Cybersecurity: how we anticipated the NIS2 standards

by Luca Gamba – ITC Director

In recent years, the digital transformation of the industry has seen a massive acceleration. While this shift has undeniably unlocked extraordinary gains in production performance, it has also paved the way for a series of risks that are often underestimated: without the right cybersecurity measures, digitalization can quickly turn from an asset into a critical vulnerability.

With machines becoming increasingly connected, remote services evolving, and digital supply chains expanding, cybersecurity has shifted from being a strictly IT-related topic to a fundamental business enabler. For this reason, FPT chose to anticipate the curve. Well before it became a mandatory market requirement, we launched a structured journey to strengthen our digital infrastructure and align ourselves with the rigorous standards of the NIS2 Directive.

A shared responsibility

The NIS2 Directive marks a turning point: it explicitly brings the manufacturing sector into focus, recognizing that connected machines and OT (Operational Technology) systems are now critical assets that require protection.

For several years now, we have been aware of how our machines were becoming a key node within our customers' digital infrastructures, especially when dealing with sectors that have long required highly stringent safety standards, such as aerospace and power generation.

We chose to act early because we believe that a connected machine is a shared responsibility, and our customers’ business continuity is too valuable to leave to chance. This decision allowed us to build a long-term vision for digital security, moving beyond a "patchwork" or reactive approach. Most importantly, it has enabled us to fully integrate cybersecurity into our core business processes and, crucially, into our own product development.

Building resilience: technology, processes and culture

Achieving these results required, clearly, a cross-functional commitment involving the entire organization. From a technological perspective, FPT invested in strengthening IT and OT infrastructure, implementing network segmentation, advanced access protection, and structured incident management systems to ensure that our digital borders are always defended. In parallel, security criteria were introduced into cloud services and business support systems.

On an organizational level, the path to NIS2 led us to a more formal and rigorous definition of roles and processes. From risk management to business continuity, our approach remains strictly aligned with the ISO 27001 certification standards. We chose this as our benchmark because it provides a solid, measurable framework for security management.

Finally, we made sure that cybersecurity became part of our everyday behavior. There has been a significant investment in corporate culture: training, awareness, and employee involvement.

Security by design

The true value of this journey is not confined to the company, but extends to the machines we build: in fact, this transition leads to a direct improvement in our products and in the services we offer to our customers.

Today, FPT solutions integrate "security by design" principles, with architectures designed to protect the machine’s OT network, ensure secure remote connections, reduce the risk of unauthorized access, and support customers in meeting emerging regulatory requirements.

For our customers, this translates into high-performance equipment that is intrinsically safe. We protect the machine’s internal OT network through dedicated firewalls and secure VPN channels, ensuring that remote assistance and data exchange are performed according to the highest international security standards. This ensures that your production remains protected from external threats, allowing you to focus on what really matters.

Digital security thus becomes an integral part of FPT quality: a value that is not visible at first glance but makes the difference every day in our customers' factories and in their business continuity.

Your Security, Our Priority

Discover how the SL2-certified Cybersecurity Kit and the VISORMAX service protect your plant from production downtime and intellectual property theft. A comprehensive guide to transforming NIS2 directive requirements into a competitive advantage for your workshop.

Download the Whitepaper