Manufacturing Cybersecurity for SMEs: Implementing Zero Trust in Legacy Industrial Environments

Small and medium-sized manufacturing enterprises (SMEs) face significant cybersecurity challenges due to the convergence of information technology and operational technology, yet they lack resources for enterprise-grade solutions. With manufacturing representing 25.7% of global cyberattacks in 2023, SMEs operating legacy industrial equipment are disproportionately at risk. This research adapts Zero Trust Architecture (ZTA) principles for resource-constrained environments through systematic analysis of financial, technical, and human resource constraints. We propose a four-layer adaptive framework comprising proxy-based identity enforcement, protocol-aware segmentation aligned with the Purdue Model, manufacturing-tuned behavioral analytics, and fail-operational response mechanisms, enabling ZTA implementation without equipment replacement. Validation via a multi-month pilot at a mid-sized discrete manufacturing facility operating legacy industrial system shows measurable improvements: critical vulnerabilities decreased by approximately 55%, mean time to detection improved by over 99% (from 90 days to 12 minutes), and security incidents fell by 78%, while production availability increased from 94.2% to 96.1%. The total implementation cost of approximately $75,000 yields a payback period of 1.3 to 4.5 months based on breach prevention value. The approach demonstrates that SMEs can achieve enterprise-level security outcomes at only 3–9% of infrastructure replacement cost