What is an OT network?
An OT network (Operational Technology network) is a network specifically designed for controlling, monitoring and managing industrial processes and physical systems. It connects devices such as PLCs, HMIs, SCADA systems, Sensors and Actuators within factories, power plants, water treatment installations and other operational environments.
Unlike IT networks, an OT network is all about reliability, availability and deterministic behaviour, often in Real-time.
🧠 How does an OT network work?
- Connection between operational components
- PLCs control machines
- SCADA/DCS systems collect data and provide visualisation
- IO modules and field devices communicate via fieldbuses or Ethernet
- Network structure
- Based on the Purdue Model: segmented layers for control and monitoring
- Often separated from IT via a Firewall, DMZ or data diode
- Use of protocols
- Industrial protocols such as Modbus, ProfiNET, Ethernet IP and OPC UA
- Often real-time or time-sensitive (e.g. with TSN)
🏭 Characteristics of an OT network
- Real-time communication required (e.g. for safety functions)
- High requirements for availability and uptime
- Long equipment lifespan (10–30 years)
- Often vendor-specific hardware and protocols
- Usually air gaps or segmentation between OT and IT
- Legacy systems without modern security features
🔍 OT network vs. IT network
| Feature | OT network | IT network |
|---|---|---|
| Purpose | Controlling machines and processes | Managing data, applications and users |
| Priority | Availability and determinism | Confidentiality and integrity |
| Protocols | ProfiNET, Modbus, OPC UA, etc. | TCP IP, HTTPS, LDAP, etc. |
| Equipment | PLCs, sensors, HMIs | Servers, laptops, printers |
| Security | Less built-in, often physically isolated | Layered, standard security |
| Lifecycle | Long (~15–30 years) | Short (~3–5 years) |
🔐 Security considerations for OT networks
- Use of Defense in Depth strategies
- Segmentation via the zone-and-conduits model
- Monitoring with IDS, SIEM and anomaly detection
- Patch management is more complex than in IT
- Risks from OT convergence such as malware, ransomware and Insider Threat
IEC 62443, NIST SP 800-82 and NIS2 are important standards for OT security.
📌 In summary
An OT network is the backbone of industrial automation, focused on availability, reliability and safety. Because of the increasing connectivity with IT systems, securing and segmenting OT networks is more important than ever.