Securing OT/IT Convergence: How Indian Manufacturers Can Protect Industrial Networks with FortiGate NGFW

  • Home
  • Securing OT/IT Convergence: How Indian Manufacturers Can Protect Industrial Networks with FortiGate NGFW
Securing OT/IT Convergence: How Indian Manufacturers Can Protect Industrial Networks with FortiGate NGFW
Securing OT/IT Convergence: How Indian Manufacturers Can Protect Industrial Networks with FortiGate NGFW
Securing OT/IT Convergence: How Indian Manufacturers Can Protect Industrial Networks with FortiGate NGFW
Securing OT/IT Convergence: How Indian Manufacturers Can Protect Industrial Networks with FortiGate NGFW
Securing OT/IT Convergence: How Indian Manufacturers Can Protect Industrial Networks with FortiGate NGFW

India’s manufacturing sector is undergoing a digital transformation at an unprecedented pace. Smart factories, Industry 4.0 initiatives, and government programs like Make in India and PLI schemes are driving deep integration between Operational Technology (OT) and Information Technology (IT) networks. But this convergence opens a new and dangerous attack surface — one that most enterprise security teams are dangerously unprepared for.

Cybercriminals and nation-state actors have noticed. Attacks on industrial control systems (ICS), SCADA environments, and manufacturing execution systems (MES) have increased significantly across Asia-Pacific, with Indian facilities increasingly in the crosshairs. The consequences are no longer theoretical: production halts, ransomware targeting PLCs, and data theft from engineering systems are live threats today.

Why OT/IT Convergence Creates New Security Risks

Traditionally, OT networks — the systems that run machinery, sensors, and industrial processes — were physically isolated (“air-gapped”) from corporate IT networks. That isolation was itself a security control. As factories connect production floors to ERP systems, cloud dashboards, and remote monitoring platforms, that wall disappears.

The result is a hybrid environment with fundamentally different security requirements on each side:

  • IT networks prioritise Confidentiality, Integrity, and Availability (CIA) — in that order. Patching is routine.
  • OT networks prioritise Availability above all. Downtime means lost production. Systems often run unsupported operating systems (Windows XP, legacy PLCs) that cannot be patched without halting the line.
  • Protocols differ drastically: OT runs Modbus, DNP3, PROFINET, EtherNet/IP — protocols designed for reliability, not security. They lack encryption or authentication by design.

When IT threats reach OT environments, the playbook breaks down entirely. Standard endpoint detection agents cannot run on PLCs. Standard patch cycles are impossible. And the blast radius of a successful attack — a production line shutdown, a safety system compromise — is orders of magnitude more severe than a typical IT breach.

The Indian Manufacturing Threat Landscape in 2025–26

Several threat patterns are actively targeting Indian industrial environments:

1. Ransomware Pivoting from IT to OT

Ransomware operators increasingly use IT network access as a pivot point to reach OT systems. Once inside the corporate network, threat actors move laterally — targeting historian servers, SCADA interfaces, and engineering workstations. Even if the ransomware cannot encrypt the PLC itself, it can encrypt the Windows-based HMI that operators use to control it, effectively shutting down production.

2. Supply Chain and Remote Access Abuse

Industrial vendors, integrators, and OEM support teams routinely require remote access to production systems for maintenance. This remote access — often via poorly secured VPN tunnels or even direct RDP — has become a favoured entry point. Attackers compromise the vendor first, then use legitimate credentials to reach the industrial environment.

3. Espionage Targeting Engineering IP

Advanced persistent threat (APT) groups — particularly those with state backing — target Indian manufacturers for engineering drawings, product specifications, and process recipes. Sectors including defence, aerospace, pharmaceuticals, and semiconductors are high-value targets. The objective is not disruption but long-term, quiet exfiltration.

4. Legacy Protocol Exploitation

Unencrypted industrial protocols like Modbus TCP and older PROFINET implementations can be eavesdropped or injected with malicious commands by any attacker with network access. With IT/OT convergence, what was once inaccessible from the internet is now reachable from a compromised laptop on the corporate Wi-Fi.

