Myth: OT Systems Are “Isolated” and Immune from Cyberattacks

by | Jan 28, 2026 | OT Myths

Introduction

In industrial and critical infrastructure circles, few security concepts have been as misunderstood and misapplied as the idea of the “air gap.” For decades, operational technology (OT) networks were assumed to be physically isolated from any external connection, whether corporate IT, the public internet, or other external sources. This thinking went: if nothing connects, nothing can attack.

This mindset used to make sense. Power grids, water treatment plants, manufacturing lines, and oil refineries often operated on separate systems. Any interaction between OT and IT was manual, intentional, and infrequent. If you needed to reprogram a PLC, you’d walk into the plant, connect a cable, and enter the commands yourself.

But fast-forward to today, and that picture is nearly unrecognizable. The demands of modern business, along with advances in connectivity and automation, have diminished the air gap. Corporate and OT networks are merging, remote access is widespread, and many industrial devices now feature built-in network connectivity.

The myth persists that OT is still “air-gapped,” but the truth is that it is much more connected and, therefore, more vulnerable. Believing otherwise leads to dangerous complacency, underfunded security controls, and unprepared incident response.

Where the Air-Gap Assumption Came From

To understand why this myth refuses to die, we must revisit how OT networks were initially designed.

1. Proprietary Systems and Protocols

Historically, OT environments depended on specialized, vendor-specific systems. PLCs, RTUs, and DCS controllers communicated via proprietary protocols like Modbus, Profibus, or DNP3. These were not designed with security in mind, nor were they built to connect to external networks.

2. Physical Separation

Plant floor systems operated on their networks, often using serial connections, isolated hubs, or private fiber. Any data sharing with the outside world involved manual processes, floppy disks, later CDs or USB drives, and often strict change control.

3. Availability Over Security

The priorities of OT have always been the “CIA triad” flipped on its head:

  • Availability- Keep systems running 24/7
  • Integrity- Ensure processes are consistent and reliable
  • Confidentiality- Important, but rarely the top priority

Because these networks were initially physically isolated, the lack of built-in cybersecurity wasn’t seen as a major problem.

Reality: The Gap Has Closed

The “gap” was never absolute. Even in the 1990s, engineers occasionally carried data between networks on removable media. But in the last 20 years, business and technical drivers have steadily connected OT to IT, and by extension, to the internet.

1. OT Convergence

Modern industrial operations depend on real-time data for efficiency, compliance, and profitability. That means OT systems need to share information with corporate business systems:

  • Enterprise Resource Planning (ERP) systems use production data to manage supply chains.
  • Manufacturing Execution Systems (MES) require continuous updates from plant-floor sensors and control systems.
  • Data historians collect long-term process data for quality control, analytics, and reporting.
  • Centralized monitoring allows the corporate HQ to oversee multiple facilities.

The result: a path, sometimes direct, sometimes through multiple network hops, between OT and IT.

2. Remote Access for Vendors and Maintenance

Downtime in OT environments can cost millions per hour. To minimize disruption, many organizations allow remote troubleshooting by:

  • Original equipment manufacturers (OEMs)
  • Systems integrators
  • Specialized engineering contractors

This is often done over:

  • VPNs
  • Remote desktop protocols
  • Vendor-hosted portals
  • “Temporary” cellular or broadband modems connected directly to OT assets

In many cases, “temporary” remote access becomes permanent for convenience, and with it, a permanent vulnerability.

3. Industrial Smart Devices

Modern sensors, drives, and controllers increasingly ship with Ethernet, Wi-Fi, or even Bluetooth capabilities, and sometimes even embedded SIM cards. Many of these devices “phone home” to vendor cloud services for:

  • Predictive maintenance alerts
  • Firmware updates
  • Performance analytics

While convenient, these features often bypass traditional OT network controls.

4. Shadow OT

It is not uncommon to find that network connections are not officially sanctioned. Engineers under pressure to deliver results may add:

  • Unmanaged switches or hubs used to extend networks for new devices.
  • Consumer-grade routers for temporary connectivity to an endpoint.
  • USB storage devices used to transfer data for upgrades or other purposes. 
  • Engineering laptops that connect to both IT and OT networks, or even worse, are a personal computer that has little to no security controls enforced.

Each shortcut increases exposure.

Why This Myth is Dangerous

Believing the air-gap myth leads to three critical mistakes:

  1. Complacency – If you assume OT is unreachable, you don’t monitor it, segment it, or patch it.
  2. Underfunding – Security budgets focus on IT because OT is “safe.”
  3. Unpreparedness – Security teams don’t include OT in incident response, leaving engineers to improvise under pressure.

