OT/IT Convergence Security for Manufacturers

Posted: March 31, 2026 to Cybersecurity.

OT/IT Convergence Security for Manufacturers: Protecting the Plant Floor

Manufacturing cybersecurity has become a board-level concern as factories connect operational technology (OT) systems to enterprise IT networks. What once operated as isolated islands of programmable logic controllers (PLCs), SCADA systems, and human-machine interfaces (HMIs) now share data with cloud analytics, ERP platforms, and remote access tools. This connectivity drives efficiency, but it also opens attack surfaces that most manufacturers are not prepared to defend.

The consequences of a breach in a manufacturing environment go far beyond stolen data. A compromised OT network can halt production lines, damage physical equipment, endanger workers, and contaminate products. For organizations evaluating their cybersecurity posture, understanding OT/IT convergence is no longer optional -- it is a prerequisite for operational survival.

What OT/IT Convergence Means and Why It Creates New Attack Surfaces

OT/IT convergence refers to the integration of operational technology systems -- the hardware and software that monitors and controls physical processes -- with information technology systems that manage data, communications, and business logic. In a traditional manufacturing plant, the OT environment ran on proprietary protocols over air-gapped networks. IT systems handled email, file sharing, and enterprise resource planning in a separate domain.

Today, manufacturers merge these environments to gain real-time visibility into production metrics, enable predictive maintenance through IoT sensor data, and allow remote troubleshooting by engineers who may be hundreds of miles from the plant floor. Industry 4.0 initiatives push this integration further, connecting manufacturing execution systems (MES) to cloud-based analytics and supply chain platforms.

The problem is straightforward: every connection between OT and IT is a potential pathway for an attacker. A phishing email that compromises an engineer's workstation can pivot into the OT network if segmentation is weak. A vulnerable remote access tool can give an adversary direct access to a PLC that controls a chemical mixing process. Legacy OT devices that were designed decades before cybersecurity was a concern now sit on networks reachable from the internet. The attack surface expands with every integration, and most OT environments lack the monitoring and access controls that IT teams take for granted.

The Purdue Model and Network Segmentation for Manufacturing

The Purdue Enterprise Reference Architecture (PERA) provides a framework for organizing industrial control systems into hierarchical levels, each with defined trust boundaries. Understanding this model is essential for any manufacturer serious about OT security.

• Level 0 (Physical Process): Sensors, actuators, and the physical equipment they control. These devices measure temperature, pressure, flow rates, and other process variables.
• Level 1 (Basic Control): PLCs, RTUs, and safety instrumented systems that execute control logic in real time. These devices read sensor inputs and command actuators based on programmed logic.
• Level 2 (Area Supervisory Control): SCADA servers, HMIs, and distributed control systems (DCS) that provide operators with a view of the process and allow supervisory commands.
• Level 3 (Site Operations): Historians, manufacturing execution systems, and other servers that aggregate data across multiple production areas.
• Level 3.5 (Industrial Demilitarized Zone): A buffer zone between OT and IT networks containing jump servers, data diodes, and application proxies that mediate all traffic crossing the boundary.
• Levels 4-5 (Enterprise): Standard IT systems including ERP, email, Active Directory, and internet-facing services.

The critical principle is that traffic should only flow between adjacent levels, and the industrial DMZ at Level 3.5 should be the sole conduit between the OT environment (Levels 0-3) and the enterprise network (Levels 4-5). No device in the enterprise network should ever communicate directly with a PLC or SCADA server. Organizations working with managed IT services providers should verify that their network architecture respects these boundaries.

In practice, many manufacturers have bypassed the Purdue model through ad hoc connections: a vendor VPN that terminates directly on a Level 2 device, an engineer's laptop that bridges OT and IT WiFi networks, or a cloud-connected IoT gateway installed on the plant floor without IT security review. Each of these shortcuts undermines the segmentation that keeps attackers from reaching critical control systems.

Common OT Threats Targeting Manufacturers

Ransomware Targeting Industrial Systems

Ransomware is the most visible threat to manufacturing OT environments. Attackers increasingly target manufacturers because production downtime creates immediate financial pressure to pay. Unlike a law firm that might operate on paper for a week, a manufacturer with encrypted production systems loses revenue by the hour. Some ransomware variants, such as EKANS (Snake), were specifically designed to kill industrial control system processes before encrypting files, ensuring maximum disruption to plant operations.

The attack vector is typically through the IT network: a phishing email, an exposed RDP port, or a compromised VPN credential. The ransomware then spreads laterally, and without proper segmentation, it reaches OT systems that share network infrastructure with IT. Even when ransomware does not directly infect PLCs, encrypting the Windows-based historian, HMI, or SCADA servers that operators depend on can effectively shut down production.

