Brands

Hot News

How Visibility-Driven Segmentation is Redefining the OT Security Starting Line
Publish Time: 01 Apr, 2026

The Most Dangerous Thing in Your Plant Is What You Can't See

Dale Peterson, founder and program chair of S4, threw down the gauntlet at this year's S4x26 conference in Miami in February 2026 -demonstrate live industrial security in what was a first for the event. He tasked Booz Allen Hamilton to build a fully operational simulated automotive manufacturing environment with real Siemens and Rockwell Automation PLCs, a full SCADA layer running Ignition, and network segments representing a paint and assembly line. Eight security vendors were invited to solve real problems with live industrial equipment at the POC Pavilion. Cisco was one of them.

The exercise underscored a truth that too many organizations still struggle to act on: you cannot secure what you cannot see. And in most OT environments, the gap between what operators assume is on their network and what is actually communicating across it remains dangerously wide.

Complexity is the Enemy of OT Security Progress

Industrial networks were previously not designed with cybersecurity in mind. They were designed to move product, maintain uptime, and keep people safe. Most OT environments have grown organically over decades, resulting in flat architectures where a paint booth controller can freely communicate with an assembly robot across the plant-or with a compromised workstation that was never supposed to be on that segment. Lateral movement across these unsegmented networks remains a leading concern.

Yet many organizations remain stuck. The perceived cost of deploying OT security-specialized hardware, overlay architectures, and the risk of disrupting production-creates inertia. Patchwork approaches introduce their own friction, often requiring dedicated appliances and specialized staff that many do not have.

Visibility First, Then Segmentation: A Phased Approach That Works

The demonstration Cisco and Booz Allen jointly executed at S4x26 was built around a deliberately pragmatic premise: start with asset visibility, then progress into network segmentation aligned to ISA/IEC 62443 zones and conduits. No rip-and-replace. Just a methodical progression from understanding what is on the network to enforcing policies about what should be communicating with each other.

The first step was deploying Cisco Cyber Vision, which runs natively as an embedded sensor on Cisco industrial switching platforms like the Cisco IE3500 and IE9300 rugged switches as well as Rockwell's Stratix 5800 switches. Because the visibility capability lives inside the switching infrastructure itself, there is no need for additional hardware, SPAN ports, or monitoring appliances. Within the POC Pavilion environment, asset discovery began producing actionable results almost immediately- identifying every device on the simulated network, mapping communication flows between the paint and assembly lines and classifying assets by type and protocol.

That visibility then became the foundation for segmentation. Using the asset and communication map generated by Cyber Vision, the team virtually grouped devices, defining what should be considered the paint and assembly line zones-precisely the kind of lateral movement boundary that IEC 62443 prescribes but that most organizations struggle to implement. This virtual segmentation was shared in real time by Cyber Vision with Cisco Identity Services Engine (ISE), translating OT asset context into network access policies without requiring manual ACL configuration across every switch.

When Security Lives in the Network, the Cost of Starting Drops

One of the most important lessons from the S4x26 POC Pavilion was architectural, not tactical. When security capabilities like asset discovery and segmentation policy enforcement are embedded directly in the networking infrastructure-rather than layered on as a separate overlay-the cost of effort to begin addressing OT cybersecurity risk falls dramatically. There is no separate procurement cycle for monitoring appliances and no parallel management plane to learn. The same switches that move production traffic also provide security telemetry and policy enforcement at line rate, eliminating latency or jitter incurred by sending traffic up the network for a Level 3 firewall to act as the enforcement point.

For organizations at the early stages of OT security maturity, the single biggest barrier is often not budget or executive buy-in; it is the operational complexity of getting started. A standardized network architecture that delivers security as a native function of the infrastructure transforms OT security from a multi-year capital project into an achievable operational milestone.

Proving It Live: The Value of the POC Pavilion Model

The S4x26 POC Pavilion, provided by Booz Allen Hamilton, represented something the OT security community has needed; a venue where claims are tested on real equipment under real scrutiny. Booz Allen built the automotive manufacturing environment from the ground up-configuring Siemens and Rockwell Automation controllers, standing up the Ignition SCADA layer, and providing the foundational OT system on which all eight participating vendors demonstrated their solutions live.

Booz Allen's collaboration with Cisco was central to the success of the demonstration. The architecture was straightforward to stand up, the integration points were clean, and the result was an educational experience that advanced OT security understanding for everyone who visited the pavilion.

Both organizations share a conviction that the fundamentals demonstrated here-asset visibility informing zone-based segmentation-represent where every OT security journey should begin. As Tyler Heller, Industrial Control Systems & Platform Security Engineer 3 at Booz Allen Hamilton, notes, "visibility into the lower levels of the OT environment can be a challenge but gaining that visibility is fundamental to building and maintaining cybersecurity across these networks. This insight not only clarifies how assets communicate but also supports advancing OT security through macro and micro-segmentation." Additionally, ingesting the telemetry into SIEM platforms like Splunk is a second and important aspect to enabling OT security governance, with Tyler noting that this not only "strengthens enterprise-wide situational awareness" but also "connects OT insights to broader security monitoring." Finally, commenting on the successful collaboration and outcomes at the POC Pavilion Tyler notes, "we implemented these capabilities in a live environment while maintaining uptime and network stability."

Where the Journey Goes From Here

The industrial organizations that are on the right path to a more resilient OT security posture, are not necessarily the ones with the largest budgets. They are the ones that started with the right foundation: standardized infrastructure that is simple to deploy, embedded visibility providing continuous awareness of OT assets, and segmentation policies aligned to ISA/IEC 62443.

If your organization has not yet gained full visibility into your OT network-if you cannot confidently say what is communicating with what across your plant floor-the question is not whether you will face an incident. It is whether you will see it coming. The S4x26 POC Pavilion demonstrated that the tools and approach to close that gap are proven and within reach. The starting line is closer than most organizations think.

 

Ready to learn more?

  • Watch the S4x26 POC Pavilion video
  • Visit cisco.com/go/cybervision
  • Schedule One on One Demo

Subscribe to the Industrial IoT Newsletter

Follow us on LinkedIn and 

Why full-stack post-quantum cryptography cannot wait Beyond MTTR: Why the future of IT is preventative, not reactive
Cisco Cyber Vision Cisco Identity Services Engine (ISE) Cisco Industrial Ethernet Switches Cybersecurity Manufacturing Remote Access Splunk
I’d like Alerts: