Key Takeaways
- Industry 4.0 dissolves the air gap by design. Smart factories are built to move shop-floor data to analytics and cloud, so the old isolation defence no longer applies.
- IIoT sensors and edge gateways are the new attack surface. They are numerous, often weakly authenticated, and bridge the OT process network to IT and cloud.
- OT/IT convergence demands segmentation, not separation. The Purdue model and a controlled IT/OT DMZ replace the air gap as the organising defence.
- IEC 62443 is the dominant industrial security standard. Zones, conduits and security levels give a structured way to engineer a smart factory securely.
- Predictive-maintenance and digital-twin data is sensitive and bidirectional. Telemetry out is usually acceptable; an inbound control path from the cloud is where the real risk sits.
Industry 4.0 and the Disappearing Air Gap
The smart-factory promise is data. Sensors on every machine feed condition data to analytics, manufacturing execution systems coordinate the line, robotics and automated guided vehicles work alongside people, and predictive-maintenance and digital-twin platforms turn that telemetry into decisions. Realising that value requires moving data off the shop floor, across the historic IT/OT boundary, into enterprise systems and frequently into vendor or public cloud. Industry 4.0 does not accidentally weaken the air gap; it removes it deliberately, because connectivity is the point.
That changes the threat model. The OT network used to be defended primarily by isolation, and the assumption that it could not be reached from the internet did a lot of the security work. In a smart factory that assumption is gone. Edge gateways, IIoT platforms, remote-access channels and cloud integrations all create routes between the corporate or internet side and the process-control side. The defensive question is no longer whether a path exists but how tightly every path is engineered, authenticated and monitored.
The economic stakes raise the urgency. Manufacturing has become a favoured ransomware target precisely because downtime has a clear, large hourly cost, which pressures payment decisions. And in a connected factory, an IT-side incident can halt production even without touching the OT directly, because the work orders, quality systems, manufacturing execution and logistics that surround the machines all depend on IT. The security programme has to span both sides of the converged environment, not just the headline OT layer.
The Industrial IoT Attack Surface
Industrial IoT introduces a large, distributed attack surface that traditional OT security did not have to consider. A smart factory may deploy thousands of sensors, smart actuators, condition-monitoring devices, RFID and vision systems, and the edge gateways that aggregate and forward their data. These devices are numerous, physically accessible on the shop floor, frequently shipped with default credentials, rarely patched on any disciplined cadence, and often managed by an equipment vendor rather than the security team.
The risks are specific. Many IIoT devices and gateways authenticate weakly or use shared credentials, exposing management interfaces that allow configuration change or firmware replacement. Telemetry is sometimes transmitted without strong transport encryption, exposing process data and, worse, exposing command channels where the device accepts instructions. Firmware is hard to update and may carry known vulnerabilities for years. Edge gateways are the highest-value of these targets because they bridge zones: a compromised gateway can see OT data and may have a path both deeper into the process network and outward to the cloud.
Securing this surface starts with an inventory, because you cannot protect devices you have not catalogued. Each device and gateway should be recorded with type, vendor, firmware version, network location, owner and patch status. From there: change default credentials and move to per-device identity where supported, enforce encrypted and authenticated communication, restrict each device's network reachability to only what it needs, monitor for anomalous behaviour, and treat edge gateways as critical assets with hardened configurations and tight access control. A representative-device penetration test on each class of IIoT hardware surfaces the configuration drift that inventories miss.
Need a Sector-Specific Cyber Programme?
Codesecure delivers ISO/IEC 27001:2022 certified VAPT, compliance and managed security for retail, education, manufacturing and supply chain customers across India, Singapore, UAE and Malaysia. Named consultants, fixed-price proposals, free retest within 90 days.
See Industry Services →OT/IT Convergence and the Purdue Model
With the air gap gone, segmentation becomes the organising defence, and the Purdue Enterprise Reference Architecture remains the universal reference for structuring it. The model separates the environment into levels: Level 0 the physical process of sensors and actuators, Level 1 basic control of PLCs and controllers, Level 2 supervisory control of HMIs and SCADA, Level 3 site operations of historians and manufacturing execution systems, Level 3.5 the IT/OT DMZ, and Levels 4 and 5 enterprise IT and the wider business. Smart-factory data flows up these levels, and the security task is to make sure it does so only through controlled, inspected paths.
