Why Industrial Security Can No Longer Be Built on Borders
By Muhammad Ali Khan ICS/ OT Cybersecurity Specialist - AAISM | CISSP | CISA | CISM | CEH | ISO27001 LI | CHFI | CGEIT | CDCP
The Comfort of the Perimeter
For decades, industrial cybersecurity has been built around a simple idea:
If we can clearly define what is inside and what is outside,
Then we can decide what to trust.
This idea gave us:
Purdue models
Zones and conduits
Firewalls and DMZs
"Air gaps" that were never truly air-gapped
It worked, for a time.
But modern OT environments no longer behave like bounded systems. They behave like living, interconnected processes, constantly interacting with vendors, cloud platforms, analytics engines, and autonomous systems.
The perimeter has not just weakened.
It has lost its meaning.
The Historical Role of Perimeters in OT
Perimeter-based security made sense when:
Control systems were static
Networks were isolated
Change was slow and deliberate
Most threats originated externally
In that world, drawing boundaries was rational. Traffic patterns were predictable. Trust relationships were stable.
The perimeter acted as a risk filter. But OT has changed, structurally, not cosmetically.
Modern OT Is Inherently Perimeterless
Today's OT environments include:
Remote operations centers
Continuous vendor access
Cloud-based monitoring and optimization
Data historians feeding enterprise systems
AI-driven decision engines acting across layers
The majority of meaningful activity now flows:
East-to-west, not north-to-south
Across trusted pathways, not through "external" ones
In many documented OT incidents, access was:
- Authorized
- Credentialed
- Legitimate
The attack did not cross the perimeter.
It originated inside trust.
Why the Perimeter Fails as a Security Concept in OT
1. OT Threats Are Often Insider-Path Threats
Not necessarily malicious insiders but:
Compromised vendors
Misused credentials
Abused remote access
Legitimate tools used out of context
Perimeters are designed to stop outsiders.
OT incidents often come from trusted paths behaving unexpectedly.
2. Autonomous Systems Ignore Network Boundaries
Autonomous and semi-autonomous systems:
- Act across zones
- Optimize globally
- Respond faster than human governance
An AI optimizing energy efficiency does not care whether its signal crosses a firewall. It cares about the process state.
Security controls that rely on boundaries struggle when systems themselves are designed to transcend boundaries.
3. Safety Systems Bypass Perimeters by Design
Safety Instrumented Systems (SIS) exist to:
- Act immediately
- Ignore network logic
- Override everything else
They are intentionally designed outside traditional cybersecurity controls.
From a safety perspective, this is correct.
From a perimeter-security perspective, it means your most powerful actions bypass your strongest defenses.
4. Perimeters: Assume Stable Trust
OT environments rely on long-lived trust:
- Devices remain trusted for years
- Credentials rarely rotate
- Systems outlive their security assumptions
Perimeter security assumes trust is static.Reality proves it isn't.
Why "Zero Trust" Alone Is Not the Answer
Zero Trust improves IT security by questioning identity.
- In OT, identity is not the problem.
The real question is not:
- "Who is this system?"
But:
-"Is this action safe right now, given the physical state of the process?"
A perfectly authenticated command can still be catastrophic if:
- Timing is wrong
- Context is missing
- Process conditions have shifted
In OT, authority without context is a risk.
The Shift: From Borders to Behavior
Effective OT cybersecurity does not protect networks.
It protects process integrity.
That means security must attach to:
Process state
Physical constraints
Operational intent
Timing and sequencing
Instead of asking:
"Did this cross the perimeter?"
The more meaningful question becomes:
"Should this action be allowed in this moment?"
This is not a rejection of segmentation.
It is an acknowledgment of its limits.
What This Means for Leadership
Perimeter security feels reassuring because it is visible:
Diagrams
Zones
Firewall rules
But visibility is not control.
Leaders must accept a harder truth:
If your security model depends on a clear inside and outside,
Your model is already out of date.
Security strategy must evolve from where traffic comes from to what behavior does to the process.
Regulatory and Accountability Reality
Regulators increasingly focus on:
Process safety
Due care
Reasonable controls
They do not accept:
"The firewall was configured correctly."
as a defense for physical impact.
If an incident occurs through an authorized path, the question becomes:
Why was that action allowed?
What controls validated its safety?
Perimeters do not answer these questions.
Process-aware controls do.
Industry 5.0 Perspective: Human-Centric, Not Border-Centric
Industry 5.0 emphasizes:
Resilience
Human responsibility
Trustworthy automation
None of these are achieved by thicker borders.
Humans cannot govern autonomous systems by drawing lines around them.
They must govern what systems are allowed to do.
This requires:
Authority tied to process impact
Real-time validation
Clear override responsibility
Closing Thought
Perimeters were never wrong.
They are simply no longer sufficient.
The future of OT cybersecurity is not perimeter-less because we gave up.
It is perimeter-less because the process no longer fits inside a fence.
Security that protects networks but not physical reality is strong-looking right up until the moment it matters. The leaders who recognize this shift early will not just prevent incidents.
They will redefine what "control" means in industrial systems.