Supply Chain Attacks

Manufacturers depend on complex supply chains that include software vendors, system integrators, and equipment suppliers. A compromise at any point in this chain can introduce malicious code into the manufacturing environment. The SolarWinds attack demonstrated how a trusted software update can deliver malware to thousands of organizations simultaneously. In manufacturing, the risk extends to firmware updates for PLCs, patches for SCADA software, and configuration files from system integrators.

Insider Threats

Plant floor personnel, maintenance contractors, and system integrators often have broad access to OT systems with minimal logging or accountability. A disgruntled employee with knowledge of PLC programming can alter control logic in ways that are difficult to detect and potentially dangerous. Contractors who connect their laptops to OT networks may inadvertently introduce malware from other client sites. The lack of role-based access controls and audit trails in many OT environments makes insider threats particularly difficult to manage.

Legacy PLC and SCADA Vulnerabilities

Many PLCs and SCADA systems in active use were designed in the 1990s or early 2000s, long before cybersecurity was a design consideration. These devices often communicate using unencrypted protocols like Modbus, DNP3, and EtherNet/IP that have no authentication mechanisms. An attacker who gains network access can read and write to PLCs without any credentials. Firmware updates are rare, vendor support may have ended years ago, and the cost of replacing these systems can run into millions of dollars. This creates a persistent vulnerability that cannot be patched away and must instead be managed through network controls and monitoring.

Real-World Incidents: Lessons from Colonial Pipeline, Norsk Hydro, and JBS Foods

Colonial Pipeline (2021)

The Colonial Pipeline ransomware attack shut down the largest fuel pipeline in the United States for six days. The DarkSide ransomware group gained access through a compromised VPN credential that lacked multi-factor authentication. While the ransomware itself only affected IT systems, Colonial shut down OT operations as a precaution because they could not confirm the OT network was uncompromised. This highlights a critical point: even if OT systems are not directly attacked, poor visibility into OT network status forces operators to assume the worst and halt production. The company paid a $4.4 million ransom, and the incident triggered fuel shortages across the southeastern United States.

Norsk Hydro (2019)

Norwegian aluminum manufacturer Norsk Hydro was hit by the LockerGoga ransomware, which encrypted systems across 170 locations in 40 countries. The company was forced to switch to manual operations at many of its manufacturing plants, reverting to paper-based processes that reduced production capacity. Norsk Hydro chose not to pay the ransom and instead rebuilt its IT infrastructure from scratch. The total cost exceeded $70 million. The incident demonstrated that even a sophisticated global manufacturer can be brought to its knees by ransomware that exploits weak network segmentation between IT and OT environments.

JBS Foods (2021)

JBS, the world's largest meat processing company, suffered a REvil ransomware attack that forced the temporary shutdown of all U.S. beef processing plants and disrupted operations in Australia and Canada. The attack impacted IT systems that were essential for production operations, including automated processing equipment that depended on enterprise network connectivity. JBS paid an $11 million ransom to prevent further disruption. The incident underscored how deeply intertwined IT and OT have become in modern manufacturing -- and how a compromise in one domain inevitably affects the other.

Each of these incidents shares common themes: initial access through IT systems, lateral movement enabled by weak segmentation, and operational disruption that far exceeded the direct impact of the malware. Manufacturers who invest in managed extended detection and response (XDR) capabilities are better positioned to detect and contain these threats before they reach OT systems.

OT vs. IT Security: Understanding the Differences

Applying IT security practices directly to OT environments is a recipe for failure. The two domains have fundamentally different priorities, constraints, and risk tolerances. Security teams must understand these differences to build effective OT security programs.

Availability Over Confidentiality

In IT security, the CIA triad prioritizes confidentiality, then integrity, then availability. In OT, the order is reversed. A manufacturing plant that goes offline for an unplanned four-hour maintenance window may lose hundreds of thousands of dollars in production. Safety systems that go offline can endanger human lives. OT security must prioritize keeping systems running above all else, which means that security controls which introduce latency, require reboots, or risk disrupting real-time communication are often unacceptable.

Patching Challenges

IT systems can typically be patched on a monthly cycle with planned maintenance windows. OT systems often cannot be patched at all without shutting down production, and some legacy devices have no patching mechanism. Even when patches are available, manufacturers must test them extensively against their specific PLC programs and process configurations before deployment. A patch that works correctly in a test environment may interact unpredictably with a 20-year-old PLC running custom ladder logic. Many manufacturers patch OT systems only during annual or semi-annual planned shutdowns, leaving known vulnerabilities exposed for months.

Legacy Protocols and Long Lifecycles

Enterprise IT equipment has a lifecycle of three to five years. Industrial control systems routinely operate for 15 to 25 years or longer. A PLC installed in 2005 may still be running the same firmware it shipped with, communicating over protocols that predate modern encryption standards. Replacing these systems requires capital expenditure, production downtime, and extensive validation testing. The result is an OT environment that may contain equipment spanning multiple decades, each generation with its own vulnerabilities and limitations.