The pragmatic segmentation goal is straightforward to state and demanding to implement. Traffic between the OT levels and enterprise IT never bypasses the Level 3.5 DMZ. IIoT telemetry destined for cloud analytics is brokered through the DMZ rather than allowed to flow directly from a Level 1 or 2 device to the internet. Engineering workstations do not sit simultaneously on an OT level and on the corporate network. Remote access from vendors and engineers enters through the DMZ only, with session recording. Each allowed flow is documented, allow-listed and logged, so that anything unexpected is visible.
Most factories beginning a smart transformation have partial segmentation: some zones enforced, others flat, and a set of convenience connections that grew up over time and were never reviewed. Bringing the architecture to a documented and enforced state is typically a six to twelve month programme, paced by the plant's maintenance windows because any change touching live OT has to wait for a safe opportunity. The IEC 62443 zones-and-conduits model maps directly onto this work and gives a standards-based way to define and justify each boundary.
IEC 62443: Zones, Conduits and Security Levels
IEC 62443 is the leading international standard for industrial automation and control system security, and it is well suited to smart-factory design because it was written for exactly this converged, connected environment. It organises security around zones (groupings of assets with a common security level) and conduits (the controlled communication paths between zones), and it assigns security levels that express how strong a zone's protection needs to be against a defined class of threat. This gives engineers a structured, defensible way to decide where boundaries go and how strong each must be.
For a smart factory the most directly useful parts are the asset-owner security programme requirements, the risk-assessment process for system design, and the system security requirements that map controls to target security levels. Applied to an IIoT deployment, this means grouping sensors and controllers into zones by function and criticality, defining the conduits that carry telemetry to the historian and to cloud analytics, and setting each conduit's controls (authentication, encryption, direction, inspection) to the security level the connected zones require. The standard also addresses secure development and product certification levels, which informs procurement: buying IIoT hardware and platforms with demonstrated security capability reduces the burden of compensating for weak products later.
Manufacturers serving regulated downstream sectors, or designated as critical infrastructure under their national scheme, increasingly face customer-audit and regulatory expectations that mirror IEC 62443 controls even where the standard is not formally mandated. Codesecure delivers IEC 62443 gap assessments and remediation roadmaps for smart-factory environments, with reporting that satisfies customer audits, insurer questionnaires and applicable regulatory expectations. We reference IEC 62443 as an external industry standard and help customers apply it to their specific IIoT and OT architecture.
Predictive Maintenance and Digital-Twin Data
Predictive maintenance and digital twins are among the headline benefits of the smart factory, and they are also a distinct security consideration because they are data-hungry and frequently bidirectional. A predictive-maintenance platform ingests high-resolution condition data from machines, often streaming it to a vendor or public cloud for modelling. A digital twin maintains a live virtual model of equipment or the whole line, fed continuously by shop-floor telemetry. Both create rich data flows out of the OT environment, and sometimes a return path of recommendations, parameters or commands back toward it.
The risk is asymmetric and worth stating plainly. Telemetry flowing out to a cloud analytics platform is usually acceptable, provided the data is appropriately classified, transmitted securely, and the receiving cloud has an adequate security posture. The dangerous part is any inbound control path: a channel that lets the cloud platform, or anyone who compromises it, send instructions, parameter changes or firmware back to the OT side. That inbound path converts an analytics convenience into a route for production disruption or sabotage, and it is exactly the kind of connection that gets configured for vendor convenience and never properly reviewed.
The control pattern is to allow the outbound telemetry through the DMZ under classification and encryption, and to refuse or tightly constrain inbound control. Where a vendor genuinely requires a return path, it should be narrow, authenticated, logged, human-approved for any consequential action, and incapable of pushing firmware or safety-relevant parameters without an out-of-band confirmation. The predictive-maintenance data itself also needs assessment: it can reveal production volumes, processes and intellectual property, and where it touches personal data such as worker or operator information it brings privacy obligations under the DPDP Act and comparable regional frameworks. Codesecure helps customers assess vendor IIoT and predictive-maintenance offerings before signing, so the data and connectivity terms are understood up front.
Regulator Pressure or Customer Audit?
Whether you need PCI DSS, DPDP, IEC 62443 or vendor-assurance evidence, our compliance and VAPT lead is available for a 30-minute free scoping call. Audit-ready, board-ready, no slideware.