In short, if you think the bridge doesn’t exist, you won’t defend it, but attackers will find it.

Real-World Examples of the Airgap Failing

Stuxnet (2010)

Perhaps the most famous example, Stuxnet, was designed to target Siemens PLCs controlling uranium centrifuges in Iran. Even though the network was not connected to the internet, the worm spread via infected USB drives brought in by unsuspecting staff. It manipulated physical processes while hiding its changes from operators.

TRITON / TRISIS (2017)

A sophisticated malware framework targeted safety instrumented systems (SIS) in a petrochemical facility. The attacker entered through the corporate network, moved laterally into the OT environment, and attempted to reprogram the SIS controllers. In this case, they entered fail-safe mode, which prevented the attackers from gaining full control but also caused an unplanned plant shutdown.

Colonial Pipeline (2021)

While the ransomware attack targeted corporate IT systems, the pipeline operator shut down OT operations pre-emptively due to the interconnected nature of their networks. The incident caused fuel shortages and widespread disruption.

Oldsmar Water Treatment Plant (2021)

An attacker used a remote desktop connection exposed to the internet to try to raise sodium hydroxide levels in drinking water. Quick action by an operator prevented harm, but the intrusion was entirely digital.

These incidents prove that OT threats can originate from both direct connections and indirect pathways through IT or physical media.

Engineering and Security Practices to Address the Risk

The solution isn’t to try to rebuild the “perfect” air gap. It is no longer realistic or practical in modern operations. Instead, organizations need layered, realistic defenses that assume connectivity exists.

1. Network Architecture

Adopt a layered security approach. The following example is the Purdue Enterprise Reference Architecture, identifying the devices that are within each level:

  • Level 0–1 – Field devices, PLCs, sensors
  • Level 2 – Local HMIs, control servers
  • Level 3 – Site operations network (manufacturing execution, historians)
  • Level 3.5 – Industrial DMZ (buffer zone between OT and IT)
  • Level 4–5 – Corporate IT, ERP, cloud services

Key steps:

  • Use firewalls to strictly control traffic between zones.
  • Implement data diodes for one-way data flow where possible.
  • Ensure that any cross-network communication is authenticated, encrypted, and logged.

2. Secure Remote Access

  • Require multi-factor authentication (MFA) for all remote sessions.
  • Use jump servers in the DMZ rather than direct connections into OT.
  • Make vendor access time-bound, and credentials expire after the work is done.
  • Log and review all remote activity.

3. Monitoring and Detection

  • Deploy OT-aware intrusion detection systems (IDS) that can interpret ICS protocols.
  • Passively monitor network traffic for anomalies.
  • Integrate OT telemetry into the Security Information and Event Management (SIEM) used for IT.

4. Patch and Asset Management

  • Maintain a complete asset inventory, including hardware, firmware, software, and network topology.
  • Classify assets by criticality to prioritize patching.
  • Schedule vendor-approved patch windows to minimize disruption.
  • Track and manage end-of-life systems that can’t be patched, applying compensating controls.

5. Cross-Team Collaboration

  • Break down the silos between IT security teams and OT engineering teams.
  • Conduct joint risk assessments that consider both business and operational impacts.
  • Run tabletop exercises that simulate OT-specific incidents, such as process manipulation or safety system shutdown.

An OT Security Checklist for the Post-Air-Gap World

  1. Inventory everything – You can’t protect what you don’t know exists.
  2. Segment your network – Create choke points for monitoring and control.
  3. Secure remote access – Limit, monitor, and authenticate.
  4. Monitor continuously – Look for both IT-style threats and OT-specific anomalies.
  5. Patch intelligently – Plan and test updates; apply vendor guidance.
  6. Train all staff – Engineers, operators, and IT staff all have a role in security.
  7. Plan for incident response – Include OT in your playbooks and drills.

Key Takeaway

The air gap, as it once existed, is gone for most industrial environments. Connectivity, whether intentional or accidental, means OT systems face many of the same cyber threats as IT. But OT attacks can cause far more than data loss: safety incidents, environmental damage, and prolonged outages are all on the table.

By accepting that OT is interconnected, organizations can concentrate on developing realistic, layered defenses that safeguard both business operations and physical processes. The myth of the perfect air gap is outdated; the future of OT security focuses on resilience in a connected world.

At Enaxy, we help organizations adapt to this new reality by designing layered OT security architectures, deploying monitoring solutions, and building incident response plans that protect both digital assets and physical operations. Our expertise ensures your defenses evolve alongside the threat landscape.

Ready to strengthen your OT security posture for a connected world? Contact us at info@enaxy.com to get started.