2 posts tagged with "network-segmentation"

Industrial security used to mean padlocking the control room and keeping the plant network air-gapped. Those days ended the moment someone plugged a cellular gateway into the PLC cabinet. Now every edge device streaming telemetry to the cloud is an attack surface — and the cryptominer that quietly hijacked your VM last month was the gentle reminder.

This guide covers the practical security mechanisms you need to protect industrial data in transit — MQTT over TLS, certificate management for OPC-UA and cloud brokers, SAS token lifecycle, network segmentation patterns, and what zero-trust actually means when your "users" are PLC gateways running on ARM processors with 256MB of RAM.

There's a persistent myth in manufacturing that "air-gapped" OT networks don't need security. The moment you connect a PLC to an edge gateway that publishes data to the cloud via MQTT, that air gap is gone. You've built a bridge between your operational technology and the internet, and every decision you make about that bridge — TLS configuration, certificate management, authentication, network architecture — determines whether you've built a secure connection or an open door.

This guide covers the practical security decisions for IIoT deployments, based on hard-won experience connecting industrial equipment in environments where a misconfiguration doesn't just leak data — it can affect physical processes.