CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 11, 2026

Segmentation Works for OT If Operators Are Paying Attention

Dark Reading Archived Jun 11, 2026 ✓ Full text saved

Operational technology security remains as difficult as ever, with even the best practice recommendation falling short.

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBERSECURITY OPERATIONS News, news analysis, and commentary on the latest trends in cybersecurity technology. Segmentation Works for OT If Operators Are Paying Attention Operational technology security remains as difficult as ever, with even the best practice recommendation falling short. Arielle Waldman,Features Writer,Dark Reading June 11, 2026 5 Min Read SOURCE: ORGANIC MEDIA VIA GETTY IMAGES Separating systems to limit the damage in a cyber attack is still considered the way to secure industrial technology, but it remains a difficult goal. Segmentation only works to secure operational technology (OT) environments if operators know what threats and risks to look for, and in most cases, key concerns are overlooked.  Not only does OT help power critical infrastructure sectors, but it’s increasingly converging with IT environments as well. However, security continues to lag despite its critical role across industries.  Network segmentation that isolates systems to reduce the blast radius is an ongoing recommendation, but organizations need to tweak the process to boost effectiveness. Vendors who overpromise, users seeking convenience, and the cost of running segmented systems all work against the ideal.   Security gaps are rampant because of security awareness and visibility issues, says runZero founder and CEO HD Moore. People don't consider that every device they bring onto the network is possibly multi-homed and has connections to the internet on its own, he explains. For example, he highlighted OT field gear, which often has devices that allow remote access through a cellular connection.  Related:AI Dominates RSAC Innovation Sandbox Threat actors will take advantage of those attack vectors, especially if internet-connected devices contain vulnerabilities. And their attacks are only growing more "creative," says Moore, making it harder to detect and respond to threats. "It may be totally segmented, but it's also completely open and on the internet, and it’s really hard to find those without looking for it," Moore tells Dark Reading. LOADING... Why Microsegmentation Fails Segmentation breaks down into two categories: Traditional and micro. Both pose concerns when it comes to OT security.  In traditional segmentation, operators place physical devices behind a firewall. Meanwhile, to implement the microsegmentation model, they install an agent onto the machine, giving every machine their own miniature firewall that only communicates to systems, applications, or devices the user allows. Traditional segmentation falls apart when there are devices behind the firewall that can communicate outside of the security perimeter, warns Moore. For example, if a technician brings a Wi-Fi-enabled laptop to the factory floor and plugs it directly into the network.  Traditional segmentation "is so commonly broken that you can almost always guarantee there's a way around the firewall," says Moore. An unmanaged laptop could introduce malware or other serious threats into the environment.  Related:AI-Native Security Is a Must to Counter AI-Based Attacks Microsegmentation is even more concerning, because the model doesn't work for devices that operators can't install protection on such as vital patches. They simply can't risk the downtime disruptions required.   "Factory machines and OT equipment, are effectively not able to be microsegmented so you're back to using one big firewall to separate, hoping no one goes around it," Moore says.  'Convenience Is Destroying Segmentation' No matter which segmentation model organizations follow, operators crave more usability, which can create attack vectors. Convenience workarounds end up destroying segmentation, warns Moore.  But it's a vendor and user challenge.  Firewall vendors make promises: If organizations buy their box, they'll protect them. But users find the firewall restrictions annoying and devise "squirrely ways" to bypass the feature.  "They're like, 'Well, this firewall is still here,' not realizing the firewall no longer matters when you're going around it," he says.   And those firewalls may not be sufficient in the first place. Firewall vendors have been "failing pretty hard lately," warns Moore.  "Firewalls that are most commonly used for segmentation have also been the ones most commonly exploited in the last three years: Palo Alto, Fortinet, etc. are seen in the news repeatedly," he says. "Firewalls are the first step into the organization and it's not good when it fails." Related:ServiceNow Buys Armis for $7.75B, Boosts 'AI Control Tower' It’s Not A One-Time Project Segmentation may have issues, but it can still be beneficial if implemented, monitored, and managed effectively. It is one of the few things in OT with real evidence behind it, says James Winebrenner, CEO of Elisity.  "Segmentation as a one-time project – the diagram you drew in a workshop two years ago and filed – is exactly what's leading to the gaps because the network it described stopped being true the week after you saved it," Winebrenner tells Dark Reading. "A segmentation diagram is a snapshot, and attackers don’t operate against snapshots, they operate against the network you actually have today." In April, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory, Adapting Zero Trust Principles to Operational Technology, which emphasized how network segmentation is "one of the most foundational and effective security controls in OT environments"; and how it goes hand-in-hand with zero trust principles. But CISA also warned that organizations can't just lift IT zero trust into OT which has legacy machines, can't afford downtime, and has software restrictions.  Winebrenner echoed the guidance, which he says emphasized how "segmentation alone isn't foolproof." Instead, he urged organizations to treat segmentation as something they operate, rather than something they install. The security that works on a plant floor is one that rechecks policy. He referred to CISA's guide, which advised an enforceable policy over a "one-time architectural decision."  Segmentation is Overused Part of it boils down to an economics problem. Organizations can't afford to pay for each factory equipment or ventilation system to have its own network switchboard. Not only is it unfeasible, but many devices still need to communicate with each other, explains Moore.  With so much legacy equipment on factory floors and power plants that can't receive patches and vendor updates, it's also unclear what they're allowed to filter or segment off.  "A lot of folks say: 'Ok, we'll put it all in one box and walk away and hope it's okay,'" he says. One of the most vital points to remember in OT is that these connections don’t work only one way, warns Moore. For example, segmentation doesn't provide protection from a compromised customer using the same VPN as the organization. He recommends that organizations scan endpoint detection and response logs and find points that have an unrecognizable IP address and determine why they're connected.  "The hard thing about segmentation is that folks tend to overuse it," he says. "You have a bunch of equipment that you don't want attackers to get to, you put it into a segmented network, but you put it all on the same segmented network. Then, all it takes is one of those systems getting hacked." About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, providing context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. Her coverage areas include identity and access management, cyber risk and operations, industrial control systems, operational technology, and ransomware trends.     She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at TechTarget SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Advanced Persistent Threats: A Practical Guide to Detection and Response The Frontier AI Era: Why Cybersecurity Must Move at Machine Speed Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar More Webinars You May Also Like CYBERSECURITY OPERATIONS Hand CVE Over to the Private Sector by Brian Martin JAN 27, 2026 CYBERSECURITY OPERATIONS China Imposes One-Hour Reporting Rule for Major Cyber Incidents by Robert Lemos, Contributing Writer OCT 01, 2025 CYBERSECURITY OPERATIONS CISA, FBI, NSA Warn of Chinese 'Global Espionage System' by Alexander Culafi AUG 28, 2025 CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 Latest Articles in DR Technology CYBER RISK Bugcrowd Launches EU Data Residency Option For Evolving Data Sovereignty Needs JUN 4, 2026 APPLICATION SECURITY For Enterprises, Security Remains Agentic AI's Biggest Challenge MAY 26, 2026 REMOTE WORKFORCE Akamai Joins Growing Chorus of Vendors Betting Big on Secure Enterprise Browsers MAY 22, 2026 CYBER RISK What It'll Take to Make AI BOMs Usable in a Modern Security Program MAY 19, 2026 Read More DR Technology LOADING...
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    Jun 11, 2026
    Archived
    Jun 11, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