Physical Network Governance for Operational Technology
Industrial control systems, SCADA networks, and manufacturing processes were built for reliability, not cybersecurity. As IT/OT convergence accelerates, these systems face threats they were never designed to withstand.
Network Evolution & Rapid Protection
If your IT network can reach your OT network, so can an attacker. The only real air gap is a physical one, not a firewall rule, not a VLAN, not a DMZ. Firevault Control enforces physical IT/OT separation at the hardware level.
Zero
IT-to-OT crossover pathways
24/7
Operational continuity maintained
9
Governance modules for OT isolation
Full
IEC 62443 compliance evidence
OT environments are increasingly exposed.
IT/OT Convergence
Shared connectivity between IT and OT networks exposes industrial systems to IT-borne threats.
Legacy Systems
Legacy OT systems lack authentication and encryption, and patching requires downtime.
Configuration Tampering
Attackers alter PLC programs and SCADA configurations with changes that go undetected for weeks.
The Scenario
Scenario: Ransomware Crosses IT into OT
A manufacturing plant's IT network is compromised through a phishing email targeting the finance team. The ransomware spreads laterally across the corporate network within 4 hours. Because the historian server bridges IT and OT, sharing a network path for reporting, the ransomware reaches the OT network by hour 6. PLC configurations are encrypted, SCADA displays go dark, and the plant loses supervisory control of three production lines. Recovery takes 18 days because backup PLC configurations were stored on a network-attached share, also encrypted. With Firevault Control, the Isolate module physically disconnects OT backup data from IT networks. The Transfer module governs any data movement between zones through policy-controlled windows. The ransomware reaches IT but cannot cross a connection that physically does not exist.
"We had a firewall between IT and OT. We thought that was an air gap. When the ransomware jumped across, we realised a firewall rule is just software, and software can be bypassed. We needed physical disconnection."
Where each Control module is deployed across the Purdue layers.
Most OT estates still look like a stack: enterprise on top, an industrial DMZ in the middle, process control and supervisory layers below it, and safety at the bottom. Control puts a physical boundary at every step so a problem at one layer does not propagate to the next.
Grounded in ISA-95 / Purdue, IEC 62443-3-3 and NIST SP 800-82 Rev. 3.
Internet / Cloud
External
External traffic terminates in the perimeter.
Enterprise
IT
Business systems. Not part of the process.
Business systems. Not part of the process.
Enterprise cannot reach the DMZ on its own terms.
Industrial DMZ
DMZ · trust boundary
All IT/OT traffic terminates here.
All IT/OT traffic terminates here.
Data moves through the DMZ on controlled routes only.
Operations
OT
Engineering and SCADA on separate fabrics.
Supervisory
OT
Control actions need approval.
Basic control
Field
Safety is reachable by named operators only.
Safety systems
Field
Safety integrity. Last line.
Safety integrity. Last line.
Field assets named.
Physical
Field
Crown jewels
Off-network
Detail callout · A
Offline Secure Storage
PLC programs, DCS baselines, SIS logic, recipes and the records to rebuild from after an incident.
Offline by design · secure by defaultModules & symbols
Where each module is deployed, and what it does there.
One row per module. Placement on the network, then plain-English purpose at that point.
-
Isolate
At every Purdue boundary
Each layer sits on its own physical fabric. A compromise in enterprise cannot walk into process control or safety on the strength of a misconfigured rule.
-
Firebreak
On the L5 to L4 link and the L4 to L3.5 link
Firebreak gives the OT team a real hardware off switch on the IT boundary, so a compromise in enterprise cannot ride a live cable into process control.
-
Relay
Inside the L3.5 DMZ
Data moves from enterprise into OT through scheduled, defined routes. Nothing streams unattended.
-
Validate
Inside the L3.5 DMZ
Before anything reaches process control, Validate checks its origin, integrity and authority.
-
Transfer
Inside the L3.5 DMZ
When data has to move across the boundary, Transfer governs how it crosses and where it lands.
-
Execute
On the L2 to L1 link
Pushing a change to a controller holds until the right approval is in place.
-
Lock
On the L1 to SIS link and the SIS to L0 link
Safety is the last layer anything reaches. Lock ties that boundary to named operators with the right engineering authority.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
PLC & SCADA Config Protection
Golden copies of PLC programs, SCADA configurations, and HMI settings stored in hardware-encrypted offline vaults, immune to network-based attacks.
Historian Backup
Process historian data protected in physically disconnected storage, ensuring operational records survive ransomware and are available for safety investigations.
Controlled Maintenance Windows
Time-bound access windows for firmware updates and configuration changes, physical paths open only during authorised periods with full audit trails.
IEC 62443 Evidence
Automated compliance logging maps to IEC 62443 zone and conduit requirements, demonstrable physical separation, not just logical segmentation.
Zero-Downtime Deployment
Deploys alongside existing OT infrastructure without requiring changes to PLCs, SCADA systems, or network architecture, no production disruption.
Demo to Live
Adoption Guide
OT Environment Audit
Map all IT/OT boundaries, shared network paths, historian connections, and remote access points to identify where physical separation is required.
Zone and Conduit Design
Align Control modules to IEC 62443 security zones and conduits, designing physical separation that maps directly to your compliance requirements.
Non-Disruptive Pilot
Deploy alongside existing PLCs, SCADA systems, and RTUs without any changes to operational equipment, zero production downtime during validation.
Production Go-Live
Activate controlled maintenance windows, historian backup replication, and immutable audit trails across your entire OT environment.
OT Environment Audit
Map all IT/OT boundaries, shared network paths, historian connections, and remote access points to identify where physical separation is required.
Zone and Conduit Design
Align Control modules to IEC 62443 security zones and conduits, designing physical separation that maps directly to your compliance requirements.
Non-Disruptive Pilot
Deploy alongside existing PLCs, SCADA systems, and RTUs without any changes to operational equipment, zero production downtime during validation.
Production Go-Live
Activate controlled maintenance windows, historian backup replication, and immutable audit trails across your entire OT environment.
Questions