An Architectural Approach for Securing OT Environments

Authors

  • Tom Nemeth CSIRO, Waite Campus, South Australia
  • Elena Sitnikova Flinders University, 4 MAB, Eastern Promenade, Tonsley 5042, Australia

DOI:

https://doi.org/10.63002/jrecs.403.1570

Keywords:

Critical Infrastructure, cybersecurity, operational technology, secure architecture

Abstract

Operational Technology (OT) environments require security architectures that differ materially from conventional Information Technology (IT) architectures because they prioritise safety, determinism, availability, and process continuity. Legacy control systems, long asset lifecycles, vendor dependencies, and restricted maintenance windows make component-level hardening insufficient as a primary security strategy. This paper positions OT security within the established literature on industrial control system protection, including NIST SP 800-82, ISA/IEC 62443, Purdue Enterprise Reference Architecture, Zero Trust, and secure connectivity principles. It argues that effective OT cyber security depends on a formally defined architecture that separates enterprise IT, industrial demilitarised zones, site operations, supervisory control, basic control, and physical process layers while governing the conduits between them. The paper proposes a layered OT security architecture based on defence in depth, zones and conduits, least privilege, secure remote access, identity governance, monitoring, change control, and safety-first design. The contribution is an architectural synthesis that translates mature IT security concepts into OT-compatible design principles while preserving the operational constraints of critical infrastructure. Future research directions are identified for legacy Zero Trust adoption, resilient OT monitoring, digital twins, cloud-connected OT, and integrated safety-security assurance.

Downloads

Published

02-07-2026