Frequently Asked Questions

Back to all FAQs

question

As industrial IoT becomes mandatory rather than optional, how do you secure a network of 50+ PLCs from different vendors (Siemens, Mitsubishi, AB) that were never designed to talk to each other, let alone be exposed to the internet?

WalterSimmons

WalterSimmons

2025-12-08

answer

Hey there! That's a really smart question - you're hitting on one of the biggest challenges in industrial cybersecurity today. Securing a mixed bag of PLCs from different vendors that were never meant to be connected is like trying to herd cats, but here's how I'd approach it:

First, you absolutely need network segmentation. Create separate zones for each vendor's PLCs and put them behind industrial firewalls. Think of it like building separate rooms in a house - Siemens PLCs in one room, Mitsubishi in another, Allen-Bradley in a third. This way, if one gets compromised, the others are protected.

Next, set up an Industrial DMZ (Demilitarized Zone) between your OT (operational technology) and IT networks. This acts as a buffer zone where you can place secure remote access solutions, data diodes, and monitoring tools without directly exposing your PLCs to the internet.

For those legacy PLCs that can't be patched or updated, use virtual patching - basically putting security controls around them to shield their vulnerabilities. Also implement strict access controls, monitor all network traffic for anomalies, and consider using secure remote access solutions that don't require direct internet exposure of your PLCs.

The key is layering defenses - no single solution will protect everything, but combining segmentation, monitoring, access controls, and secure remote access gives you a fighting chance against modern threats while keeping your production running smoothly!

Recent Q&A

Quickly browse the latest questions and answers

Contact form