Segmentation Works for OT If Operators Are Paying Attention
Dark ReadingArchived Jun 11, 2026✓ Full text saved
Operational technology security remains as difficult as ever, with even the best practice recommendation falling short.
Full text archived locally
✦ AI Summary· Claude Sonnet
CYBERSECURITY OPERATIONS
News, news analysis, and commentary on the latest trends in cybersecurity technology.
Segmentation Works for OT If Operators Are Paying Attention
Operational technology security remains as difficult as ever, with even the best practice recommendation falling short.
Arielle Waldman,Features Writer,Dark Reading
June 11, 2026
5 Min Read
SOURCE: ORGANIC MEDIA VIA GETTY IMAGES
Separating systems to limit the damage in a cyber attack is still considered the way to secure industrial technology, but it remains a difficult goal. Segmentation only works to secure operational technology (OT) environments if operators know what threats and risks to look for, and in most cases, key concerns are overlooked.
Not only does OT help power critical infrastructure sectors, but it’s increasingly converging with IT environments as well. However, security continues to lag despite its critical role across industries.
Network segmentation that isolates systems to reduce the blast radius is an ongoing recommendation, but organizations need to tweak the process to boost effectiveness. Vendors who overpromise, users seeking convenience, and the cost of running segmented systems all work against the ideal.
Security gaps are rampant because of security awareness and visibility issues, says runZero founder and CEO HD Moore. People don't consider that every device they bring onto the network is possibly multi-homed and has connections to the internet on its own, he explains. For example, he highlighted OT field gear, which often has devices that allow remote access through a cellular connection.
Related:AI Dominates RSAC Innovation Sandbox
Threat actors will take advantage of those attack vectors, especially if internet-connected devices contain vulnerabilities. And their attacks are only growing more "creative," says Moore, making it harder to detect and respond to threats.
"It may be totally segmented, but it's also completely open and on the internet, and it’s really hard to find those without looking for it," Moore tells Dark Reading.
LOADING...
Why Microsegmentation Fails
Segmentation breaks down into two categories: Traditional and micro. Both pose concerns when it comes to OT security.
In traditional segmentation, operators place physical devices behind a firewall. Meanwhile, to implement the microsegmentation model, they install an agent onto the machine, giving every machine their own miniature firewall that only communicates to systems, applications, or devices the user allows.
Traditional segmentation falls apart when there are devices behind the firewall that can communicate outside of the security perimeter, warns Moore. For example, if a technician brings a Wi-Fi-enabled laptop to the factory floor and plugs it directly into the network.
Traditional segmentation "is so commonly broken that you can almost always guarantee there's a way around the firewall," says Moore. An unmanaged laptop could introduce malware or other serious threats into the environment.
Related:AI-Native Security Is a Must to Counter AI-Based Attacks
Microsegmentation is even more concerning, because the model doesn't work for devices that operators can't install protection on such as vital patches. They simply can't risk the downtime disruptions required.
"Factory machines and OT equipment, are effectively not able to be microsegmented so you're back to using one big firewall to separate, hoping no one goes around it," Moore says.
'Convenience Is Destroying Segmentation'
No matter which segmentation model organizations follow, operators crave more usability, which can create attack vectors. Convenience workarounds end up destroying segmentation, warns Moore.
But it's a vendor and user challenge.
Firewall vendors make promises: If organizations buy their box, they'll protect them. But users find the firewall restrictions annoying and devise "squirrely ways" to bypass the feature.
"They're like, 'Well, this firewall is still here,' not realizing the firewall no longer matters when you're going around it," he says.
And those firewalls may not be sufficient in the first place. Firewall vendors have been "failing pretty hard lately," warns Moore.
"Firewalls that are most commonly used for segmentation have also been the ones most commonly exploited in the last three years: Palo Alto, Fortinet, etc. are seen in the news repeatedly," he says. "Firewalls are the first step into the organization and it's not good when it fails."
Related:ServiceNow Buys Armis for $7.75B, Boosts 'AI Control Tower'
It’s Not A One-Time Project
Segmentation may have issues, but it can still be beneficial if implemented, monitored, and managed effectively. It is one of the few things in OT with real evidence behind it, says James Winebrenner, CEO of Elisity.
"Segmentation as a one-time project – the diagram you drew in a workshop two years ago and filed – is exactly what's leading to the gaps because the network it described stopped being true the week after you saved it," Winebrenner tells Dark Reading. "A segmentation diagram is a snapshot, and attackers don’t operate against snapshots, they operate against the network you actually have today."
In April, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory, Adapting Zero Trust Principles to Operational Technology, which emphasized how network segmentation is "one of the most foundational and effective security controls in OT environments"; and how it goes hand-in-hand with zero trust principles. But CISA also warned that organizations can't just lift IT zero trust into OT which has legacy machines, can't afford downtime, and has software restrictions.
Winebrenner echoed the guidance, which he says emphasized how "segmentation alone isn't foolproof." Instead, he urged organizations to treat segmentation as something they operate, rather than something they install. The security that works on a plant floor is one that rechecks policy. He referred to CISA's guide, which advised an enforceable policy over a "one-time architectural decision."
Segmentation is Overused
Part of it boils down to an economics problem. Organizations can't afford to pay for each factory equipment or ventilation system to have its own network switchboard. Not only is it unfeasible, but many devices still need to communicate with each other, explains Moore.
With so much legacy equipment on factory floors and power plants that can't receive patches and vendor updates, it's also unclear what they're allowed to filter or segment off.
"A lot of folks say: 'Ok, we'll put it all in one box and walk away and hope it's okay,'" he says.
One of the most vital points to remember in OT is that these connections don’t work only one way, warns Moore. For example, segmentation doesn't provide protection from a compromised customer using the same VPN as the organization. He recommends that organizations scan endpoint detection and response logs and find points that have an unrecognizable IP address and determine why they're connected.
"The hard thing about segmentation is that folks tend to overuse it," he says. "You have a bunch of equipment that you don't want attackers to get to, you put it into a segmented network, but you put it all on the same segmented network. Then, all it takes is one of those systems getting hacked."
About the Author
Arielle Waldman
Features Writer, Dark Reading
Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, providing context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. Her coverage areas include identity and access management, cyber risk and operations, industrial control systems, operational technology, and ransomware trends.
She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at TechTarget SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Organizations Are Managing Incident Response
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
Essential News & Insights from Black Hat USA 2025
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Access More Research
Webinars
Advanced Persistent Threats: A Practical Guide to Detection and Response
The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed
Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack
Defending in the Shadow Era: When the CVE Feed Goes Dark
Building SecOps That Make the Most of Every Dollar
More Webinars
You May Also Like
CYBERSECURITY OPERATIONS
Hand CVE Over to the Private Sector
by Brian Martin
JAN 27, 2026
CYBERSECURITY OPERATIONS
China Imposes One-Hour Reporting Rule for Major Cyber Incidents
by Robert Lemos, Contributing Writer
OCT 01, 2025
CYBERSECURITY OPERATIONS
CISA, FBI, NSA Warn of Chinese 'Global Espionage System'
by Alexander Culafi
AUG 28, 2025
CYBERSECURITY OPERATIONS
Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers
by Elizabeth Montalbano, Contributing Writer
JUL 16, 2025
Latest Articles in DR Technology
CYBER RISK
Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs
JUN 4, 2026
APPLICATION SECURITY
For Enterprises, Security Remains Agentic AI's Biggest Challenge
MAY 26, 2026
REMOTE WORKFORCE
Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers
MAY 22, 2026
CYBER RISK
What It'll Take to Make AI BOMs Usable in a Modern Security Program
MAY 19, 2026
Read More DR Technology
LOADING...