Secure IT/OT Convergence Through Physical Boundary Enforcement
Convergence delivers operational efficiency but destroys the air gap that protected industrial systems for decades. Firevault Control restores the physical boundary while preserving the data flows that convergence enables.
Threat Response
You cannot firewall your way to an air gap. If a packet can traverse from your IT network to your OT environment, the boundary exists only in your network diagram, not in reality.
91%
Of OT environments now have some IT network connectivity
Zero
Persistent IT-to-OT network paths during production
Physical
Separation between IT and OT management planes
Full
IEC 62443 zone and conduit compliance evidence
Convergence creates pathways that industrial systems were never designed to defend.
Eroded Air Gaps
The physical separation that protected OT systems for decades has been replaced with firewalls and VLANs. These logical controls are bypassed through misconfigurations, credential theft, and zero-day vulnerabilities.
Legacy System Exposure
Industrial control systems running decades-old software are now reachable from IT networks. These systems cannot be patched, cannot run endpoint protection, and were never designed for network-connected operation.
Shared Management Planes
IT and OT often share authentication infrastructure, jump servers, and management tools. A compromise of the IT management plane provides direct access to OT control systems.
The Scenario
Scenario: IT Compromise Reaching Industrial Control Systems
A water treatment facility connects its SCADA systems to the corporate IT network for remote monitoring and reporting. An attacker compromises a corporate workstation through a phishing email and discovers the jump server used for SCADA access. Using harvested credentials, they traverse from the IT network to the OT environment, gaining access to programmable logic controllers that manage chemical dosing. With Firevault Control, the IT-to-OT boundary is physically enforced. Data flows from OT to IT for monitoring occur through the Transfer module during scheduled windows, but there is no persistent path from IT into the OT environment. The jump server is physically disconnected from OT infrastructure outside authorised maintenance windows.
"We had a firewall between IT and OT with 47 rules. Our penetration testers traversed it in 3 hours. The only separation that would have stopped them was physical disconnection."
How Control stops IT incidents bleeding into OT.
IT and OT convergence is efficient, but it gives an IT compromise a direct road into safety-critical control systems. Firevault Control keeps the convergence operational without letting an IT incident become a process-safety incident.
Mapped to ATT&CK for ICS tactics (TA0108 Initial Access, TA0109 Execution, TA0106 Lateral Movement, TA0107 Inhibit Response Function) and IEC 62443 zone and conduit requirements.
-
ST 01
IT Foothold
TA0001
◤ Attacker
Compromises a corporate endpoint or engineering workstation that also has a path into the OT network.
◢ Control breaks it
The conduit between IT and OT is physically severed unless an authorised operational window is open.
FirebreakIsolate✕ Break here -
ST 02
Crossover Attempt
TA0108
◤ Attacker
Uses jump hosts, historians or engineering tooling to step across the IT-OT boundary.
◢ Control breaks it
Cross-zone access becomes a named Relay session with explicit approval, scope and time limit.
RelayLockValidate✕ Break here -
ST 03
OT Reconnaissance
TA0102
◤ Attacker
Enumerates PLCs, RTUs and HMIs to understand the process before acting.
◢ Control breaks it
Discovery is contained within the level the session was scoped to. Field zones are not reachable as a side effect.
Isolate✕ Break here -
ST 04
Inhibit Safety Response
TA0107
◤ Attacker
Tries to disable interlocks, alarms or safety instrumented systems so a destructive command can land.
◢ Control breaks it
Safety-related changes require Execute with multi-party approval. The safety instrumented system stays beyond casual reach.
ExecuteValidateLock
Outcome · outcome block
An IT compromise stays in IT. The operational process keeps running and the safety layer is never quietly disarmed.
Modules & symbols
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
Physical Boundary Enforcement
The IT/OT boundary is enforced through physical disconnection, not firewall rules. No misconfiguration, credential theft, or zero-day can bypass a path that does not exist.
One-Way Data Diodes
Monitoring data flows from OT to IT through controlled transfer mechanisms that prevent any return path from IT into the OT environment.
Separate Management Planes
IT and OT management infrastructure exists on physically separate networks. Compromise of IT management systems provides no path to OT control systems.
Emergency OT Isolation
A single authorised command physically severs all IT/OT connections, allowing OT systems to continue safe operation while the IT compromise is contained.
Conduit Activity Logging
Every data transfer and maintenance session across the IT/OT boundary is logged on physically disconnected storage for compliance and forensic purposes.
IEC 62443 Compliance
Physical zone and conduit architecture maps directly to IEC 62443 requirements, with automated evidence generation for audit and certification.
Demo to Live
Adoption Guide
Convergence Point Audit
Map every connection between IT and OT environments, including shared management infrastructure, jump servers, historian links, and vendor access paths.
Zone and Conduit Design
Design physically separated zones aligned to the Purdue model with controlled conduits for each authorised data flow and maintenance path.
Non-Critical System Pilot
Deploy physical boundary enforcement on a non-critical OT segment, testing monitoring data flows, maintenance windows, and emergency isolation procedures.
Full OT Deployment
Extend to all IT/OT boundaries with automated compliance evidence generation, continuous conduit monitoring, and integration with existing SCADA management.
Convergence Point Audit
Map every connection between IT and OT environments, including shared management infrastructure, jump servers, historian links, and vendor access paths.
Zone and Conduit Design
Design physically separated zones aligned to the Purdue model with controlled conduits for each authorised data flow and maintenance path.
Non-Critical System Pilot
Deploy physical boundary enforcement on a non-critical OT segment, testing monitoring data flows, maintenance windows, and emergency isolation procedures.
Full OT Deployment
Extend to all IT/OT boundaries with automated compliance evidence generation, continuous conduit monitoring, and integration with existing SCADA management.
Explore More
Control for Utilities
Physical isolation for power grid and utility SCADA.
Learn more about Control for UtilitiesManagement Plane Exposure
Isolate management interfaces from production networks.
Learn more about Management Plane ExposureIEC 62443 Compliance
Industrial automation security and Purdue model compliance.
Learn more about IEC 62443 ComplianceQuestions