OT/ICS Cybersecurity for Indian Manufacturing: Protecting Production Lines from Cyber Threats

• 29 June, 2026
• No Comments

India’s manufacturing sector is undergoing a profound digital transformation. From automotive plants in Pune to pharmaceutical facilities in Hyderabad and steel mills in Odisha, industrial operations increasingly rely on networked Operational Technology (OT) — programmable logic controllers (PLCs), SCADA systems, Distributed Control Systems (DCS), and Industrial Internet of Things (IIoT) devices. This convergence of IT and OT has delivered remarkable efficiency gains. It has also opened a vast and largely undefended attack surface.

In the past three years, cyberattacks targeting industrial control systems (ICS) globally have increased at an alarming rate. Ransomware gangs that once focused exclusively on IT networks have pivoted to OT environments, knowing that a production line shutdown creates immediate, quantifiable pain — and a far higher likelihood that victims pay. For Indian enterprises, the threat is no longer hypothetical. It is operational.

Why OT/ICS Environments Are Especially Vulnerable

Traditional IT security practices do not map cleanly onto OT environments. Several structural factors create persistent exposure:

• Legacy equipment with no security design: Many PLCs, HMIs (Human Machine Interfaces), and SCADA servers run on Windows XP, Windows 7, or proprietary embedded operating systems that cannot be patched or updated without shutting down production. Vendors may no longer provide security updates.
• Uptime above all else: In manufacturing, availability is paramount. A steel furnace, a pharmaceutical batch reactor, or an automotive assembly line cannot simply be rebooted for a patch cycle. This culture creates years-long gaps between security updates.
• IT/OT network convergence without proper segmentation: When ERP systems, MES (Manufacturing Execution Systems), and the shop floor are all connected for efficiency, a compromise in the corporate IT network can pivot directly into the OT environment.
• Remote access sprawl: During and after COVID-19, many manufacturers enabled remote access for engineers and OEM vendors — often using VPNs with broad access, or even direct RDP exposure — without revisiting those configurations.
• Lack of OT-specific visibility: Most SIEM and SOC tools are built for IT. They do not understand Modbus, DNP3, EtherNet/IP, or Profinet protocols. Without protocol-aware monitoring, attacks on OT networks go undetected for weeks or months.

The Threat Landscape: What Attackers Are Actually Doing

Understanding the attack patterns targeting ICS/OT environments helps prioritise defences. Threat actors use several well-documented approaches:

Ransomware with OT Awareness

Modern ransomware operators conduct reconnaissance before deploying payloads. They deliberately target historian servers, engineering workstations, and HMI systems — knowing that encrypting these assets stops production. In several documented incidents across Asia, attackers encrypted both IT and OT management layers simultaneously, demanding ransoms in the millions of dollars with a 48-hour deadline tied to production downtime costs.

Living-off-the-Land in OT Networks

Sophisticated threat actors — including nation-state groups targeting critical infrastructure — use legitimate OT tools (engineering software, remote desktop utilities, vendor maintenance tools) to move laterally once inside. This makes detection extremely difficult without behavioural baselining of normal OT traffic patterns.

Supply Chain Compromise via OEM Vendors

Attackers have learned to compromise the maintenance laptops and remote access credentials of OEM vendors — automation suppliers, SCADA integrators, PLC manufacturers — and use those trusted connections to enter OT environments. Once inside via a trusted vendor connection, they operate under the radar of perimeter defences.

Physical-Cyber Convergence Attacks

A growing concern is attacks designed not to steal data but to cause physical damage — manipulating setpoints on industrial processes to damage equipment, create safety incidents, or produce defective output that escapes detection. The Triton/TRISIS malware, which targeted Safety Instrumented Systems (SIS) in a Middle Eastern petrochemical plant, remains the most chilling example of this class.

The Indian Context: Why Manufacturers Here Face Elevated Risk

India’s manufacturing ambitions under the Production Linked Incentive (PLI) scheme and the “Make in India” initiative are accelerating OT deployment across sectors — pharmaceuticals, electronics, defence manufacturing, food processing, textiles, and automotive. This creates a large, fast-growing attack surface at exactly the moment when geopolitical tensions are making India’s critical infrastructure a target of interest for state-sponsored threat actors.

