OT security protects the industrial control systems (ICS), SCADA platforms, and PLCs that run physical processes in factories, utilities, and critical infrastructure. When these systems connect to corporate IT networks, a breach stops meaning data loss and starts meaning production halts, equipment damage, or safety failures. The 2021 Oldsmar water treatment attack, where an attacker remotely pushed sodium hydroxide to dangerous levels via an unsecured remote access tool, is the reference case every OT security argument begins with.
How the Purdue Model Defines Your Segmentation Strategy
The Purdue Reference Model organises industrial environments into five levels: Level 0 (sensors and actuators), Level 1 (PLCs and RTUs), Level 2 (SCADA supervision), Level 3 (plant operations and MES), and Levels 4 and 5 (enterprise IT). The rule is simple: traffic only crosses between adjacent levels, through monitored demilitarised zones. Most ICS breaches exploit a flat network where an attacker pivots from IT into OT with nothing blocking the path.
In practice this means deploying unidirectional gateways between critical zones. Zero Trust security architecture extends this by requiring continuous verification for every OT device, not just at zone boundaries. IEC 62443 formalises the segmentation approach as the current international audit standard.
ICS Protocols Your Firewall Cannot Validate
OT networks run Modbus, DNP3, PROFINET, and EtherNet/IP, none of which carry authentication. Modbus, designed in 1979, cannot distinguish a legitimate PLC command from an attacker issuing the same byte sequence after gaining network access. A standard firewall cannot catch this. You need OT-aware intrusion detection from vendors such as Claroty, Dragos, or Nozomi Networks, which inspect these protocols at the application layer and flag anomalous commands even when they look syntactically valid.
Three Gaps Most Manufacturers Miss
Asset inventory is first. Undocumented legacy devices running 15-year-old firmware with default credentials are invisible to your security tools until they are compromised. Use passive discovery, not active scanning, since active scans can crash sensitive PLCs.
Remote access is second. Temporary pandemic-era maintenance connections via consumer VPN or exposed RDP became permanent, unreviewed fixtures. Every external path into OT needs MFA, logging, and a place in your incident response plan. OT-specific scenarios must be in that plan before you need them.
Patch management is third. ICS vendors patch infrequently, and taking production equipment offline has real cost. Compensating controls fill the gap: network segmentation, anomaly detection, and process allowlisting keep an unpatched device contained even if it is compromised.
Frequently Asked Questions
What is the difference between OT security and IT security?
IT security prioritises confidentiality first. OT security prioritises availability and safety, because downtime in manufacturing or utilities carries direct physical and financial consequences that a server reboot cannot fix.
Is the Purdue Model still relevant in 2026?
Yes, as a segmentation reference. Cloud connectivity and remote access were not in the original 1990s model, but the core principle of strict IT and OT zone separation remains the foundational control, codified in IEC 62443.
What protocols are most exploited in ICS attacks?
Modbus and DNP3, because they carry no authentication. Attackers with OT network access issue arbitrary PLC commands through both. EtherNet/IP is also a target because it runs on standard IP infrastructure reachable from compromised IT segments.
How do you start an OT security programme on a limited budget?
Passive asset discovery, then IT and OT network segmentation. These two steps close most attack paths at low cost. Add MFA on all remote access, then layer in OT-aware intrusion detection once you have visibility and segmentation in place.