A Practical Security Architecture for Converged OT/IT Environments

The good news: securing converged environments is achievable with the right architecture. Here is a proven framework that PJ Networks recommends and deploys for Indian manufacturing clients.

Step 1: Establish a Purdue Model Segmentation with FortiGate NGFW

The Purdue Enterprise Reference Architecture (PERA) defines network zones from the corporate (Level 4–5) down to the field device layer (Level 0–1). A properly configured FortiGate Next-Generation Firewall at the IT/OT boundary enforces:

  • Strict zone-based firewall policies — default deny between IT and OT segments
  • Industrial protocol deep packet inspection (DPI) for Modbus, DNP3, and EtherNet/IP — blocking malformed or out-of-spec commands
  • Application control policies that whitelist only the specific vendor applications that need to cross the boundary
  • Encrypted tunnels (IPsec/SSL VPN) for any remote access, replacing plain RDP or Telnet

Step 2: Implement Zero Trust Network Access (ZTNA) for Remote Vendor Access

Replace legacy VPN-based remote access with FortiGate ZTNA. Under ZTNA, every remote session is verified against identity, device posture, and time-of-access policies — before any connection is granted. Vendor engineers get access only to the specific machines they need, only during approved maintenance windows.

Key benefit: Even if a vendor’s laptop is compromised, the attacker cannot move laterally beyond the specific asset the vendor was permitted to access.

Step 3: Deploy OT-Aware Continuous Monitoring

Standard SIEM tools are IT-centric — they do not understand industrial protocols or OT device behaviour baselines. An effective OT security programme requires:

  • Passive OT network monitoring using tools like Fortinet’s OT-aware sensors that inventory assets and detect anomalous command sequences without disrupting production
  • Integration with the SOC — OT alerts must flow into the same Security Operations Centre that handles IT threats, with analysts trained on industrial threat indicators
  • Behavioural baselines — knowing what “normal” looks like for a specific PLC or historian server, so deviations trigger alerts

Step 4: Harden Remote Access and Privileged Accounts

  • Enforce MFA for all remote access into OT environments — no exceptions
  • Implement Privileged Access Workstations (PAWs) for engineering and OT administration tasks
  • Audit and rotate all shared service accounts used by industrial software
  • Enable session recording for all privileged OT sessions — a forensic requirement and deterrent

Step 5: Patch What You Can, Compensate for What You Cannot

Many OT devices simply cannot be patched without a production window that occurs quarterly or annually. A compensating controls strategy is essential:

  • Virtual patching via FortiGate IPS signatures — the firewall can block exploitation attempts targeting known vulnerabilities in unpatched legacy systems
  • Micro-segmentation around critical unpatched assets, limiting the protocols and sources that can reach them
  • Documented risk acceptance with compensating controls, aligned with your CISO and risk register

CERT-In and DPDP Act Compliance in OT Environments

Indian manufacturers must now factor two major regulatory frameworks into their OT security posture:

CERT-In 6-Hour Reporting

The CERT-In directive requires reporting of cyber incidents — including ransomware attacks and unauthorised access — within six hours of detection. For OT environments, this creates a specific challenge: detection capability must be in place before an incident occurs. Manufacturers relying on operators to “notice something wrong” will miss the six-hour window. A 24/7 managed SOC with OT visibility is the only reliable way to meet this requirement.

DPDP Act Considerations

The Digital Personal Data Protection (DPDP) Act applies when OT systems process personal data — for example, employee biometric access systems integrated with production floor entry, or customer-linked order management systems connected to manufacturing execution. Conduct a data mapping exercise to identify personal data flows into and through OT-adjacent systems, and apply appropriate access controls and logging.

