An Architectural Approach for Securing OT Environments
DOI:
https://doi.org/10.63002/jrecs.403.1570Keywords:
Critical Infrastructure, cybersecurity, operational technology, secure architectureAbstract
Operational Technology (OT) environments require security architectures that differ materially from conventional Information Technology (IT) architectures because they prioritise safety, determinism, availability, and process continuity. Legacy control systems, long asset lifecycles, vendor dependencies, and restricted maintenance windows make component-level hardening insufficient as a primary security strategy. This paper positions OT security within the established literature on industrial control system protection, including NIST SP 800-82, ISA/IEC 62443, Purdue Enterprise Reference Architecture, Zero Trust, and secure connectivity principles. It argues that effective OT cyber security depends on a formally defined architecture that separates enterprise IT, industrial demilitarised zones, site operations, supervisory control, basic control, and physical process layers while governing the conduits between them. The paper proposes a layered OT security architecture based on defence in depth, zones and conduits, least privilege, secure remote access, identity governance, monitoring, change control, and safety-first design. The contribution is an architectural synthesis that translates mature IT security concepts into OT-compatible design principles while preserving the operational constraints of critical infrastructure. Future research directions are identified for legacy Zero Trust adoption, resilient OT monitoring, digital twins, cloud-connected OT, and integrated safety-security assurance.