Securing Critical Infrastructure, Part 2: Changing the Model for OT Cybersecurity

Read full article here:  https://corsha.com/blog/securing-critical-infrastructure-changing-the-model-for-ot-cybersecurity-part-2/?source=nhimg

In Operational Technology (OT), the instinctive response to vulnerabilities has long been patching or firmware updates. While this remains a best practice, it often falls short in addressing deeper, hardware-level issues. The Siemens PLC vulnerability (CVE-2022-38773) illustrates the problem: the cryptographic flaw was burned into the ATECC108A chip itself, making it impossible to remediate with software patches. For industrial operators, patching also carries operational risk downtime can halt production and impact revenue. This highlights a sobering truth: patching alone cannot be the foundation of OT security.

Why the Purdue Model Isn’t Enough

The Purdue model has been widely used to structure OT networks into layered zones for traffic isolation and monitoring. However, it was never intended as a true security framework. In practice, the complexity of industrial operations means the model is rarely implemented perfectly, leaving gaps that attackers can exploit. Reliance on segmentation and network isolation alone creates a false sense of security. The OT landscape now demands compensating controls that add active, in-line protection without massive network redesigns.

A Shift Toward Inline Security and MFA for Machines

Modern cloud systems have already solved this challenge by embedding verification proxies and zero-trust principles into every communication path. OT can learn from this architecture. The future of industrial cybersecurity lies in applying multi-factor authentication (MFA) to non-person entities controllers, devices, and services.

Unlike human MFA, device-based MFA doesn’t require user interaction. Instead, devices validate themselves through rotating cryptographic proofs and credibility checks (“the thing I am”), ensuring that each machine-to-machine request is verified dynamically. This approach protects even in cases where static credentials, tokens, or network-level defenses fail, making lateral movement far harder for attackers.

Why This Matters Now

• Static credentials are outdated – relying solely on rotation or vaulting leaves systems exposed to professional attacks.
• Attackers are targeting OT-specific weaknesses – embedded cryptography flaws, unmonitored service accounts, and legacy devices are prime entry points.
• Defense in depth is the only viable strategy – adding MFA and continuous verification for devices creates a resilient layer on top of segmentation.

Recognizing Industry Progress (and Shortcomings)

Siemens’ attempt to embed cryptographic protection in its PLCs is notable — a step ahead of vendors that still rely on weak or basic authentication. But it also demonstrates why architectural solutions are essential: even well-intended hardware security can contain vulnerabilities that persist for decades. Applauding these advances while acknowledging their limitations helps the industry move forward with more realistic expectations.

Key Takeaways

• Segmentation alone is not enough, OT networks require new, inline controls.
• MFA for devices and APIs should become the norm in industrial environments.
• Zero-trust principles proven in cloud systems must be extended to OT.
• Architectural resilience is the only way to defend against unpatchable vulnerabilities.

Bottom Line

OT security must evolve beyond patch-and-pray. By redesigning architectures to incorporate inline verification, device MFA, and layered defenses, organizations can reduce their exposure to catastrophic vulnerabilities. The lesson is clear: stop building “desert homes in a jungle.” Instead, adapt the security model to the hostile environment in which critical infrastructure truly operates.