CERT-In’s revised directives under the Information Technology Act mandate 6-hour breach reporting for critical infrastructure operators. Manufacturers covered under this framework face not only the operational impact of an OT attack but potential regulatory consequences if they fail to detect and report incidents promptly. Without OT-specific monitoring in place, meeting the 6-hour reporting window is effectively impossible.

A Practical OT/ICS Security Framework for Indian Manufacturers

There is no single product that secures an OT environment. Effective defence requires a layered architecture built around the Purdue Model (or its modern equivalent, the ISA/IEC 62443 standard), adapted for real-world Indian manufacturing constraints.

1. Network Segmentation and the Purdue Hierarchy

The foundation of OT security is strict network segmentation. The corporate IT network (ERP, email, internet access) must be separated from the OT network (SCADA, DCS, PLCs) by a properly configured industrial demilitarised zone (iDMZ). FortiGate next-generation firewalls are particularly well-suited here: they provide deep-packet inspection for OT protocols including Modbus/TCP, DNP3, EtherNet/IP, and IEC 61850, enabling granular policy enforcement at the IT/OT boundary without impacting protocol performance.

• Level 4/3 (Enterprise/Site): Standard IT network — email, ERP, internet.
• iDMZ: Historian servers, data aggregators, jump servers for OT access.
• Level 2 (Control): SCADA/HMI systems.
• Level 1/0 (Field): PLCs, sensors, actuators, instruments.

No direct routed path should exist between Level 4 and Levels 1/0. Data flows must be mediated through the iDMZ, with unidirectional data diodes for the most sensitive production segments.

2. OT-Aware Asset Discovery and Visibility

You cannot protect what you cannot see. Many manufacturers are surprised to discover dozens of undocumented PLCs and legacy HMIs when they perform their first OT asset audit. Passive asset discovery tools — which listen to network traffic without sending probes that could destabilise sensitive equipment — build a complete inventory of OT devices, their firmware versions, and communication patterns.

This inventory becomes the foundation for vulnerability management: understanding which devices carry known CVEs, which run end-of-life firmware, and which are communicating in unexpected ways.

3. Secure Remote Access for Engineers and OEM Vendors

Replace broad-access VPNs with Zero Trust Network Access (ZTNA) principles applied to OT. Every remote connection to OT systems should be:

• Authenticated with MFA — no exceptions, including vendor accounts.
• Scoped to the minimum systems needed (not “full network access”).
• Session-recorded for forensic purposes.
• Time-limited and revoked automatically after the maintenance window.
• Monitored in real time by the SOC for anomalous commands.

4. 24/7 OT-Aware SOC Monitoring

This is perhaps the largest gap in most Indian manufacturers’ security posture: even when good perimeter controls exist, there is no one watching. Attacks on OT environments often develop slowly — reconnaissance, privilege escalation, lateral movement — over days or weeks before the payload deploys. A 24/7 SOC with OT protocol awareness and behavioural baselining can detect anomalies (an engineering workstation sending Modbus write commands it has never sent before; a PLC communicating to an internet IP for the first time) and trigger incident response before the attack reaches the production layer.

5. Incident Response Planning for OT

OT incident response is fundamentally different from IT. You cannot simply isolate and reimage a PLC — you need to coordinate with production engineering, safety teams, OEM vendors, and sometimes regulators. Every manufacturer should have a documented OT-specific IR plan that includes:

• Pre-agreed “safe-stop” procedures for each production line.
• A list of critical contacts: OEM vendor emergency lines, CERT-In reporting contacts, cyber insurance carrier.
• Offline backups of PLC ladder logic, HMI configurations, and SCADA project files.
• A communications plan for customers, regulators, and media.

6. Patching Strategy for Legacy OT Systems

Patching OT systems requires coordination with production schedules. Adopt a risk-based approach:

• Critical vulnerabilities (CVSS 9.0+) on internet-facing or iDMZ systems: patch at the next planned maintenance window, within 30 days.
• High-severity vulnerabilities on isolated OT systems: compensating controls (network segmentation, allowlisting) while scheduling patching at the next quarterly shutdown.
• End-of-life systems with no available patches: isolate aggressively, plan replacement in the capex cycle.

