Aria Cybersecurity signed a deal this week just in time for the IEEE-IAS/ACA Cement Conference taking place in Florida, US. This opens up the topic of cybersecurity for the cement sector for us to discuss this week.
The software security company announced that it will be supplying its AZT Protect product to an unnamed but major US-based cement company. It reportedly demonstrated its offering to the customer in a laboratory before piloting it at a cement plant. One of the key points the supplier highlights in its press release is that its product can protect legacy systems that no longer have regularly updated software patches. For example, it suggests that it could save the customer money in this case by letting it continue to run critical machines using Windows 10, thereby saving knock-on software upgrade costs. Aria went on to say that once the current deployment is complete it is considering “expansion opportunities in up to 100s of other sites in the operator’s sister organisation.” Finally, it noted Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warnings from April 2026 that Iran-based hackers have been targeting certain Rockwell Automation/Allen-Bradley programmable logic controllers (PLC) in US critical infrastructure sectors.
Cybersecurity isn’t something Global Cement Weekly covers that often, partly due to the lack of publicly available information. Most large companies are reluctant to admit to hacks unless they are forced to disclose them. Some major incidents that we are aware of include Buzzi Unicem’s NotPetya Attack in 2017 that started in Ukraine and then spread to the group’s other European operations. Supplier Schmersal owned up to one in 2020, albeit with the spin that it had successfully managed to fight back. No doubt there are others. Away from cement, gypsum wallboard producer Knauf was targeted by a ransomware attack in 2022. Meanwhile, everyone working in the field is acutely aware of major incidents in industries outside of building materials such as the US-based Colonial Pipeline ransomware attack in 2022 or the one upon UK-based Jaguar Land Rover that halted the car manufacturer’s production lines for over five weeks in mid-2025. That last one reportedly cost the company around US$2.5bn.
Baidyanath Kumar, the Chief Information Security Officer and Data Protection Officer at JK Lakshmi Cement, gave an interview to Express Computer in early 2026 where he outlined the challenges facing heavy industry. In summary: criminals are looking for ransomware targets, supply chains are vulnerable and operational and information technology processes at plants are merging. Kumar goes into detail on strategic security frameworks and the use of security operations centres. Yet one other point to flag is that he says that it is the age of using AI to fight AI-driven attacks. Part of this, startingly, is about protecting AI security models from being corrupted or manipulated by attackers.
Thinking about cybersecurity more widely in organisations brings us to initiatives such as the Helena Protocol from Cementos Argos. This takes its name from Helen of Troy and is intended to prevent the company’s digital systems from ‘trojans’ and other digital threats. It presents cybersecurity as a shared responsibility between both employees and suppliers. In this way it is like a corporate health and safety policy. Other cement companies have similar documents.
Finally, as Baidyanath Kumar points out in his interview, AI is the current frontier of cybersecurity. Readers will likely be aware of the way in which Anthropic released its latest AI model to selected organisations first in April 2026 due to potential security issues. AI companies have a habit of hyping up their products, but AI tools finding vulnerabilities in software seems like a real threat. Hopefully the cybersecurity community will be able to stay ahead of this one.
The 1st Global CementAI Conference 2026 takes place in Brussels on 19 - 20 May 2026
