It’s All About the Factory Networks – Protecting Manufacturing OT Networks

So here I am – third coffee launching, keyboard warming up, eagerly looking for something to write about, and there's something that's been burning my mind for a little while now: locking down OT networks on the factory floor. I have been writing code professionally (and as a hobbiest) since the mid-80s (I used to think it was a long time, but now…) and working in security since the early ‘00s (back when I was a network admin, playing with PSTN muxes and wondering why all of the phones were ringing, and seeing what that Slammer worm did to get everyone in a tizzy), and I have seen a few things (some of them I have seen directly in the face). We have made some serious strides with PJ Networks already, with the deployment of the Fortinet Fabric to segment and secure those operational technology networks that manufacturers in particular depend on, but different animals share that jungle.

OT Security Risks: The Elephant on the Factory Floor

Here’s the problem: OT networks aren’t like regular corporate IT. These machines power equipment, manage assembly lines and keep everything humming in real time. But that means slow to patch, lots of legacy gear, and oh boy target rich. Wanna scare yourself? Remember Triton, the malware used to target safety systems at industrial facilities?!

Common OT risks:

• Old devices with poor or no encryption.
• Flat networks — once you’re in, there’s nothing to stop attackers from wandering around.
• Patch delays — no rebooting the PLC in the middle of a production cycle.
• Insufficient authentication AnОther weakness in smart card technоlogy is the lack οf suiTable authenticatiOn mechanisms.

I remember a project in which we were auditing OT stock in a large metal plant! The zone mapping revealed to me exactly how intertwined the network was — I.T. and O.T. as one giant ball of spaghetti. Not good.

Microsegmentation: The Strength That Lies in Microsegmentation

Microsegmentation is a bit like putting up walls between the rooms in your house instead of living in one big open loft. We start with the Fortinet Fabric that tears the OT network down to little zones or segments—so if even one component gets compromised, the attacker is not free to wander about.

At PJ Networks we deploy Fortinet’s Security Fabric to achieve this as it talks to everything, from FortiSwitches to FortiAP access points. These are imposed according to:

• Device roles.
• Communication needs.
• Security posture.

Microsegmentation limits the blast radius-critical in a factory where uptime is King.

AP Placement: So Much More Than Just Good Wi-Fi

On the factory floor, wireless? Sounds risky, right? But when FortiAPs are configured within the Fortinet Fabric, we can get a bit more granular control over who has access to the network and where.

Here’s a quick summary of our AP strategies:

• Industrial-grade FortiAPs strategically located to mitigate interference but cover key OT zones.
• RF profiling to detect rogues or weird chatter.
• User/Device identity to dynamically assign VLAN.

It is not just about coverage — placement controls access and observation on the edge. In the case of a recent project at an automotive parts manufacturer, the judicious AP placement nixed unauthorized access efforts before they even came close to the PLC controllers.

Authenticator Roles: Who Gets Through the Gates?

OT is a challenging beast when it comes to authentication. You can’t go throwing complex multi-factor setups in everywhere, because its not just irritating when a robotic arms loses it’s connectivity — it’s a disaster.

Here’s how we handle it:

• Leverage identity-based capabilities in the Fortinet fabric to apply device and user policies.
• RBAC designed for OT operators, engineers, and third-party vendors.
• Session tokens that expire frequently to reduce long-lived access.

And passwords? Don’t get me started. I’m annoyed by the oppressive focus on regular password changes that cause more damage than they prevent. In OT, credentials managed securely and properly with device certificates and network isolation is a whole lot more effective.

PJ Networks Services – We Do More Than Just Hold Your Hand

I began PJ Networks after recognizing that most companies regard OT security as an afterthought (hey, I’ve been there!). So we built services based on the real-world needs of the factory floor. Here’s what we have to offer:

• Full OT Inventory audits including zoning map.
• DEPLOYMENT OF FORTINET FABRIC FOR MICROSEGMENTATION — ensuring all devices behave.
• Ongoing 24/7 SOC (Security Operations Center) monitoring with specialization on OT anomalies.
• Manage firmware patching in OT devices — yep, we figure out how to do it without killing uptime.

The beauty of this approach? It’s not like setting it and forgetting it. These systems grow up with the factory, spotting new threats early.

Inspections Prevent Accidents: It's Not a Choice

Manufacturers are under an increasing number of compliance mandates—ISA/IEC 62443, the NIST standards, HIPAA (for pharma plants), you name it. It’s not all mere bureaucracy—compliance does make systems more secure.

We bake compliance checks into our processes so you don’t have to stay up all night prepping for audits. Key stuff we focus on:

• Network Segmentation Validation as per standards.
• Access logs and change monitoring audit.
• Monitoring of Firmware and patch levels.

Our customers love that, because it makes a painful activity possible to accomplish — and it keeps their insurance guys and regulators happy.

Quick Take

If you are strapped for time (and who isn’t?), here’s what we know about protecting manufacturing OT networks.

• OT devices are susceptible, frequently outdated and slow to patch.
• FortiGate Enterprise protects against attacker lateral movement with advanced microsegmentation powered by Fortinet Fabric.
• FortiAP placement is important— not only for Wi-Fi but access control and monitoring.
• This authentication must rock solid, yet tailored—overengineering kills uptime.
• PJ Networks specializes in continual monitoring, patch management and compliance – Because security is a process, not a checkbox.

Final Thoughts

Okay, I’ve gotta say, after a couple of decades freelancing in this space, I still get excited about how technology, such as Fortinet Fabric, can be impactful on factory floors. Yeah, yeah, AI-enabled this and that are buzzwords that get bounced around a little too much for my taste – like magic wang would cure years of entrenched security problems- but what are we gonna do with solid segmentation, hard authentication, and stick-and-ball monitoring? That's the real deal.

I recall when my biggest problem was a resources issue with a PSTN link dropping or the Slammer worm sucking bandwidth in seconds. Things have just gotten a lot messier — in a good way.

If you run or work for a manufacturing plant: don’t just slap up a firewall and call it a day. Think layers, microsegments, identity, and eternal vigilance. And hell, message me if you want a straight-up conversation–I’ve been there and done that and PJ Networks is specifically a specialist in this fight.

Stay safe,

Sanjay Seth
Cyber Security Consultant
P J Networks Pvt Ltd