Network Architecture & Redundancy
How security boundaries align with architectural segmentation - designing zones and conduits that support both operational resilience and security containment.
Cybersecurity & Secure Access
Cybersecurity in industrial environments is a problem of context: protecting operational networks without undermining their availability, predictability, and safety through design discipline rather than IT overlay.
Protecting Operational Networks Without Undermining Them
The Context Problem: When IT Security Breaks OT Operations
Most cybersecurity failures in OT are not caused by attackers but by well-intentioned controls applied without understanding operational behaviour - security devices introducing latency, active scanning disrupting protocols, or patch requirements incompatible with uptime constraints.
Cybersecurity in operational networks must be approached as a design discipline, not an overlay borrowed from IT. OT systems are designed to run continuously for years, with devices that cannot be patched frequently and where failure can have physical consequences. Effective OT security begins by accepting that availability and predictability are themselves security objectives, not trade-offs to be made against protection.
This section explores how to secure industrial networks through containment, controlled access, and passive monitoring - approaches that align with operational realities rather than fighting them. The goal is not to build impenetrable walls, but to design networks that remain predictable, controlled, and resilient even when trust is challenged.
The Erosion of Implicit Trust in Modern OT Networks
Historically, industrial networks relied on physical isolation for protection. Modern connectivity to enterprise IT, remote support teams, and cloud platforms has eroded this isolation, creating exposure through implicit trust.
Most OT security incidents begin with trust assumptions that no longer hold: flat networks with no internal boundaries, shared credentials across personnel, permanent access paths created for convenience, and legacy devices exposed without protection. Cybersecurity in OT is largely about removing unnecessary trust without disrupting necessary communication. This requires understanding which connections are essential for operations and which represent historical accumulation of risk.
The shift from implicit to explicit trust involves mapping actual communication requirements, establishing clear zones of trust aligned with operational roles, and implementing controls that enforce these boundaries without affecting deterministic performance.
Security Principle: In OT environments, availability and safety are security objectives. Controls that protect confidentiality at the expense of availability or deterministic behaviour increase overall risk.
Segmentation as the Foundation of Containment
Unlike IT environments where segmentation focuses on data confidentiality, OT segmentation is primarily about containment - limiting the impact of compromised devices and preventing lateral movement across systems.
Effective segmentation creates clear trust zones aligned with operational roles: safety-critical control separated from process supervision, field device networks isolated from enterprise systems, and external access points carefully controlled. When done correctly, segmentation protects legacy equipment that cannot be secured internally and creates boundaries that contain incidents rather than allowing them to cascade.
| Segmentation Boundary | Security Objective | Operational Consideration |
|---|---|---|
| Control vs. Supervisory | Protect real-time control systems from supervisory traffic and potential compromises in HMI/SCADA layers. | Must allow necessary command and status data flow while blocking unauthorised access or disruptive traffic. |
| OT vs. IT/Enterprise | Contain IT-borne threats (malware, scans) from reaching OT systems. | Requires controlled data exchange points (DMZ) for necessary information flow like production data to ERP. |
| Safety vs. Process | Isolate safety-critical systems (SIS) to prevent non-safety incidents from affecting safety functions. | Must preserve necessary safety communications while preventing non-safety traffic from introducing latency or interference. |
| Vendor/Remote Access | Limit external access to specific systems only, preventing network-wide exposure. | Must support necessary maintenance and support activities without creating standing trust or broad access. |
Segmentation must reflect how the process actually works. Artificial boundaries that ignore operational reality are quickly bypassed or become sources of instability.
Secure Access: Control Over Convenience
Remote access is operationally indispensable but represents a primary attack vector. Secure OT access replaces permanent, broad network tunnels with temporary, purpose-driven, and observable connectivity.
Common failure patterns include always-on VPNs into control networks, shared accounts across contractors, and no visibility into who connected or what they did. Secure access in OT follows different principles: access is temporary and tied to specific tasks, identity is verified per individual, permissions are limited to required scope, and all activity is logged and reviewable.
Most importantly, access systems must fail safely. Loss of authentication services or connectivity to the access gateway should not halt operations - this often requires local fallback mechanisms or carefully designed timeouts. The access architecture itself must be resilient, ensuring that security does not become a single point of failure for operational continuity.
Passive, Protocol-Aware Monitoring for Detection
Active security scanning and probing can disrupt sensitive industrial protocols. Effective OT monitoring is passive, building baselines of normal behaviour to detect anomalies rather than known threats.
Many industrial protocols are sensitive to malformed packets, timing disruption, or unexpected requests. Passive monitoring using network taps or SPAN ports observes traffic without injection or interference. It focuses on establishing baseline behaviour over time - which devices communicate with which partners, typical message frequencies and sizes, normal communication patterns during different operational states.
In OT, security incidents often appear as subtle anomalies rather than obvious attacks. Visibility turns uncertainty into evidence.
Securing Legacy and Unpatchable Systems
A defining characteristic of OT cybersecurity is the presence of devices that cannot be patched, upgraded, or modified due to certification requirements, lack of vendor support, or critical operational dependence.
Attempting to treat these systems like IT endpoints often leads to instability or compliance violations. Security for legacy systems is achieved through network-level controls: segmentation to isolate vulnerable devices, controlled access paths that limit exposure, and monitoring for abnormal behaviour directed at these assets. This approach accepts reality rather than fighting it, focusing on containment and observation rather than attempting to change the unchangeable.
Compensatory controls become essential - a firewall rule may block unexpected traffic to a legacy PLC, while a network tap monitors for attempted communications that could indicate reconnaissance or attack.
Standards as Framework, Not Solution
Frameworks like IEC 62443 provide valuable structure and common language, but compliance alone does not secure networks. Standards do not understand specific processes, constraints, or architectures.
In effective OT security programs, standards are used as design references, validation tools, and communication frameworks between teams - not as checklists to be completed. The goal is to achieve the intent of the standard within operational reality, which may mean implementing compensatory controls for requirements that cannot be met directly on legacy systems. Standards provide "what good looks like"; engineering determines "how to get there safely" in a specific environment.
Security as an Emergent Property of Design
The strongest OT security environments share a common trait: security emerges from the network design itself, not from enforcement layered on top.
These environments are architected with clear trust boundaries from the start, designed to contain failure rather than merely prevent it, monitored continuously to validate design assumptions, and understood by the people who operate them. In such networks, security controls support operations rather than competing with them. Cybersecurity becomes part of how the network behaves - a property of its architecture - not something imposed upon it.
OT cybersecurity is not about building walls - it is about designing networks that remain predictable, controlled, and resilient when trust is challenged.
Throughput Technologies approaches OT cybersecurity as an operational design discipline. We focus on containment through segmentation, controlled access that fails safely, passive monitoring that understands industrial protocols, and security decisions that reinforce - rather than undermine - deterministic performance and long-term operational resilience.
Effective security protects operations without changing how they behave under normal conditions.
Continue Exploring Connected Knowledge
Cybersecurity interacts with every other aspect of industrial networking. These related Knowledge Hub sections provide deeper context.
You May Also Be Interested In ...
Diagnostics, Monitoring & Visibility
Passive monitoring techniques for security detection in OT - establishing behavioural baselines, detecting anomalies, and correlating events without disrupting operations.
Standards & Compliance
Understanding security standards like IEC 62443 - using them as design frameworks rather than checklists, and interpreting requirements within operational constraints.