responsibilities and requirements to be clearly defined, helping to avoid surprises during the project.”
Key factors in design include, for example:
- component selection
- network architecture design
- system configuration
- identification of risks and vulnerabilities
Cyber threats can have real-world consequences
Insufficient cybersecurity can lead to very tangible problems in industrial environments.
“If a malicious actor gains access to an OT system, it usually has physical consequences. For example, production may stop or systems may malfunction.”
Mäkinen refers to cases where cyberattacks have halted entire production facilities and supply chains or caused significant financial losses. The impact on companies can be severe.
“In addition to financial losses, there is often reputational damage.”
One of the most critical interfaces is the connection between IT and OT systems, through which attacks can move from information systems to production systems. This highlights the importance of an organization’s overall information security policies and practices.
Requirements are increasing rapidly in the marine industry
In the marine industry, cybersecurity requirements have tightened significantly in recent years. The requirements of classification societies and related standards directly affect how systems are designed and implemented.
“These frameworks bring a wide range of technical and organizational requirements. They are visible both in daily work and in project execution.”
In practice, this means increased documentation, more detailed risk and threat management, system testing, and personnel training.
In addition, integrating systems from multiple suppliers has become an increasingly important responsibility for customers.
“We are responsible for the cybersecurity of the systems we deliver, but our customers often carry broader responsibility for the overall system and its secure integration and operation.”
Cybersecurity is also an opportunity
For Promeco, cybersecurity is both a requirement and an opportunity to strengthen its expertise as a system supplier in the marine industry.
“It is clearly an opportunity for us to demonstrate our capabilities. When we deliver systems that meet requirements and are secure, we also strengthen our expertise.”
Mäkinen emphasizes that there is no such thing as a perfectly secure system.
“In today’s world, it is not possible to create a completely invulnerable system. The goal is to develop and build solutions where risks are identified and minimized as effectively as possible.”
Towards a more secure future
The role of cybersecurity in industrial projects will continue to grow.
“Systems are becoming increasingly complex, and successful cyberattacks can even lead to global changes in industry practices and requirements. This, in turn, drives improvements in expertise and preparedness, so overall we are moving in the right direction. At least for new facilities, vessels, and systems.”
Mäkinen believes that as new practices become established, cybersecurity will gradually become a natural part of everyday work.
“At first, this requires a lot of analysis and learning. But over time, it becomes routine—just like many other safety-related practices.”