For a long time, industrial plants were sufficiently protected - not because of technical defenses, but because OT systems were simply operated in isolation. However, this sense of security has changed fundamentally with the increasing networking in the wake of the Industrial Internet of Things (IIoT). Why does IIoT mark a turning point in any OT security strategy? Before we look ahead, we need to understand how it all began.
Before OT (Operational Technology) systems were connected to the internet, they were like isolated islands: they were designed for high availability and stable operation. Cybersecurity was considered secondary. Companies largely relied on the fact that there was no external accessibility.
This picture changed fundamentally with the Industrial Internet of Things (IIoT): OT systems were networked. Suddenly they were communicating via VPN, web interface or remote access.
This created a new vulnerability: an attacker only needed to bring a single packet into the OT island to manipulate processes, change configurations or even cause physical damage. The 2017 NotPetya ransomware demonstrated this impressively: production lines were paralyzed and high costs were incurred worldwide.
As soon as OT systems are networked, security and safety aspects must be equally planned and implemented from the outset.
On May 6, 2025, CISA, FBI, EPA and DOE published the fact sheet "Primary Mitigations to Reduce Cyber Threats to Operational Technology". It warns of ongoing cyberattacks on OT and ICS environments.
The energy, transport and water sectors are particularly affected.
|
1 Attacker profile: Even less experienced cyber actors ("unsophisticated cyber actors") are able to compromise unprotected OT devices using readily available standard tools. |
|
2.possible consequences: Configuration changes: Even simple manipulations can lead to production downtime. |
|
3.central weak points: Many OT systems are still connected directly to the Internet without sufficient authentication or authorization mechanisms. |
If you don't act now, you risk major outages and considerable financial damage.
|
1. remove OT connections to the public Internet Problem: Public IP addresses of OT devices are direct targets for attacks. Solution: Identify and remove all public IP addresses or protect them with dedicated firewalls and access controls. Explanation: If OT systems are not accessible in the first place, the risk of an external threat is reduced. |
|
2. change default passwords and use strong, individual passwords Problem: Many OT devices still use default credentials (standard user names and passwords), which can be easily tricked. Solution: Changeall default passwordsimmediately and manage the new passwords centrally in a password management tool. Explanation: Centralized password management simplifies control and ensures regular password routines. |
|
3. secure remote access to OT networks Problem: Unencrypted or unauthenticated remote access (e.g. via SSH port 22 or RDP port 3389) opens the door to attackers. Solution: Only allow remote access via private networks, secured by VPNs, multi-factor authentication (MFA) and strict access controls. Explanation: VPN and MFA make it much more difficult for unauthorized persons to access OT systems. |
|
4. segment IT and OT networks Problem: If IT and OT networks are in the same network, an attacker can easily move from IT to OT. Solution: Set clear, physical and logical boundaries between IT and OT networks and use micro-segmentation based on zero trust principles. Explanation: Strict separation prevents a compromised IT system from automatically gaining access to OT devices. |
|
5. practice and maintain manual operability of OT systems Problem: If automated controls fail, manual operation can become chaotic without practice. Solution: Create offline backups, set up redundant control points and carry out regular emergency drills so that production can continue manually in the event of a failure. Explanation: A well-rehearsed emergency plan reduces downtime and minimizes consequential damage. |
Two frameworks that work together perfectly in an integrated safety concept: IEC 62443 creates the framework, Zero Trust takes care of continuous monitoring.
To understand how the two approaches interact, it is first worth taking a look at their foundations - from the structural order provided by IEC 62443 to the continuous control provided by Zero Trust.
Industrial plants are among the most attractive targets - and at the same time among the most difficult environments when it comes to safety. The IEC 62443 standard creates the necessary structure to secure complex OT systems.
|
Definition of IEC 62443: The standard IEC 62443 is asystem of standards that describes best practices as well as clear roles and responsibilities for the safety of industrial automation and control systems (IACS). |
|
Structurally, this standard can be divided into three main components: 1. secure product development (part 4 x): Guidelines for the secure development of products and components. 2. system architecture and risk analysis (part 2 x): Top-down approach to planning a secure system architecture. 3. technical requirements (part 3 x): Specific security requirements for individual components, controllers and system integrators. |
|
Benefits: IEC 62443 creates clear and uniform specifications and facilitates audits, increases transparency and ensures that all parties involved know who is responsible for which part. |
Modern attacks have long bypassed traditional protection mechanisms from within systems - often unnoticed and via legitimate accounts. This is precisely where Zero Trust comes in and establishes a security logic that no longer gives attackers any freedom of movement.
