Industry 4.0 broke the air-gap. The question is no longer whether OT and IT are converging — they have already converged. The question is how to secure that convergence without breaking production.
Why air-gaps don't survive
Predictive maintenance, condition monitoring and remote diagnostics all require OT data to leave the OT zone.
Vendor remote access has quietly become continuous, not occasional.
Legacy PLCs and HMIs were never designed to be on a routable network. They are now on a routable network.
The Purdue model, modernised
Purdue is still the right reference, but rigid Purdue is not. Treat it as a layered defence model with clearly defined data flows between layers — not as physical separation.
Conduits, not connections. Every OT-IT data flow should be a documented conduit with inspection and identity.
Asset visibility is the foundation. You cannot defend what you cannot see, and OT estates are full of devices nobody on the IT team has ever logged into.
Operating without breaking production
Passive OT monitoring before active controls. Most OT estates cannot tolerate active scanning.
Change windows must align with production realities. Do not insert a security control into a process line that runs 24/7 and expect a 30-minute change window.
OT-aware playbooks. The IR playbook for a phishing email cannot be the IR playbook for a compromised PLC.
This piece is part of the Cylentrix Research Office series. For the deeper reference architecture and engagement model behind it, request a confidential briefing.