Fortinet’s OT Security Portfolio: Purpose-Built for Industrial Environments

Fortinet offers a comprehensive and validated OT security portfolio that addresses the unique constraints of industrial environments. Key components relevant to Indian manufacturers include:

• FortiGate Industrial Firewalls (FortiGate Rugged series): Hardened for industrial environments (wide operating temperature, DIN rail mounting, no moving parts), with native support for OT protocol deep-packet inspection.
• FortiNAC: Network Access Control for OT, providing passive device discovery, profiling, and automated policy enforcement for IT and OT assets.
• FortiSIEM with OT Integrations: Extended SIEM capabilities with OT-specific parsers, correlation rules, and threat intelligence feeds covering ICS/SCADA threat actors.
• FortiSOAR: Security Orchestration and Automated Response, enabling SOC teams to build OT-specific playbooks that coordinate IT and OT response actions.
• FortiDeceptor: Decoy OT assets (fake PLCs, fake HMIs, fake historians) that detect lateral movement inside the OT network by triggering on any interaction with the decoys.

Compliance and Regulatory Implications for Indian Manufacturers

Indian manufacturers in specific sectors face overlapping regulatory obligations that directly implicate OT security:

• CERT-In Directions (2022, amended 2024): Mandatory 6-hour incident reporting for all entities operating critical information infrastructure, including manufacturing facilities in designated sectors. Requires maintaining logs for 180 days and implementing specific technical controls.
• DPDP Act (2023): Where manufacturing operations process personal data of employees, customers, or supply-chain partners, the Digital Personal Data Protection Act imposes data security obligations that extend to OT systems handling such data.
• BIS and sectoral standards: Pharmaceutical manufacturers (under CDSCO oversight) and defence contractors (under DRDO/DDP guidelines) face additional sector-specific cybersecurity requirements.

OT Security Assessment: Where to Start

For most Indian manufacturers, the starting point is not a technology purchase — it is an honest assessment of the current state. A structured OT security assessment covers:

1. Asset inventory: What OT devices exist, what firmware versions do they run, and how are they networked?
2. Network architecture review: Does a true iDMZ exist? Are there unintended paths between IT and OT?
3. Remote access audit: Who has remote access to OT systems, via what mechanism, and are those credentials still active?
4. Vulnerability assessment: What known CVEs exist on discovered assets? (Passive scanning only — active scanning can crash OT devices.)
5. Monitoring gap analysis: Is OT traffic currently monitored? By whom, with what tools, on what schedule?
6. Incident response readiness: Does an OT-specific IR plan exist and has it been tested?

The output of this assessment becomes a prioritised remediation roadmap tied to your production schedule and risk appetite.

How PJ Networks Helps Indian Manufacturers Secure OT/ICS Environments

PJ Networks is an Indian MSSP with deep expertise in Fortinet’s security ecosystem and extensive experience designing and operating security architectures for enterprise and industrial clients across India. Our OT/ICS security practice offers:

• OT Security Assessments: Passive asset discovery, architecture review, vulnerability analysis, and a prioritised remediation roadmap — delivered without disrupting production.
• FortiGate iDMZ Design and Deployment: Properly engineered IT/OT segmentation using FortiGate NGFW, with OT protocol inspection policies configured for your specific industrial protocols.
• ZTNA for OT Remote Access: Replacing legacy VPNs with Zero Trust access controls for engineers and OEM vendors, with full session recording and SOC oversight.
• 24/7 Managed SOC with OT Monitoring: Our NOC/SOC team monitors both IT and OT environments around the clock, with playbooks tuned for industrial incident response and CERT-In reporting timelines.
• Fortinet OEM Partnership: As a Fortinet-aligned MSSP, we provide FortiGate, FortiNAC, FortiSIEM, and FortiDeceptor on managed service or rental models, reducing capex burden while ensuring enterprise-grade protection.

If your manufacturing facility has connected IT and OT environments — even partially — you are already exposed. The question is not whether an OT-targeted attack is possible. It is whether you will detect it in time to prevent a production shutdown, a safety incident, or a regulatory breach notification.

Ready to assess your OT/ICS security posture? PJ Networks offers a no-obligation OT Security Assessment for Indian manufacturers. Contact us to schedule a conversation with our industrial security team.