Last year, a mid-sized plastics manufacturer in the Fox Valley discovered that a decade-old Siemens PLC on their injection molding line was reachable from the same network segment as their front-office email server. Nobody had exploited it — yet. But when they brought in a penetration tester, it took eleven minutes to pivot from a phishing email to full control of the production floor. That's the kind of story I expect to hear a lot more of at the 2026 Wisconsin Governor's Cybersecurity Summit, running April 7–8 in Appleton.
Why This Summit Matters More Than Usual
Wisconsin is home to roughly 9,000 manufacturing firms, and according to the Cybersecurity and Infrastructure Security Agency (CISA), the manufacturing sector was the most targeted industry for ransomware in 2024 — accounting for over 25% of all reported incidents. That's not a national abstraction. In my twenty-plus years doing IT work across central Wisconsin, I've walked into machine shops, paper mills, and food processing plants where the operational technology (OT) network has never been audited, firewalled, or even inventoried. The Governor's summit is one of the few events that brings state-level policy, law enforcement, and private-sector practitioners into the same room to talk about this gap.
The IT/OT Convergence Problem Nobody Wants to Talk About
Here's the uncomfortable truth: most manufacturers I work with around Wausau have two worlds that were never supposed to touch each other. The IT side — email, ERP, file shares — runs on modern Windows servers with endpoint detection. The OT side — PLCs, HMIs, SCADA systems from vendors like Rockwell Automation, Siemens, and Mitsubishi — runs on embedded firmware that sometimes hasn't been patched since the Obama administration. The convergence happened anyway. Someone needed production data in a dashboard, so they bridged the networks. Someone needed remote access to a CNC controller, so they opened an RDP port. These one-off decisions create attack surfaces that traditional IT security tools like Microsoft Defender for Endpoint simply don't see, because they weren't designed to monitor Modbus TCP or EtherNet/IP traffic.
Tools like Claroty, Dragos, and Nozomi Networks exist specifically for OT network visibility. They passively monitor industrial protocols and flag anomalies — a PLC firmware change at 2 AM, an unauthorized engineering workstation connecting to a safety controller. If your shop has more than a handful of networked machines, you should at least be evaluating these platforms. A Nozomi Guardian sensor, for example, can be deployed on a SPAN port with zero production impact and will give you a complete asset inventory within hours — something most manufacturers have never had.
Ransomware Isn't the Only Threat
Ransomware gets the headlines, but I'd argue the bigger risk for smaller manufacturers is quiet intellectual property theft. A competitor — or a nation-state actor — who gets access to your CAD files, tooling specs, or customer pricing sheets can do damage you might never even detect. The FBI's IC3 report for 2024 noted that business email compromise (BEC) losses exceeded $2.9 billion nationally, and manufacturers are prime targets because they routinely exchange large purchase orders and wire transfer instructions with suppliers. A well-crafted spoofed email from what looks like your steel distributor can redirect a six-figure payment in minutes.
This is where something like Microsoft Sentinel or a managed SIEM becomes practical even for a 50-person shop. You don't need a full security operations center. You need log aggregation from your firewall, email gateway, and Active Directory — fed into a platform that can correlate events and alert on known attack patterns. Sentinel's pay-per-GB model means you can start small, ingesting just your most critical log sources, and scale up as your budget allows.
What I'd Want to Hear at the Summit
If I were attending the Appleton summit — and I'd encourage anyone in manufacturing, healthcare, or local government IT to register — I'd be listening for three things. First, any updates to Wisconsin's cybersecurity framework recommendations for critical infrastructure operators. Second, how the state plans to support incident response for small manufacturers who don't have a CISO or even a dedicated IT manager. Third, practical guidance on cyber insurance — because underwriters are tightening requirements fast, and I've seen Wisconsin businesses get denied coverage because they couldn't demonstrate MFA on all remote access points or show evidence of an incident response plan.
Three Things You Can Do This Week
You don't have to wait for the summit to start improving your posture. Here are three concrete steps I recommend to every manufacturer I work with:
1. Segment your networks. At minimum, put a firewall between your corporate IT network and your production floor. A Fortinet FortiGate or even a properly configured pfSense box can enforce rules that prevent lateral movement from a compromised office PC to your industrial controllers. This single step would have stopped the Fox Valley scenario I described at the top.
2. Inventory your OT assets. You cannot protect what you don't know exists. Walk the floor with your maintenance team, document every networked device — PLCs, HMIs, VFDs, IP cameras — and record the firmware version, IP address, and last patch date. You'll be surprised what you find.
3. Test your backups against a ransomware scenario. Not just "do backups exist" but "can we actually restore production systems from bare metal in under 48 hours?" If your backup strategy is a USB drive plugged into the server, that drive will be encrypted along with everything else. Immutable backups — Veeam with a hardened Linux repository, or even air-gapped tapes — are the last line of defense that actually works.
Making Cybersecurity a Business Decision, Not Just an IT Problem
The Governor's summit is a signal that Wisconsin is taking this seriously at the state level. But the real work happens on the shop floor, in the server closet, and in the boardroom where budget decisions get made. Cybersecurity for manufacturers isn't about buying the most expensive tool — it's about understanding where your specific risks are and addressing them methodically. I've helped businesses across central Wisconsin do exactly that: assess their OT environments, build segmentation plans, deploy monitoring, and create incident response playbooks that their teams can actually follow.
If you're a manufacturer or business owner who isn't sure where you stand, I'd be happy to walk through your setup and give you an honest assessment. Reach out through my services page or contact me directly — no pitch deck, just a practical conversation about what matters most for your environment.
If you want to read more, check out the original article.
20+ years in IT systems, automation, and full-stack development. Learn more →