Industrial IoT devices are attractive targets. They often run outdated software, have weak authentication, and - when compromised - can cause physical damage. Unlike IT systems where a breach means data loss, IoT breaches in industrial settings can halt production, damage equipment, or create safety hazards.
This guide covers practical security measures for protecting connected devices in operational technology (OT) environments.
The Industrial IoT Threat Landscape
Industrial systems face unique threats that IT security approaches don't fully address:
- Long device lifecycles: Industrial equipment runs for 15-20 years. Security patches may not exist for older devices.
- Uptime requirements: Rebooting for updates isn't acceptable during production. Scheduled maintenance windows are limited.
- Legacy protocols: Many industrial protocols (Modbus, OPC) were designed before security was a concern.
- Physical consequences: Attacks can cause explosions, spills, production stops - not just data breaches.
- Converging networks: IT/OT convergence exposes previously air-gapped systems to internet-connected threats.
Real-world impact: The Triton malware targeted industrial safety systems specifically designed to prevent catastrophic failures. Stuxnet damaged centrifuges by manipulating control systems. These aren't theoretical risks.
Device-Level Security
Strong Authentication
Default credentials are the most common entry point for IoT attacks. Every device needs unique credentials, and default passwords must be changed during commissioning.
- Unique, strong passwords per device
- Certificate-based authentication where supported
- No shared credentials across devices
- Regular credential rotation
Secure Boot
Devices should verify the integrity of firmware during boot. Secure boot ensures only authorised, unmodified code runs on the device - preventing persistent malware.
Encryption
All data in transit should be encrypted. TLS 1.2+ for network communication. Encrypted storage for sensitive configuration. Many older industrial protocols lack encryption - wrap them in encrypted tunnels (VPN, TLS) where possible.
Minimal Attack Surface
- Disable unused ports and services
- Remove unnecessary software packages
- Disable remote access features if not required
- Harden operating system configurations
Network Segmentation
Network segmentation is the most effective control for limiting IoT breach impact. Devices should not have more network access than they need.
Purdue Model Architecture
The Purdue Enterprise Reference Architecture defines zones for industrial networks:
- Level 0-1: Physical processes, sensors, actuators
- Level 2: Control systems, PLCs, HMIs
- Level 3: Operations management, historians
- Level 3.5 (DMZ): Boundary between IT and OT
- Level 4-5: Enterprise IT network
Segmentation Best Practices
- Firewall between zones: Traffic must pass through security controls to cross zone boundaries.
- Deny by default: Only explicitly allowed traffic permitted between zones.
- No direct IT-to-OT: All traffic through DMZ with inspection.
- Micro-segmentation: Isolate critical assets even within zones.
Monitoring and Detection
You can't prevent every attack. Detection and response capability is essential.
OT-Specific Monitoring
Standard IT monitoring tools often don't understand industrial protocols. Purpose-built OT security platforms can:
- Inventory all devices and their connections
- Baseline normal communication patterns
- Parse industrial protocols (Modbus, OPC, etc.)
- Alert on anomalous commands or behaviour
- Detect policy violations without active scanning
What to Monitor
- Network traffic between zones
- Authentication attempts and failures
- Configuration changes to devices
- Firmware updates and installations
- Unusual commands to control systems
Detection Priorities
- New devices appearing on network
- Direct connections bypassing DMZ
- Engineering workstation activity outside maintenance windows
- Control system configuration changes
Patch Management
Patching industrial systems is challenging but necessary. Unpatched vulnerabilities are how attackers get in.
Patching Strategy
- Inventory: Know what you have and what software versions are running.
- Prioritise: Critical vulnerabilities on internet-facing systems first.
- Test: Validate patches in test environment before production.
- Schedule: Plan patches for maintenance windows.
- Compensating controls: If patching isn't possible, add network controls to reduce risk.
When Patching Isn't Possible
Some systems can't be patched - vendor no longer exists, certification requirements, or the patch breaks functionality. Compensating controls:
- Increased network isolation
- Whitelisting allowed applications
- Enhanced monitoring of vulnerable systems
- Network-level attack prevention (IPS)
Physical Security
Physical access to devices often means full access. Industrial IoT security must include physical controls:
- Locked cabinets for network equipment and controllers
- Tamper-evident seals on critical devices
- Restricted physical access to control rooms
- USB port blocking or disabling
- Surveillance of equipment areas
Summary
IoT security in industrial environments requires a defense-in-depth approach: secure devices, segmented networks, continuous monitoring, and response capability. No single control is sufficient - attackers will find gaps.
Start with asset inventory and network segmentation. These provide visibility and limit blast radius when - not if - a compromise occurs. Layer in device hardening, monitoring, and patch management as your program matures.