Talk to a Specialist →Remote Access, Monitoring and Incident Response
Vendor and engineer remote access is the dominant ingress route into industrial environments, and the smart factory multiplies it because more vendors, more platforms and more cloud services all expect connectivity. Left uncontrolled this becomes a set of permanent tunnels, shared credentials and convenience firewall rules. The recommended pattern routes every external party through a single hardened jump host in the Level 3.5 DMZ, with sessions recorded, credentials vaulted and rotated, multi-factor authentication enforced, and no persistent vendor VPN. Vendors request a session each time rather than holding standing access.
Monitoring is what turns segmentation from a static design into a live defence. Network monitoring tuned for OT protocols detects unexpected commands, new devices, and traffic that should not cross a conduit. Edge gateways and IIoT platforms are high-value monitoring points because they sit on the boundary. Many smart-factory programmes deploy OT-aware monitoring early, because it provides visibility into an environment that was historically dark and because it catches both attacks and misconfiguration. Anomaly detection on process telemetry can also flag tampering that purely IT-focused tools would miss.
Incident response in a converged factory must be adapted from the standard IT plan, because the IT assumption that systems can be shut down safely does not hold on the OT side. The plan needs pre-defined safe-isolation procedures (which segment can be cut without endangering the process), pre-agreed authority for who can halt and restart production, evidence preservation that does not compromise safety, and vendor coordination for any rebuild. A joint IT and OT tabletop exercise is the cheapest way to find the gaps, and the recurring discovery on first run is that the two teams hold incompatible assumptions about whether shutting things down is safe. Reconciling that before an incident is the whole purpose of the exercise. Codesecure delivers smart-factory IR readiness, OT-aware testing and tabletop facilitation as part of our manufacturing engagements.
Frequently Asked Questions
Is the air gap really gone in a smart factory?
By design, yes. Industry 4.0 connects the shop floor to analytics and cloud on purpose, because the data is the value. The practical question is no longer whether OT can be reached from the IT or internet side, but whether every path that exists is documented, narrow, authenticated, inspected and monitored. Engineered segmentation around a Level 3.5 DMZ replaces isolation as the organising defence.
What makes IIoT devices risky?
They are numerous, physically accessible, frequently shipped with default or shared credentials, rarely patched on a disciplined cadence, and often managed by an equipment vendor rather than the security team. Edge gateways are the highest-value of them because they bridge zones and can see OT data while holding paths to the cloud. The controls are inventory, per-device identity, encrypted authenticated communication, tight reachability and monitoring.
How does IEC 62443 apply to a smart factory?
IEC 62443 is the leading international standard for industrial control system security, and its zones, conduits and security-level model maps directly onto a connected factory. You group assets into zones by function and criticality, define the conduits that carry telemetry to historians and cloud, and set each conduit's controls to the required security level. We reference IEC 62443 as an external industry standard and deliver gap assessments and remediation roadmaps against it.
Is sending machine data to the vendor's cloud safe?
Outbound telemetry is usually acceptable if the data is classified, transmitted securely, and the receiving cloud has an adequate security posture. The real risk is any inbound control path that lets the cloud platform send instructions, parameters or firmware back to the OT side. That return path should be refused or tightly constrained, authenticated, logged and human-approved, and never able to push firmware or safety-relevant changes without out-of-band confirmation.
Can you test our factory without stopping production?
Yes. Smart-factory engagements default to passive techniques on live OT: network capture, configuration review, IIoT and gateway assessment, and vendor coordination. Active or potentially disruptive testing is reserved for planned maintenance windows or vendor lab environments and is only performed when explicitly scoped and authorised in writing. We respect vendor warranty constraints and coordinate with plant operations throughout.
Does the DPDP Act apply to a factory?
It applies wherever personal data is processed. Most core OT process data is not personal data, so the DPDP Act and comparable regional frameworks apply mainly to HR, CRM and the rest of the IT estate. Where IIoT involves personal data, such as worker tracking, biometric access or operator-linked telemetry, those frameworks become relevant on the OT side too, and the data flows need to be assessed accordingly.
Build a Connected Factory That Is Secure by Design
Codesecure delivers smart-factory cybersecurity, IIoT and edge-gateway assessment, IEC 62443 gap analysis, OT-aware testing and IR readiness for manufacturers across India, Singapore, UAE and Malaysia. ISO/IEC 27001:2022 certified delivery, named consultants with OT and IoT credentials.
