Industrial network gateway and PLC modules
Industrial network gateway and PLC modules

For years, OT cybersecurity lived in policy decks. In 2025–2026 it shows up in RFPs, insurer questions, and customer IT/OT reviews. That is healthy — if engineering treats it as architecture, not paperwork.

What plants are being asked

  • How is the machine or cell segmented from the enterprise network?
  • Who can reach engineering ports, and how is remote support controlled?
  • What is the patch and backup plan for HMIs, IPCs, and historians?
  • Are default credentials and flat Level 0–2 networks still the norm?

What “good enough” looks like for many mid-size facilities

Not every plant needs a full ISA/IEC 62443 certification program on day one. Many need: documented zones and conduits, managed switches, jump hosts or secure remote access, role-based HMI accounts, and a spare/image strategy for critical nodes. Those basics prevent a large share of operational risk.

Controls engineering implications

Security design affects PLC networking, SCADA deployment topology, vendor VPN habits, and even panel layout (where the IPC lives, how USB is handled, whether engineering laptops get a dedicated port). Retrofit projects should budget discovery time — undocumented flat networks are common.

Practical next step If a customer security review is blocking a project, start with a controls + network audit. Orgenis maps the as-built OT picture and a phased remediation path that operations can live with.

Discuss a controls platform decision or plant automation roadmap with Orgenis.