|
The basic principle of Zero Trust: "Never trust, always verify" is based on the Zero Trust architecture concept introduced by NIST and means trusting absolutely no one and verifying every access. |
|
Zero Trust is based on four central building blocks:
|
|
Benefits of Zero Trust: Even if an attacker penetrates a system, they remain isolated in a moderate zone and cannot move laterally undetected. |
The combination of IEC 62443 and Zero Trust creates a strong and clear security architecture:
1. zones and communication paths (IEC 62443) as a basis for micro-segmentation (Zero Trust)
- Division into zones (e.g. Production, Mes, Engineering) defines which devices and services belong together.
- Zero Trust then determines how and when data may be exchanged between these zones.
2. security levels (IEC 62443) as the basis for risk-based access decisions (Zero Trust)
- Each device is assigned a security level (SL 1-4) depending on its criticality.
- Zero Trust guidelines use this categorization to prescribe stricter MFA checks for SL-4 controllers, for example, while SL-1 sensors are checked less restrictively.
3. clear responsibilities (IEC 62443) and technical implementation (Zero Trust)
- IEC 62443 defines who covers which area of responsibility (e.g. operations manager, security manager, system integrator).
- Zero Trust ensures technical control (e.g. dynamic policy adjustment, monitoring).
- In combination, IEC 62443 and Zero Trust prevent security tasks from getting stuck in silos.
FabrikTech AG (name changed by the editors) is a medium-sized manufacturing company that produces mechanical parts and previously had an outdated OT infrastructure.
The OT network structure was flat, there was no segmentation, many devices used default passwords and remote access was via simple port forwarding.
An employee accidentally clicked on a phishing link. Within minutes, a SCADA controller was infected and production came to a standstill. The damage was in the mid six-figure range, and there was also a considerable loss of reputation.
The attack exposed the true weaknesses. This was the starting point for a targeted transformation process that brings IEC 62443 and Zero Trust together step by step and secures the infrastructure in the long term.
1st gap analysis (IEC 62443 part 2 x): First, the current system architecture was analyzed and all assets were inventoried. Each device was categorized according to security level.
2. zone definition and communication channels: Clear zones were set up: Production, Mes, Office, External Partners.
3. zero trust framework:
Identity gateway: Each OT device logs in centrally and is authenticated.
Micro-segmentation: Only the SCADA server is granted read and write access to certain PLCs.
Continuous monitoring: A system monitors behaviour in real time and detects anomalies immediately. Access is automatically blocked in the event of suspicions.
4. hybrid protection for the future:
Lateral movement excluded: even if a phishing attack succeeds, the attacker cannot move from the office zone to the production zone.
Minimal downtime: a production shutdown could last a few hours at most because emergency procedures and manual operating modes are in place.
Audit?No problem: the company received top marks in the compliance audit because all processes are documented and reporting tools automatically generate reports.
The hybrid approach of IEC 62443 and Zero Trust optimally combines organizational and technical measures. This significantly reduces downtimes and costs in the event of an emergency.
The OT landscape is evolving rapidly:
Companies that focus on these trends at an early stage win:
The path from an isolated OT island to a networked, resilient infrastructure cannot be achieved with individual measures, but only with a clear, prioritized security strategy.
The combination of IEC 62443 and Zero Trust creates a holistic security concept that makes your company fit for the future.
Please remember: even a single open port can be a security-relevant weak point.
InfoGuard supports you in implementing this approach pragmatically and effectively. 350 experts are at your side in the DACH region, from gap analysis and zone and communication modeling to technical micro-segmentation, identity security and the development of audit-proof processes. The result is an OT security architecture that withstands attacks and meets regulatory requirements at the same time.
Don't wait until an incident makes your vulnerabilities visible! Design your OT security proactively. Contact us and together we will develop a resilient, future-proof security strategy that successfully protects your industrial facilities.
Caption: Image generated with AI