Balancing Security and Uptime in Manufacturing: Realities for Modern Industrial Networks

Manufacturing networks are at an infrastructural crossroads. New threats and compliance requirements mandate ever-stricter security, while business imperatives — productivity, safety, and quality — demand near-perfect uptime. As CISOs, IT Directors, network engineers, and operators, you face the paradox of making your shopfloor both more secure and always available. Not only do these objectives often conflict, but the history and architecture of operational technology (OT) makes the trade-offs even thornier.

Let’s cut through the noise and dig into the technical realities, historical underpinnings, and architectural strategies for balancing security and availability in industrial environments.

From Air Gaps to Convergence: A Brief Historical Perspective

For decades, industrial automation and control systems (IACS, now broadly called OT), relied on physical isolation. The “air gap” was not just a metaphor — process networks sat entirely outside the purview of IT. Proprietary fieldbuses (PROFIBUS, DeviceNet), vendor-specific protocols, and often a lack of connectivity were considered de facto security.

However, business needs (e.g., MES, real-time analytics, remote support) and the rise of Ethernet and TCP/IP for automation (see Profinet, EtherNet/IP, Modbus TCP) led to the collapse of these barriers. The “IT/OT convergence,” a phrase you’re probably tired of, reflected both technology shifts and mounting business demands.

But the old legacy persists. Most manufacturing sites still feature a mix of:

• Decades-old PLCs and HMIs with no built-in security

• Windows XP/7 embedded systems — unsupported, unpatchable, yet mission-critical

• Critical real-time requirements with very low fault tolerance

• A conservative change-management culture, with 24×7 uptime as the gold standard

Annotation: The Stuxnet Effect

The 2010 Stuxnet incident upended many technical and psychological assumptions about OT safety. The awareness that targeted malware could propagate via USB drives, step through weakly segmented networks, and compromise process logic prompted an overdue reckoning in how critical infrastructure is secured. None of this was future-gazing security theater; it was a wake-up call: isolation is imperfect, security-by-obscurity is dead, and “it can’t happen here” is a dangerous mindset.

Why Security and Uptime Are Often in Tension

The Technical Dilemma

IT best practices — e.g., strong authentication, rigorous patch management, network segmentation, and endpoint monitoring — rarely translate cleanly to OT. Examples:

• Patch Management: Applying a critical patch to a Tier 1 application server? Reasonable downtime can be scheduled. But try patching a PLC controlling a bottling line — even planned downtime may be limited to twice a year, and there’s legitimate concern about unknown “fixes” breaking deterministic workflows.

• Network Segmentation: In IT, VLANs and firewalls are routine, but in many brownfield industrial environments, flat L2 domains and poorly inventoried connections are the norm. Introducing segmentation risks breaking process communications, especially where legacy protocols are in use.

• Access Control: MFA is a no-brainer for VPN or cloud logins. But ask an operator who’s wearing gloves, dealing with alarm floods, and racing against process timeouts to enter a code every shift, and you’ll sabotage both usability and safety.

Cultural and Organizational Inertia

The reality: uptime KPIs have ruled manufacturing for decades, and process owners rarely see security as adding value. Security is often seen as a “tax” — on agility, on production tempo, and especially on troubleshooting during incidents.

This manifests through a variety of behaviors:

• Shadow IT/OT: Technicians bypassing controls for quick fixes (“just hook up the laptop, get it running”)

• Deprioritizing critical updates: “If it’s not broken, don’t touch it”

• Minimal documentation and inventory (“Bob wired that panel ten years ago — only he knows what's in it”)

Architectural Pillars for Secure, Reliable Industrial Networks

1. Rigorous Network Segmentation (& Micro-segmentation)

Let’s be precise: segmentation is not creating a VLAN for the plant. True security segmentation needs clearly defined security zones (ISA/IEC 62443), with managed trust relationships between them. At minimum:

• Demilitarized Zones (DMZ): Separate business/IT from process/OT with a Layer 3 DMZ. Data diodes or strict firewalls should enforce uni-directional flows if possible.

• Cell/Area Zones: Within OT, break down per production area. Don’t allow inter-cell chatter unless required.

