11 May 2026
Industrial Cybersecurity Guide – how to Secure IT/OT Convergence Without Stopping Production?
Modern manufacturing operates under a contradictory pressure: the board demands data transparency, while the shop floor requires physical isolation to keep machines running
In the era of Industry 4.0, the “Air Gap” is a myth. Cyber-Physical Systems (CPS) now link software directly to hardware, meaning a single digital bug can lead to broken gears or spoiled batches. Effective it ot convergence security is no longer about blocking access, but about providing operational insurance.
Tenesys acts as a Mediator between the strict requirements of IEC 62443 or NIST 800-82 and the reality of a 24/7 production schedule. We implement industrial cybersecurity best practices through non-invasive monitoring that satisfies the need for Digital Transformation without ever touching the sensitive controllers that drive your uptime.
Why Does IT/OT Convergence Terrify Plant Managers and Automation Engineers?
IT/OT convergence terrifies plant managers and automation engineers because traditional IT security tools—like active network scanners and forced software updates—can overload fragile, legacy PLC units, trigger emergency shutdowns, and cause catastrophic production downtime. The fear is that forcing standard office-grade IT protocols onto factory floor systems will break machines that have been running flawlessly for decades.
This fear is rooted in the physical fragility of real-time communication. Standard IT security tools use “noisy” TCP/UDP Stacks designed to discover assets by sending rapid-fire requests. While a laptop handles this easily, a 20-year-old PLC might see its processor saturate. In a factory, timing is everything. A delay of even 50 ms—caused by network jitter or latency—can result in a desynchronized robotic arm or a Safety Instrumented System (SIS) trip. When the network lags, the machine stops to prevent injury, leading to a massive downtime cost.
On the shop floor, the culture of “If it works, don’t touch it” isn’t laziness; it is a logical response to MTTR (Mean Time to Repair) pressures. Every minute spent rebooting a controller for an IT patch is a minute of lost revenue. This highlights the fundamental clash of priorities: availability vs confidentiality. While IT focuses on data privacy, OT focuses on human safety and environmental protection. For an automation engineer, a secure network that causes a production halt is not a success—it is a failure.
What is the Core Conflict Between IT and OT Security?
The core conflict lies in the fundamental difference between “High-Velocity IT” and “High-Stability OT.” While IT is designed for rapid iteration and frequent patching, OT environments prioritize the Purdue Model hierarchy. In this framework, any change to the lower levels—specifically the controllers and sensors at Level 0-2—can have unpredictable physical outcomes on the production line.
This tension stems from a massive mismatch in Lifecycle Management. In the office, a laptop is considered “old” at 3 years. On the factory floor, a CNC machine or a SCADA server is often in its “prime” at 15 years. This longevity makes Patch Management a battlefield. IT protocols often demand weekly patches to mitigate vulnerabilities, but OT requirements usually only allow for updates once every two years during a planned maintenance shutdown.
Ultimately, the stakes are different. In the IT world, a virus is primarily a data privacy problem. On the production floor, it is a Business Continuity disaster. A compromised network doesn’t just leak files; it halts the Supply Chain, triggers missed deadlines, and results in heavy contractual fines. Bridging this gap requires a specialized “Translator” like Tenesys, who understands that uptime is the ultimate security metric.
See how it works in practice
For Volkswagen Poznań, the key challenge was securing the IT/OT interface while maintaining full continuity of production processes. Thanks to the deployment of Fortinet firewalls by Tenesys, the plant gained advanced, non-invasive protection for the sensitive control layer, eliminating the risk of latency and uncontrolled machine stoppages.Want to achieve similar results?
The Air Gap Myth in Modern Manufacturing
The air gap myth—the belief that physical isolation equals security—is dead. Modern facilities rely on IIoT sensors, remote vendor maintenance via 4G/5G, and the inevitable “Sneakernet” of infected USB drives. These connections mean the factory floor is often more exposed than the office, frequently operating without a single firewall between a multi-million dollar machine and the outside world.