Different Skill Sets

OT engineers understand process control, PLC programming, and industrial safety standards. IT security professionals understand network protocols, threat detection, and vulnerability management. Neither group typically has deep expertise in the other's domain. Effective OT security requires cross-functional teams or specialized OT security professionals who understand both worlds -- a skill set that is currently in short supply across the industry.

Network Segmentation Strategy for Manufacturing

Network segmentation is the single most important control for protecting OT environments. A well-segmented network limits an attacker's ability to move laterally from IT to OT systems, contains the blast radius of a ransomware infection, and provides enforcement points for monitoring and access control.

Industrial DMZ Architecture

The industrial DMZ (iDMZ) sits between the IT and OT networks and mediates all traffic between them. No direct communication path should exist between IT and OT -- all data flows must pass through services hosted in the iDMZ. This includes:

• Data diodes or unidirectional gateways: Allow production data (historian records, quality metrics) to flow from OT to IT for analysis without permitting any traffic in the reverse direction.
• Jump servers: Hardened bastion hosts that remote engineers must authenticate to before accessing OT systems. Sessions are logged and recorded.
• Application proxies: Intermediate services that relay specific data (such as OPC UA) between OT and IT applications without allowing direct network connectivity.
• Patch management servers: Staging servers in the iDMZ where updates are downloaded, scanned, and held for testing before being deployed to OT systems.

Firewall Rules and Micro-Segmentation

Firewalls at each Purdue level boundary should enforce strict allow-list policies. Default deny rules block all traffic except specifically authorized flows. Within the OT network, micro-segmentation isolates individual production cells so that a compromise in one area cannot spread to others. Industrial firewalls from vendors like Fortinet, Palo Alto Networks, and Claroty provide deep packet inspection for OT protocols, allowing security teams to write rules based on specific Modbus function codes or EtherNet/IP commands rather than just IP addresses and ports.

Remote Access Controls

Vendor and engineer remote access is one of the highest-risk vectors in manufacturing OT. Every remote access session should require multi-factor authentication, be time-limited, and pass through a jump server in the iDMZ with full session recording. Permanent VPN connections from vendor networks into the OT environment should be eliminated in favor of on-demand access that is explicitly approved by plant operations staff before each session.

Monitoring and Detection in OT Environments

Traditional IT security tools -- endpoint detection and response (EDR) agents, vulnerability scanners, active network probes -- can disrupt OT systems. Installing software agents on PLCs is not possible, and active scanning can crash legacy devices. OT environments require purpose-built monitoring approaches.

OT-Specific Network Detection and Response (NDR)

Passive network monitoring tools designed for OT environments listen to network traffic without injecting packets or installing agents. Solutions from vendors like Claroty, Nozomi Networks, Dragos, and Microsoft Defender for IoT passively analyze OT protocol traffic to build asset inventories, establish behavioral baselines, and detect anomalies. These tools understand industrial protocols at the application layer, so they can alert when a PLC receives an unexpected firmware download command or when a workstation communicates with a device it has never contacted before.

Asset Inventory

You cannot protect what you do not know exists. Many manufacturers lack a complete, accurate inventory of OT assets. Passive discovery tools build and maintain asset inventories by analyzing network traffic, identifying device types, firmware versions, and communication patterns without ever touching the devices themselves. This inventory becomes the foundation for vulnerability management, network segmentation, and incident response planning.

Anomaly Detection and Behavioral Baselines

OT environments are highly predictable compared to IT networks. A PLC runs the same program and communicates with the same devices in the same patterns day after day. This predictability makes OT networks well-suited for anomaly detection. Once a baseline of normal behavior is established, any deviation -- a new connection, an unusual command, a change in communication timing -- triggers an alert. This approach detects threats that signature-based tools miss, including zero-day exploits and insider threats.

Manufacturers who combine OT-specific NDR with managed XDR services gain unified visibility across both IT and OT environments, enabling security teams to trace an attack from the initial phishing email through lateral movement into the OT network.

Compliance Frameworks for Manufacturing Cybersecurity

Multiple compliance frameworks address manufacturing cybersecurity, and choosing the right one depends on your industry, customer requirements, and regulatory obligations.

NIST Cybersecurity Framework (CSF)

The NIST CSF provides a flexible, risk-based approach to cybersecurity that maps well to manufacturing environments. Its five core functions -- Identify, Protect, Detect, Respond, and Recover -- provide a structure for building an OT security program from scratch. NIST Special Publication 800-82 (Guide to Industrial Control Systems Security) provides ICS-specific guidance that complements the framework. The NIST CSF is voluntary for most manufacturers but is increasingly expected by insurance carriers, customers, and business partners.