• Micro-segmentation: Where feasible, further subdivide using host-based firewalls, NAC, or overlay technologies.

Technical note: The Purdue Model remains a reference for many, but is insufficient alone. Real segmentation now employs a hybrid of VLANs, VRFs, firewalled interfaces, and access control at both the network and device level (especially if leveraging IIoT).

2. Inventories and Asset Visibility Are Non-Negotiable

If you don't know your network’s composition in detail, there is no secure-by-design: there’s just firefighting. Begin with passive asset discovery (e.g., network taps, span ports — never active scans on fragile OT gear). Deploy protocol-aware tools (with native Modbus, S7, DNP3 parsing). Every unmanaged port, every “mystery” switch, every spare HMI should be accounted for.

Historical note: Modern ITAM evolved with hardware and software normalization; OT inventory lags due to vendor heterogeneity and protocol idiosyncrasies. But few things have as much impact on both security and availability as eliminating these blind spots.

3. Secure Remote Access (That Operators Actually Use)

Many of the worst intrusions stem from ad-hoc, undocumented remote connections — poorly secured VPNs, TeamViewer installs, or, in some cases, default credentials left exposed. Implement a modern remote access solution:

• MFA by default, but tailored for operator ergonomics (consider push notifications, smartcards, or hardware tokens instead of complex passwords)

• Session logging and granular time restrictions

• Access brokers/gateways that can mediate protocol translation and audit activity

But just as important: work with your process teams so the solution is tolerated in emergencies. If the “approved” method is too slow or breaks workflows, shadow remote access will return.

4. Patch Management and System Hardening — Carefully Orchestrated

It’s not about copying Windows Update policy from IT; it’s about context. You must:

• Triaging vulnerabilities by exploitability and process criticality

• Maintaining a robust test/sandbox environment that mirrors production hardware/firmware (easier said than done)

• Working closely with vendors for validated security updates

• Logging every exception — and re-evaluating unpatched systems at every opportunity

For some assets, compensating controls (enhanced monitoring, isolation) may be the only viable path if patches are unavailable.

5. Defense-in-Depth and Continuous Monitoring

No single measure works: layers are necessary. On top of firewalls, segmentation, and remote access controls, deploy anomaly detection — but with an OT lens, where “rare” behavior may in fact be scheduled batch processes. Monitor both north-south (external connections, vendor remote access) and east-west (lateral movement within process cells).

Key challenge: tuning alerting to avoid operator fatigue, while ensuring meaningful response to real threats. This is not “SOC for OT” — it’s often more akin to process safety monitoring than classic SIEM.

Balancing Strategy: The Case for a True IT/OT Partnership

The best technical architecture is irrelevant without operational buy-in. The way forward, time and again, is via cross-functional partnership:

• Joint risk assessments — weigh both security threats and process impact

• Shared metrics — not just “no incidents,” but both uptime and mean time to secure remediation

• Iterative improvements — rolling out controls at the speed the plant can accommodate

• Empowering “security champions” within OT who can act as translators (the ability to speak both IT and process engineering is invaluable)

Technical leaders must insist on this collaboration. Otherwise, “security projects” surfacing only as top-down mandates will repeatedly run aground on operational realities.

Conclusion: Honest Progress, Not Silver Bullets

Today’s manufacturing networks are far from the textbook diagrams. They’re messy, fragile, and deeply entwined with physical process constraints. Secure connectivity is necessary, but must be aligned with uptime reality.

Resist easy solutions. There is no universal technology, standard, or product that will “solve” the balance between security and availability. It takes architectural rigor, realistic prioritization, and, above all, a refusal to let expediency undercut fundamentals. Achieving this equilibrium is continuous work — but the alternative is running with the brakes cut or the ignition switched off, and neither is an option in a critical manufacturing landscape.

Further Reading & Reference Architectures

• ISA/IEC 62443: Industrial automation security standards

• NIST SP 800-82: Guide to Industrial Control System Security

• Purdue Enterprise Reference Architecture (PERA)

• ENISA: Good Practices for Security of IoT in the context of Smart Manufacturing