How Can You Implement Network Segmentation in OT Without Disruptions?
You can implement network segmentation ot without disrupting PLCs by creating an Industrial DMZ (IDMZ). This secure “buffer” zone sits between Level 4 (Enterprise) and Level 3 (Production) of the Purdue Model. It allows essential data to flow into your ERP for reporting while blocking Lateral Movement. This ensures that even if a workstation in the accounting office is compromised, the breach cannot “pivot” to your machine controllers.
The strategy focuses on controlling two types of communication. North-South traffic manages data moving between the office and the factory, while East-West traffic handles machine-to-machine interaction. By using Deep Packet Inspection (DPI) for industrial protocols like Modbus, Profinet, and EtherNet/IP, firewalls gain the intelligence to understand the context of a command. A firewall can be programmed to say “Yes” to a legitimate temperature reading but “No” to a malicious firmware update or an unauthorized stop command.
Moving from a flat network to Micro-segmentation doesn’t require a “rip and replace” approach. By isolating specific cells or production lines into smaller, protected zones, you eliminate the risk of a single infection spreading across the entire plant. This architectural shift provides the high-level security the board requires without triggering an emergency shutdown or interfering with the real-time demands of the factory floor.
Why Does Active Scanning Break Industrial Machines?
Active scanning breaks industrial machines because legacy PLCs were never designed to handle “malformed” or “excessive” network queries. When a standard vulnerability scanner interrogates a device, it can saturate the Network Interface Card (NIC) of a 20-year-old controller. This causes the device to drop its Control Loop and enter a Fail-Safe State or “Error” mode, effectively killing production.
Think of a “Scan-Induced Crash” using an analogy: imagine someone shouting rapid-fire, complex questions at a surgeon during a delicate operation. Eventually, the distraction causes the surgeon to make a mistake. Similarly, old Stack Implementations in firmware often cannot process unexpected or high-volume packets. Instead of ignoring the “noise,” the controller freezes or reboots to protect itself.
This is why asset discovery on a factory floor must be silent. We use passive network monitoring ot as an “Invisible Auditor.” This technology listens to the existing traffic without sending a single probe. It identifies firmware vulnerabilities and device types just by analyzing the background data flow. It provides the visibility you need without ever risking the stability of a live machine.
How Do You Assess SCADA Vulnerabilities Without Touching the Controls?
You assess SCADA vulnerabilities without touching the controls by utilizing Offline Analysis and Network Taps. By analyzing a copy of the traffic via a SPAN Port (Mirror Port), Tenesys identifies security gaps and configuration weaknesses without ever sending a single probe to a live machine. This non-invasive approach ensures that your production environment remains stable while you gather the data necessary for a comprehensive scada security assessment.
The foundation of this process is the Asset Inventory. Many factories operate with a significant amount of Shadow OT—devices or connections that exist outside the official documentation. You simply cannot protect what you cannot see. By listening to the background “noise” of the network, we can identify every connected controller, sensor, and workstation.
This visibility often reveals high-risk Unauthorized Access Points, such as a technician’s hidden Wi-Fi router or a legacy maintenance modem left active for years. Identifying these “backdoors” is a critical part of meeting nis2 production requirements. Instead of a stressful audit that threatens to break your systems, this method turns security into a tool for operational clarity, giving you a crystal-clear map of your entire industrial ecosystem.
What Are the Industrial Cybersecurity Best Practices for Secure Remote Access?
1.
Zero Trust & Just-In-Time Access
Replace persistent VPNs by granting technicians time-limited access to specific devices only.
2.
Jump Box Architecture
Isolate third-party vendors from the production environment using a controlled entry point.
3.
Multi-Factor Authentication (MFA)
Secure entry points using hardware tokens, which are more practical in factory settings than mobile apps.
4.