Key Metrics: What Good Looks Like

How do you know if your OT security programme is working? Track these indicators:

  • Mean Time to Detect (MTTD) in OT: Target under 4 hours for anomalous lateral movement from IT zones
  • IT-to-OT firewall policy coverage: 100% of cross-zone traffic should match an explicit allow rule — zero reliance on default-permit
  • Patch lag for IT-connected OT assets: Critical patches applied within 30 days; virtual patching in place for those that cannot be patched
  • Remote access session accountability: 100% of vendor remote sessions recorded and tied to a specific change request or maintenance ticket
  • SOC alert fidelity: OT-specific alerts escalated with correct context — not lumped into generic IT alert queues

Common Mistakes Indian Manufacturers Make

In our experience deploying OT security programmes for Indian industrial clients, these are the most frequent pitfalls:

  1. Treating OT as “just another VLAN”: Putting OT on a separate VLAN without proper zone-based firewalling and industrial protocol inspection provides only weak isolation.
  2. IT-first security tools applied to OT: Deploying endpoint agents on engineering workstations without considering OEM support impact; running vulnerability scanners that crash fragile OT devices.
  3. No tabletop exercises for OT scenarios: Incident response plans that cover IT ransomware but have no tested procedure for a production-floor shutdown scenario.
  4. Vendor access left always-on: Permanent VPN tunnels for vendors that are supposed to only connect quarterly — attackers use these tunnels when the vendor isn’t watching.
  5. Assuming air-gap where none exists: Believing the OT network is isolated when engineers have quietly added Wi-Fi access points or USB-based historians over the years.

How PJ Networks Secures Indian Manufacturing Environments

PJ Networks brings deep Fortinet expertise and a proven OT/IT convergence security methodology to Indian manufacturers. Our managed security service for industrial environments includes:

  • FortiGate NGFW deployment and tuning at IT/OT boundaries, with industrial protocol DPI configured for your specific protocols (Modbus, EtherNet/IP, PROFINET)
  • ZTNA implementation replacing legacy VPN for all remote vendor access — with session recording and time-limited access windows
  • 24/7 NOC/SOC coverage with analysts trained on OT threat patterns, integrated with OT monitoring sensors for end-to-end visibility
  • CERT-In incident response retainer — ensuring you can meet the 6-hour reporting requirement with pre-agreed escalation paths and report templates
  • OT asset discovery and risk assessment — mapping every device on your production network and scoring it against known vulnerabilities
  • FortiMail email security — because phishing targeting engineering staff remains the most common initial access vector into industrial environments

We work with manufacturers across automotive, pharmaceuticals, chemicals, food processing, and electronics sectors — helping them mature their OT security posture without disrupting production.

Getting Started: Your 90-Day OT Security Roadmap

If you are starting from scratch, a pragmatic 90-day roadmap looks like this:

Days 1–30: Visibility

  • Deploy passive OT network discovery to inventory all assets on the production floor network
  • Audit all remote access paths into OT — shut down any that cannot be accounted for
  • Confirm IT/OT segmentation is enforced at the firewall (not just the switch)

Days 31–60: Control

  • Implement ZTNA for all vendor remote access
  • Deploy FortiGate industrial protocol DPI on IT/OT boundary
  • Integrate OT monitoring alerts into your SOC (internal or managed)

Days 61–90: Response

  • Conduct a tabletop exercise simulating ransomware pivoting from IT to OT
  • Document your CERT-In incident reporting procedure for OT events
  • Establish a virtual patching policy for unpatched legacy OT assets

Conclusion

OT/IT convergence is not slowing down — if anything, the pace is accelerating as Indian manufacturers chase digital transformation goals. The security gap this creates is real, measurable, and actively exploited. But with the right architecture — anchored by FortiGate NGFW at the IT/OT boundary, ZTNA for remote access, and a 24/7 SOC with OT visibility — Indian manufacturers can move fast without creating the kind of exposure that ends careers and halts production lines.

The question is not whether to secure your converged OT/IT environment — it is whether you will do it before or after an incident forces the issue.

PJ Networks helps Indian manufacturers build and operate mature OT security programmes. Contact us to schedule an OT risk assessment or to discuss a managed security engagement tailored to your production environment.

Leave a Reply

Your email address will not be published. Required fields are marked *