As IT/OT convergence accelerates, industrial control systems face unprecedented cybersecurity threats. This guide covers everything from the Purdue Model to IEC 62443, providing a complete OT security roadmap for manufacturers.
The cybersecurity challenges of OT (Operational Technology) and ICS (Industrial Control Systems) environments are fundamentally different from those of traditional IT environments. In the IT world, security priorities follow the CIA triad: Confidentiality, Integrity, Availability. In the OT world, this order is completely reversed: availability is always the top priority, and any security measure that could halt production or cause equipment anomalies may be rejected outright.
Equipment in OT environments — such as PLCs (Programmable Logic Controllers), RTUs (Remote Terminal Units), and HMIs (Human-Machine Interfaces) — typically has the following characteristics: designed for service lifespans of 15–30 years, cannot be easily taken offline for updates, uses proprietary industrial protocols, and has limited computing resources that make it difficult to support traditional security agents.
Taiwan, as a global manufacturing powerhouse with a large concentration of semiconductor, electronics, and precision machinery facilities, becomes a high-value target for nation-state APT groups. An attack on these facilities affects not just the enterprise itself but can cause serious disruption to global supply chains.
In the past, OT networks relied on "air gapping" for security — physical isolation from external networks. But the drive toward smart manufacturing, Industry 4.0, and the explosion of remote monitoring needs following COVID-19 are rapidly eroding this last line of defense.
Key risks from IT/OT convergence:
The 2021 Colonial Pipeline ransomware attack is a textbook example of attackers breaching from the IT side and forcing the company to proactively shut down OT pipelines. Taiwan also saw several attacks targeting semiconductor manufacturer OT networks between 2022 and 2023, some of which were classified and never publicly reported.
The Purdue Model (Purdue Enterprise Reference Architecture, PERA) is the standard reference framework for IT/OT network layered design, dividing industrial networks into six layers from Level 0 to Level 5:
Physical devices such as sensors, actuators, motors, and valves that directly control production processes. No software agents can be installed at this layer.
PLCs and RTUs that directly control Level 0 devices using industrial protocols such as Modbus, DNP3, and PROFINET.
HMIs and SCADA workstations where operators monitor and control production processes.
MES (Manufacturing Execution Systems) and plant data historians that bridge upper IT and lower OT layers.
ERP, email, and Internet access. A strict DMZ firewall separation should be established between this layer and the OT layers.
It is recommended to deploy a dedicated industrial firewall (NGFW) between Level 3 and Level 4 to form a strict IT/OT isolation boundary, along with a Jump Host to manage cross-layer access requests.
The proprietary protocols used by industrial control systems were designed with no security considerations whatsoever. Understanding the weaknesses of these protocols is the foundation for developing protection strategies:
Designed in 1979 with no authentication or encryption. Anyone who can connect to a Modbus device can read all registers and even write control commands directly. NGFWs can use DPI to identify and restrict access to Modbus Function Codes.
Widely used in electric power and water treatment facilities. Slightly improved over Modbus, but the base version still lacks authentication. Secure Authentication v5 (SAv5) offers improvements, but deployment rates remain low.
Modern industrial protocol standard with built-in TLS encryption and X.509 certificate authentication. Currently the most secure industrial communication protocol, though misconfiguration (e.g., accepting arbitrary certificates) can still introduce vulnerabilities.
IEC 62443 is an international cybersecurity standard series for Industrial Automation and Control Systems (IACS), divided into four main parts covering a complete framework from organizational policy to device technical requirements:
Taiwan's government and major manufacturing conglomerates are progressively requiring suppliers to provide IEC 62443-related certifications. Organizations can commission professional security consultants to conduct an IEC 62443 Gap Analysis and develop a compliance roadmap.
SEMI E187 is a cybersecurity specification developed specifically for semiconductor manufacturing equipment (such as wafer tools) that came into effect in 2022. The standard makes explicit requirements of semiconductor equipment vendors, including:
Taiwan's semiconductor fabs (including wafer foundries and their supply chains) are actively pushing equipment vendors toward SEMI E187 compliance. Organizations can commission professional security consultants to conduct SEMI E187 compliance assessments to identify gaps and recommend specific improvements.
Deploy OT asset discovery tools to build a complete device inventory and network topology map. Use passive traffic monitoring to identify all industrial protocol communications. This phase is observation only — no blocking actions are taken to avoid impacting production.
Build a layered network architecture according to the Purdue Model, deploy an NGFW at the IT/OT boundary, enable industrial protocol DPI (Deep Packet Inspection), and configure Allowlist policies. Implement in batches, starting with non-critical production lines.
Establish an OT Security Operations Center (OT-SOC) or integrate with an existing SOC, develop OT-specific incident response procedures, conduct regular OT security drills, and continuously update industrial threat intelligence.
Contact a professional security consultant for a tailored OT security assessment for your organization.