When IoT Meets OT, how do we build resilient networks?
T and OT convergence has changed the landscape for building automation and control systems. One of the most impactful outcomes of this convergence is the rise of IoT devices. These devices track everything from HVAC performance to space usage, while automated systems manage lighting, access, and energy distribution—optimizing it all in real time.
It’s a complex web of interconnected systems that goes beyond traditional OT setups.
But this convergence also introduces potential security risks. OT networks were originally built for reliability and predictability, not for the widespread connectivity we’re seeing today. As a result, they’re under growing pressure. In this post, we’ll explore why securing IoT networks is critical—and how doing so supports the overall security of OT environments.
What Are IoT and OT Systems?
Modern building automation networks are where IT, OT, and IoT intersect—each with unique requirements and constraints.
- IT focuses on data security, integrity, and access control, using standard protocols and established practices.
- OT prioritizes uptime and safety. It relies on proprietary protocols and specialized hardware, which are often difficult to update without risking disruptions.
- IoT devices bridge the gap, but they come with their own challenges. They usually have limited processing power and must balance connectivity with battery life.
This mix creates complex dependencies that must be managed carefully to avoid cascading failures or security breaches.
Key Security Challenges in IoT and OT Systems
Bringing IoT devices into already vulnerable OT networks creates a host of security risks. Unlike traditional air-gapped OT systems, today’s networks have a much larger attack surface. Every connected device can become a potential entry point for malicious actors.
To address these risks, we need to rethink security—starting with a better understanding of IoT device limitations.
- Device Diversity and Scale
IoT devices often ship with significant security limitations that create vulnerabilities in OT environments. Default authentication credentials frequently remain unchanged during deployment (note: this is also a common problem in OT device commissioning that leads to duplication issues), creating easily exploitable access points.
Encryption capabilities may be minimal or non-existent due to computational constraints, leaving sensitive data exposed to interception and manipulation*. Security update mechanisms are often poorly implemented or absent, making it challenging to address known vulnerabilities without disrupting operations. Authentication protocols may lack the sophistication necessary for robust access control, complicating efforts to maintain security boundaries between network segments.
*Keep in mind that BACnet/IP traffic isn’t encrypted by default, so it’s a red flag for ITsec teams they must pay attention to!
- Legacy OT Systems
The range of communication protocols in modern network environments creates potential issues for data corruption. Fortunately, BACnet has become ubiquitous in modern OT networks, with most devices in North America supporting BACnet over IP networks (BACnet/IP), needing only simple routers or BBMDs to handle any protocol translation needed. This includes IoT devices, which support BACnet in most cases (be sure to check before buying!), or can be supported through BACnet/IoT gateways if needed.
IoT For All recently answered questions about integration of IoT and BACnet/IP networks with CTO and co-founder of Argentum Electronics, Sagar Jaiswal.
How Does BACnet Work with IoT? | #AskIoT | Argentum’s Sagar Jaiswal CTO and co-founder of Argentum Electronics, Sagar Jaiswal
- Increased Attack Surface
The fundamental mismatch between modern IoT security requirements and legacy OT systems creates security gaps that require careful management. Traditional OT security models, based on physical isolation and controlled access, must evolve to accommodate the dynamic nature of IoT devices while maintaining operational stability.
Looking for more? Cybersecurity firm Balbix published a detailed investigation into 12 of the top IoT security concerns and best practices you can read about here.
Practical Methods to Secure IoT and OT Systems
Network visibility in converged environments presents unique technical challenges. Traditional IT-based monitoring tools may lack the protocol awareness necessary for OT networks, while legacy OT monitoring solutions may not scale effectively to handle the volume of IoT device traffic.
- Security Shortcomings: IoT devices often have weak security built-in. Default passwords might not get changed, creating easy access. Encryption might be minimal or non-existent, leaving sensitive data vulnerable. Updates can be a nightmare, making it hard to patch vulnerabilities without disrupting things. Authentication can also be pretty basic, making it tough to secure different parts of the network.
- Protocol Problems: We’ve got a mix of legacy industrial protocols (designed for reliability, not security) and modern IoT standards. This makes security monitoring and incident response a real challenge, as each protocol needs its own approach.
- Integration Headaches: Modern IoT security needs don’t always mesh well with older OT systems. Traditional OT security, based on physical isolation, needs to adapt to the dynamic nature of IoT while still keeping things stable.
To keep up with today’s OT networks, we need advanced monitoring platforms like OptigoVN. These platforms need to give IT, facilities, and system integrators a clear view of everything happening across OT and IoT environments so things keep running smoothly.
- We need solutions that help everyone understand OT network systems and protocols, so we can analyze traffic without causing problems.
- Knowing what’s normal is key. We need to track performance across time so we can quickly spot anything unusual, and conduct effective root-cause analysis.
- Our monitoring solutions need to grow with us as we add more IoT devices.
Building a Secure Framework: Layer by Layer
Securing these converged networks needs a multi-layered approach.
- Segmentation: Separate critical OT systems from less secure IoT devices and general-purpose networks using industrial-grade firewalls. Security gateways at zone boundaries need to understand both IT and OT protocols.
- Enhanced Monitoring: Real-time monitoring for both performance and security is crucial. We need protocol-aware inspection and continuous device inventories.
- Collaboration: IT and OT teams need to work closely together, along with vendors and building automation specialists.
- Risk Management: Solid risk management strategies cover both technical and operational stuff. Regular security assessments, incident response plans, continuous monitoring, and vendor security requirements are all essential. Don’t forget collaborative training with external partners!
The Road Ahead
The convergence of IoT and OT presents a significant opportunity, but it also introduces several challenges. An approach that maintains operational needs while ensuring security is essential. Organizations need to invest in both technology and expertise to build strong security frameworks and foster collaboration.
With IoT in the OT mix, we also need better visibility than before. We need deep insights into network behavior, device performance, and security. Think real-time monitoring across the entire network, without slowing anything down. We need platforms that can bridge this gap and give us a unified view across all three domains, while still meeting the performance needs of industrial systems.
OptigoVN: A Glimpse into the Future
Next-generation monitoring solutions like OptigoVN represent the future of OT network management. These platforms provide deep packet inspection capabilities specifically designed for BACnet, enabling detailed analysis of OT communications without impacting system performance. Real-time analytics engines process vast amounts of network data, identifying potential issues before they affect operations. Users can also leverage historical data to optimize system performance and prevent unplanned downtime. Security event correlation across multiple systems enables sophisticated threat detection and response, while integration with automated workflows streamlines incident management processes.
When OT networks are the backbone of smart buildings and critical infrastructure, network visibility is essential. It ensures teams don’t just see their network—they truly understand it, enabling faster troubleshooting, stronger security, and better overall performance.
Ready to harness OptigoVN’s network monitoring to see your network better than ever? Sign up for a free OptigoVN account today or contact us to schedule a personalized demo and see how our platform can empower your team.
