We are currently trying to bridge the gap between our corporate IT office and the factory floor's Operational Technology. However, I am terrified of opening up our PLCs to the open internet. How do you implement data sharing for analytics without exposing the ICS to ransomware? Should we use a DMZ or a unidirectional data diode for the most sensitive segments?
3 answers
The foundation of safe IT/OT convergence is the Purdue Model for Industrial Control Systems. You should never have a direct connection from the corporate network to the plant floor (Level 0-2). Instead, establish an Industrial DMZ (Level 3.5) where data is staged. For highly sensitive environments like power grids or chemical plants, a unidirectional data diode is the gold standard because it physically prevents any data from flowing back into the OT side. This ensures that even if your corporate IT is hit by ransomware, the malware has no physical path to reach the controllers that manage your heavy machinery.
Do you think that air-gapping is still a viable strategy today, or has the need for real-time IIoT data made the traditional air-gap completely obsolete?
Start by mapping your assets. You can't protect what you don't know exists. Most OT environments have "ghost" devices that haven't been patched or updated in over a decade.
Heather is right. Our last audit found three legacy PLCs that weren't even on the official inventory but were connected to the network. Asset visibility is step one for any OT project.
Steven, that's a tough one. To answer your question, "true" air-gaps are almost extinct because technicians often use USBs or laptops that bridge the gap anyway. It's better to have a managed, monitored connection than a "fake" air-gap that gives a false sense of security while hidden threats crawl through.