Session Recording
Record actions for security compliance audits and easier troubleshooting of unexpected machine behavior.
How Does Ransomware in Manufacturing Impact Your Downtime Cost?
Ransomware in manufacturing does not just encrypt office files; it destroys operational predictability. Even if your physical machines remain untouched by malware, the loss of secondary systems like MES (Manufacturing Execution Systems) or the Historian can force a total manual shutdown. Without these systems, you cannot track recipes, quality metrics, or inventory levels, leading to an immediate and massive EBITDA loss.
The true danger lies in the Blast Radius of an attack. When the digital “brain” of the factory is compromised, the Supply Chain ripple effect begins. Missing a single shipment to an OEM (Original Equipment Manufacturer) can trigger contractual fines that dwarf the ransom demand itself. Furthermore, if you lose the Historian data—the record of how a specific batch was cooked or assembled—you may be forced to scrap the entire output for Quality Assurance (QA) and safety reasons, as you can no longer prove compliance.
In this light, cybersecurity is not an IT expense; it is Production Insurance. Every hour of downtime in a modern facility can cost hundreds of thousands of dollars. Protecting the data that flows around your machines is just as vital as oiling the gears themselves to ensure the long-term financial health of the organization.
Beyond Simple Backup
Don’t let a single cyberattack scrap your production line. Discover how our advanced backup and Disaster Recovery services can protect your bottom line.Check our service:
The Tenesys Mediator Approach: Achieve NIS2 Compliance Without Losing Sleep
The Tenesys Mediator Approach is a holistic framework that bridges the gap between NIS2 legal liability and OT operational realities. We don’t just “check boxes”; we build a Cyber-Resilience architecture that protects the Board from personal fines while giving the Utrzymanie Ruchu (Maintenance) team the 100% uptime guarantee they require.
This approach marks a shift from reactive firefighting to proactive Corporate Governance. The NIS2 Directive is not just an IT problem—it is a fundamental business requirement that demands accountability at the highest level. By moving away from invasive “office-style” security and embracing Monitoring IT 24/7 tailored for the shop floor, you eliminate the risk of accidental production halts caused by poorly implemented security protocols.
Summary
Choosing the right partner means finding someone who understands the high stakes of both the boardroom and the boiler room. Our method offers a “Double Benefit”: achieving NIS2 Compliance actually improves your network visibility. This clarity allows your team to move toward Predictive Maintenance, identifying potential equipment failures before they happen and further reducing unplanned downtime.
Łukasz Ratajczyk
Łukasz Ratajczyk
CTO
CTO with 12 years of experience across various industries. Specializes in optimizing cloud environments and modernizing infrastructure. A certified cloud architect, he leads a team of experienced DevOps engineers at Tenesys. Outside of work, he is a traveler and mountain biker.
Read also:
Smart Factory: How IT Infrastructures Pave the Way to Industry 4.0
In the age of ubiquitous intelligent wearables and appliances, it was only a matter of time before you’d hear about a smart factory. Even the most traditional industries, like manufacturing, are also yielding to digital transformation’s potential. Don’t be misled to think that it’s a completely new concept, though. While Google Trends shows a growing…The impact of the NIS2 directive on the energy sector: operator obligations and risks to critical infrastructure.
Cyber threats in Poland are intensifying. The energy sector, which includes traditional power plants, transmission grids, and constantly developing renewable energy sources (RES), has repeatedly been the target of sophisticated attacks. A new act regulating the energy sector – NIS2 – has been created in response to this problem. What actions should be taken to…Security of cloud environments in the context of NIS2/KSC and DORA regulations – how to avoid risks?
Migration to cloud computing has become a key element of digital transformation for companies in Europe. Organizations are increasingly moving their applications, data, and operational processes to cloud environments, taking advantage of their flexibility and scalability. However, the growing dependence on cloud services also involves new threats – cyberattacks, data breaches, and non-compliance with IT…
