IoT Security Best Practices for Industrial Environments

The threat landscape

Industrial IoT devices are attractive targets. They often run outdated software, have weak or default authentication, and when compromised, can cause physical damage. Unlike IT systems where a breach means data loss, IoT breaches in industrial settings can halt production lines, damage equipment, or create genuine safety hazards.

Industrial systems face threats that traditional IT security approaches don't fully address:

• Long device lifecycles. Industrial equipment runs for 15–20 years. Security patches may not exist for older devices, and the vendor may no longer exist either.
• Uptime requirements. Rebooting for updates isn't acceptable during a production run. Maintenance windows are limited and tightly scheduled.
• Legacy protocols. Many industrial protocols (Modbus, OPC Classic, PROFINET) were designed before security was a concern. No authentication, no encryption, no integrity checking.
• Physical consequences. Attacks on control systems can cause explosions, chemical spills, and production stops, not just data breaches.
• IT/OT convergence. Previously air-gapped operational technology networks are now connected to IT networks (and sometimes the internet), exposing them to threats they were never designed to handle.

Device-level security

Strong authentication

Default credentials are the most common entry point for IoT attacks. The Mirai botnet compromised hundreds of thousands of devices using a list of just 62 default username/password combinations. Every device needs unique credentials, and defaults must be changed during commissioning. No exceptions.

• Unique, strong passwords per device (not the same password across a fleet)
• Certificate-based authentication where the device supports it
• No shared credentials across devices or roles
• Credential rotation on a defined schedule

Secure boot

Devices should verify firmware integrity during startup. Secure boot uses cryptographic signatures to ensure only authorised, unmodified code runs, preventing persistent malware that survives a power cycle.

Encryption

All data in transit should be encrypted. TLS 1.2 or higher for network communication. Encrypted storage for sensitive configuration data and credentials. Many older industrial protocols lack encryption by design. Where possible, wrap them in encrypted tunnels (VPN, TLS proxy) at the network layer.

Minimal attack surface

• Disable unused ports and services. If the device doesn't need SSH, turn it off.
• Remove unnecessary software packages from the firmware image
• Disable remote management features unless actively required
• Harden OS configurations using vendor-provided or CIS benchmarks

Network segmentation

Network segmentation is the single most effective control for limiting the impact of an IoT breach. If a compromised sensor can reach your ERP system, your network architecture has a problem.

Purdue Model architecture

The Purdue Enterprise Reference Architecture defines zones for industrial networks:

• Level 0–1: Physical processes: sensors, actuators, the physical equipment itself
• Level 2: Control systems: PLCs, HMIs, SCADA
• Level 3: Operations management: historians, MES
• Level 3.5 (DMZ): The boundary between IT and OT: jump servers, data diodes, security appliances
• Level 4–5: Enterprise IT: ERP, email, business applications

Segmentation best practices

• Firewall between every zone. Traffic must pass through security controls to cross zone boundaries. No shortcuts.
• Deny by default. Only explicitly allowed traffic gets through. If it's not on the whitelist, it's blocked.
• No direct IT-to-OT connections. All traffic between enterprise IT and operational technology goes through the DMZ with inspection.
• Micro-segmentation. Isolate particularly critical assets even within zones. A compromised HMI shouldn't be able to reach the safety controller on the same network segment.

Monitoring and detection

You can't prevent every attack. Detection and response capability is what separates "we caught it early" from "we found out months later."

OT-specific monitoring

Standard IT security tools often don't understand industrial protocols. Purpose-built OT security platforms (Claroty, Nozomi Networks, Dragos) can:

• Automatically inventory all devices and their connections
• Baseline normal communication patterns passively (no active scanning that might disrupt operations)
• Parse industrial protocols: Modbus, OPC, EtherNet/IP, PROFINET
• Alert on anomalous commands or unusual behaviour
• Detect policy violations without injecting traffic

What to monitor

• Network traffic crossing zone boundaries
• Authentication attempts and failures
• Configuration changes to controllers and devices
• Firmware updates and software installations
• Unusual commands to control systems, especially writes to safety-critical parameters

Patch management

Patching industrial systems is harder than patching IT systems, but unpatched vulnerabilities are how attackers get in. You need a realistic strategy.

1. Inventory. You can't patch what you don't know about. Maintain a complete asset register with software versions.
2. Prioritise. Critical vulnerabilities on internet-facing or DMZ-adjacent systems first. Not everything gets patched immediately, and that's okay, as long as the prioritisation is deliberate.
3. Test. Validate patches in a test environment before production. A patch that breaks a control system is worse than the vulnerability it fixes.
4. Schedule. Coordinate with operations to apply patches during planned maintenance windows.
5. Compensating controls. When patching isn't possible (vendor gone, certification constraints, system too critical to touch), add network-level controls to reduce the risk.

When patching isn't possible

Some systems genuinely can't be patched. The vendor no longer exists, the patch would invalidate safety certification, or the downtime risk is unacceptable. Compensating controls:

• Increased network isolation: tighter firewall rules around the vulnerable system
• Application whitelisting: only approved executables can run
• Enhanced monitoring: watch that system more closely for anomalous behaviour
• Network-level intrusion prevention: block known exploit patterns at the firewall

Physical security

Physical access to an IoT device often means complete access. You can extract firmware, implant backdoors, or just pull the plug. Industrial IoT security must include physical controls:

• Locked cabinets for networking equipment and controllers
• Tamper-evident seals on critical devices
• Restricted and logged physical access to control rooms
• USB port blocking or disabling on field devices
• Surveillance of equipment areas, especially remote or unmanned sites

Frequently asked questions

Where do we start?

Asset inventory and network segmentation. Inventory gives you visibility. You can't secure what you don't know exists. Segmentation limits the blast radius when (not if) a device is compromised. These two controls provide the most security improvement for the least disruption to operations.

Do we need OT-specific security tools?

For serious industrial environments, yes. Standard IT tools don't understand industrial protocols and may actively disrupt OT systems with active scanning. OT security platforms are designed for passive monitoring in environments where availability is paramount.

How do we secure legacy devices that can't be updated?

Isolate them. Put them on their own network segment with strict firewall rules that only allow the minimum required traffic. Monitor them closely. And plan for their eventual replacement. Security is one more reason to modernise aging infrastructure.

Kasun Wijayamanna Founder & Lead Developer

Postgraduate Researcher (AI & RAG), Curtin University - Western Australia

View profile →