Begin and build on basics

System integrator Interstates shows how segmentation, communication restrictions and device-level protections can protect processes
Dec. 2, 2025
3 min read

Key Highlights

  • Cyber-attacks are mostly random and can be mitigated with basic cybersecurity practices, yet many organizations neglect these measures.
  • Proper network segmentation, firewall configurations and access controls are critical to prevent the spread of cyber threats within OT environments.
  • Many OT devices lack advanced security features, requiring careful configuration of firewall rules and ACLs to restrict unauthorized access.
A forklift erects a restrictive barrier. Create a new restriction. Provide new sanctions and restrictions. Laws and regulations. Bans and taboo. Stop work, freeze and cancel. Block VPN services.

Because cyber-probes, -intrusions and -attacks are so numerous, they must be software-driven to be generated and distributed in sufficient volumes. This is relatively good news because it means they’re mostly disseminated randomly, which means that basic cybersecurity measures can prevent the vast majority from causing interruptions or damage. However, the bad news is that even basic cybersecurity practices often remain unused.

“The biggest trends we continue to see in OT environments are ransomware and IT-related attacks spilling over and affecting OT networks and production. Both originate from a lack of security investment by smaller organizations,” says Brandon Bohle, endpoint security team lead at Interstates Inc., a national, U.S. Midwest-based system integrator, and a certified member of the Control System Integrators Association (CSIA). “Many of these cyber-attacks aren’t targeted, but are instead opportunistic due to the simplicity of existing security controls. In cases where IT attacks affect OT, they’re typically due to site-to-site firewalls aren’t configured properly or access control lists (ACL) that aren’t in place to reduce or eliminate the spread of a cyber-attack in a facility or organization.”

Segment instead of shutdown

Due to lacking network segregation, Bohle reports that many facilities will shut down completely as a precaution if they experience a cyber-attack in one area. If their networks had been properly architected and configured earlier, these facilities could realistically continue to operate, even if one area was compromised.

Get your subscription to Control's tri-weekly newsletter.

“Properly segmenting networks, establishing firewall rules, and developing ACLs are some of the best ways to secure process control and automation systems without losing access to their devices and data,” adds Bohle. “When these protections are implemented, you allow access only by the people and devices that need to communicate and share data with each other, and restricting access by everything else.”

From the device-level to the future

Bohle adds that many sensors and devices at Level 1 or even Level 0 of the six-level Purdue model for control networks are very simple devices that don’t have many security capabilities. Consequently, they’re usually secured by using firewall rules or ACLs, which can be configured to only allow communications and data traffic from authorized devices or networks to reach Level 1 or 0 equipment. “These are effective ways to secure device-level components,” adds Bohle. “However, it can be quite time-consuming to tune rules to make sure legitimate and required traffic isn’t blocked, and that illegitimate traffic can’t reach the devices.”

As cybersecurity continue to evolve in OT environments, Interstates’ Bohle adds that organizations are updating related systems, even though OT process lifecycles are longer than their IT counterparts. “As these systems evolve and modernize, more cybersecurity capabilities will emerge,” adds Bohle. “I don’t see OT security reaching the same level as IT security because of OT’s availability and safety responsibilities, but I think the gap between IT and OT will continue to decrease.”

Three extra boosts for cybersecurity

When starting to develop a cybersecurity plan for an OT network, there are at least three supplementary procedures that participants should follow in addition to basic steps like changing default passwords, segmenting networks and evaluated network traffic. Brandon Bohle, endpoint security team lead at Interstates Inc., reports these tasks are:

  • Work with each organization’s IT group. While many IT-based security practices can cause issues in an OT environment, using policies, procedures and tools developed by IT teams as a starting point will help get the development process started. It’s also important to follow up and modify these policies, procedures and tools to fit the needs of production facilities to reduce the possibility that new security measures will cause production issues.
  • Set metrics and goals. This will show management that their cybersecurity investment is paying off. It will also demonstrate that security measures have a secondary effect of reducing unplanned downtime, and providing more accurate alerts for proactive maintenance. This can help justify the existing investment, and make it easier to secure future funding.
  • Never be satisfied. Networks always continue to grow and evolve, but so do cyber-threats. This means maintaining continuous, long-term, organizational cybersecurity goals. These efforts  will also help participants transition from one security project into the next. While each project may have different levels of complexity and cost, every will add additional layers of security to OT processes and their facilities.

About the Author

Jim Montague
Email

Jim Montague

Executive Editor

Jim Montague is executive editor of Control. 

Sign up for our eNewsletters
Get the latest news and updates

Related

Quicker, simpler gas detection
How mass relates to flow measurement
Boost Sludge Thickening with Real-Time Metrics
Sponsored
Reliable Instrumentation for Carbon Capture
Sponsored