IEC 62443 (Industrial Automation and Control Systems Security)

IEC 62443 is the most comprehensive standard specifically designed for industrial control system security. It addresses the entire lifecycle from design through operations and defines security requirements for asset owners, system integrators, and component vendors. The standard introduces the concept of security levels (SL-1 through SL-4) that map to increasingly sophisticated threat actors, allowing manufacturers to calibrate their security investments to their actual risk profile. IEC 62443 is becoming a de facto requirement in many manufacturing sectors, particularly automotive and process industries.

CMMC for Defense Supply Chain

Manufacturers in the U.S. defense supply chain must comply with the Cybersecurity Maturity Model Certification (CMMC). If your manufacturing facility processes controlled unclassified information (CUI) for Department of Defense contracts, CMMC Level 2 or Level 3 certification is required. This applies to your entire CUI boundary, which may include OT systems if they process or store defense-related manufacturing data. Organizations pursuing CMMC compliance must consider how OT systems interact with CUI and whether those systems fall within the assessment scope.

Sector-Specific Requirements

Pharmaceutical manufacturers must comply with FDA 21 CFR Part 11 for electronic records and signatures, which has cybersecurity implications for manufacturing execution systems. Food and beverage manufacturers face FSMA requirements that intersect with cybersecurity when digital systems control food safety processes. Automotive manufacturers must comply with TISAX and increasingly with UNECE WP.29 for connected vehicle cybersecurity. Each sector layer adds requirements on top of the foundational frameworks.

Building an OT Security Program: A Practical Roadmap

Building OT security capability is a multi-year effort. Attempting to implement everything at once will overwhelm teams and budgets. The following phased approach provides a practical path forward.

Phase 1: Visibility (Months 1-3)

Deploy passive network monitoring to discover all OT assets and map communication flows. Conduct a risk assessment that identifies the highest-value targets (safety systems, production-critical PLCs) and the most likely attack paths. Document the current network architecture, including every connection between IT and OT. This phase produces the asset inventory and network map that all subsequent work depends on.

Phase 2: Segmentation (Months 3-9)

Implement the industrial DMZ between IT and OT networks. Eliminate direct connectivity between enterprise systems and plant floor devices. Deploy industrial firewalls at Purdue level boundaries. Implement jump servers for remote access with multi-factor authentication and session recording. This phase delivers the most significant risk reduction of any investment in OT security.

Phase 3: Detection and Response (Months 6-12)

Integrate OT NDR tools with your security operations center (SOC) or managed security service provider. Develop OT-specific incident response playbooks that account for the unique constraints of manufacturing environments (you cannot simply isolate a safety system without understanding the physical consequences). Conduct tabletop exercises that bring together IT security, OT engineering, and plant operations staff.

Phase 4: Hardening and Governance (Months 9-18)

Implement application whitelisting on OT workstations and servers. Deploy USB device control policies. Establish a vulnerability management program that tracks OT vulnerabilities and manages compensating controls for systems that cannot be patched. Develop and enforce policies for vendor remote access, change management, and backup verification. Align the program with your chosen compliance framework (NIST CSF, IEC 62443, or CMMC as applicable).

Phase 5: Continuous Improvement (Ongoing)

Conduct regular penetration testing of the OT environment (with appropriate safety controls and production coordination). Review and update segmentation rules as the environment evolves. Track metrics including mean time to detect (MTTD) and mean time to respond (MTTR) for OT security events. Participate in industry information sharing through organizations like ICS-CERT and sector-specific ISACs. Manufacturers who work with experienced manufacturing cybersecurity partners can accelerate this roadmap significantly.

Key Takeaways for Manufacturing Leaders

Manufacturing cybersecurity is not an IT problem alone. It is an operational risk that requires collaboration between IT security, OT engineering, plant operations, and executive leadership. The convergence of IT and OT networks has created attack surfaces that did not exist a decade ago, and the threat actors targeting manufacturers are sophisticated, motivated, and persistent.

The path forward starts with visibility: you cannot protect assets you do not know about, on networks you have not mapped. Segmentation provides the most impactful risk reduction, creating defensible boundaries between the enterprise and the plant floor. Detection and response capabilities, built on OT-specific tools and cross-functional playbooks, enable your organization to identify and contain threats before they disrupt production.

Compliance frameworks like NIST CSF, IEC 62443, and CMMC provide structured approaches to building and measuring your security program. But frameworks alone do not stop attackers. Effective OT security requires sustained investment in people, processes, and technology, guided by a clear understanding of your manufacturing environment and the threats it faces.

The cost of inaction is measured in production downtime, equipment damage, safety incidents, regulatory penalties, and lost customer trust. Manufacturers who act now to secure their OT/IT convergence will be positioned to adopt Industry 4.0 technologies with confidence, knowing that their digital transformation rests on a secure foundation. Contact Petronella Technology Group to discuss how we can help you protect your plant floor and your bottom line.