Your IT team manages firewalls, patches and antivirus software with the precision of a Swiss watch. But on the factory floor, a 2003 PLC that has never seen an update is running on a Windows XP system for which there is no longer a patch. This is not a hypothetical scenario; it is the reality at many Flemish manufacturing companies. The difference between IT and OT security is fundamental, and those who don’t understand that distinction are leaving the back door of their production environment wide open.
The manufacturing industry is one of the most targeted sectors for cyber attacks. In the first quarter of 2025, Belgian organizations suffered an average of 1,925 attacks per week, up 29% from the previous year. Software vendors and suppliers even faced an average of 2,868 attacks per week. According to the Acronis Cyberthreats Report, 15% of all ransomware attacks in Q1 2025 targeted the manufacturing industry. And with NIS2 legislation in effect in Belgium since October 2024, securing operational technology is no longer a choice, but a legal requirement.
What is the difference between IT and OT security?
To understand why your existing cybersecurity approach is failing on the factory floor, you must first know the fundamental difference between IT and OT.
IT (Information Technology) includes everything to do with processing, storing and transporting data: servers, laptops, cloud applications and e-mail systems. Hardware is replaced every three to five years and runs on standardized operating systems.
OT (Operational Technology) includes the hardware and software that control physical processes. Think PLCs (Programmable Logic Controllers), SCADA systems, HMI screens, sensors and robotic arms. These systems control your production line, monitor temperatures, regulate pressure and monitor safety limits. The big difference? OT equipment lasts fifteen to thirty years. Machines installed in 2000 are still at the heart of many production processes today.
| Feature | IT | OT |
|---|---|---|
| Purpose | Process and communicate data | Controlling physical processes |
| Lifetime | 3-5 years | 15-30 years |
| Protocols | TCP/IP, HTTP, SSH | Modbus, Profinet, DNP3 |
| Updates | Regularly, often automatically | Rarely, requires OEM approval |
| Users | Office workers, IT administrators | Operators, technicians, engineers |
| Connectivity | Always connected to the Internet | Historically isolated, now increasingly connected |
Availability first: why OT has other priorities
The most fundamental difference between IT and OT security is in what is most important to protect. In the IT world, we know the CIA triad: Confidentiality, Integrity and Availability. Confidentiality comes first: if customer data is out on the street, the damage is enormous.
On the factory floor, that order is completely reversed. Availability is the absolute priority. An unplanned production stop not only costs money (thousands of dollars per hour at some companies), but can also lead to physical safety risks. A chemical reactor that suddenly stops, a cooling system that fails or a safety mechanism that becomes unresponsive: the consequences are potentially catastrophic.
Specifically, an IT administrator can immediately reboot or isolate an infected server. An OT operator can’t just do that without first evaluating whether shutting down the system won’t cause an explosion hazard, machine failure or production damage. That tension between digital security and operational continuity is the central theme in industrial cybersecurity.
Three reasons why traditional IT security fails in OT environments
1. The patch dilemma
Patch management is the cornerstone of IT security: vulnerabilities are closed by regular software updates. On the factory floor, this is a nightmare. Industrial systems often run 24/7, and every second of downtime costs money. Moreover, updates to industrial software require extensive testing and certification by the manufacturer to ensure warranty and security.
The result? Vulnerabilities that remain open for months or even years because the risk of the patch (downtime or instability) is deemed greater than the risk of a cyber attack. And many OT devices run on outdated operating systems for which patches simply no longer exist. Traditional endpoint security (antivirus) often cannot be installed because of limited computing power or the risk that the software will interfere with real-time performance.
2. Unknown protocols and network blindness
Your firewalls and Intrusion Detection Systems (IDS) are trained on IT traffic: HTTP, FTP, SMTP. They have no knowledge of industrial protocols such as Modbus, DNP3 or Profinet. An attacker sending a command via such an industrial protocol to stop a pump or change a temperature limit is often seen as legitimate traffic by a standard IT firewall. Your traditional security tools are literally blind to the most dangerous attacks on your production environment.
3. Active scanning can be disastrous
In the IT world, it is common practice to regularly scan networks for vulnerabilities with active scanning tools. On the plant floor, this can have disastrous consequences. Older PLCs and network cards can crash when bombarded with unexpected packets, leading to an immediate production shutdown. OT environments require passive monitoring that only “listens” to network traffic without disrupting operations. This is exactly why a specialized cybersecurity audit for OT environments is essential: a standard vulnerability scan can do more damage than prevent.
The IT-OT convergence: new opportunities, new risks
The historical separation between IT and OT, the so-called “air gap,” is gone for good. Industry 4.0, the Industrial Internet of Things (IIoT) and the need for real-time data analytics have made manufacturing environments increasingly connected to office networks and the Internet. This provides enormous benefits for efficiency and insight, but at the same time opens the door to risks that were unthinkable a decade ago.
A compromised laptop in the office could be the springboard for taking down an entire factory by 2026. Ransomware no longer focuses only on encrypting files, but increasingly on the availability of production processes. Attackers know that the pressure to pay is much higher when a factory loses hundreds of thousands of dollars in revenue per hour due to downtime.
Moreover, we are increasingly seeing attacks that manipulate the integrity of processes: subtly altering mixing ratios in a pharmaceutical process or temperature settings in a refrigeration system. This can lead to unusable products or dangerous situations without being immediately noticed.
The supply chain as a weak link
No company operates in isolation. The supply chain has become one of the most critical attack vectors. Hackers are targeting suppliers of industrial components or remote maintenance parties who connect to plant networks via remote access. If security fails at a supplier, it directly impacts your digital resilience. This is precisely why NIS2 explicitly addresses supply chain security: you are partly responsible for the security of your supply chain partners.
NIS2 and the manufacturing industry: what you need to know
The days of non-committal cybersecurity in industry are over. Belgium was one of the first EU member states to transpose the NIS2 directive into national law (Law of April 26, 2024), with the Center for Cybersecurity Belgium (CCB) as the competent authority for enforcement.
The scope of NIS2 is significantly broader than that of its predecessor. In addition to critical infrastructure such as energy and transportation, sectors such as chemicals, food, waste management and the manufacturing industry are now covered. Specifically, that means OT environments are now also explicitly covered by NIS2 obligations. You must investigate the security risks of your operational technology, and report incidents.
Key deadlines for Belgian companies:
- By April 18, 2026: submit self-assessment of CyberFundamentals (CyFun) level Basic or Important to the CCB, or submit your ISO 27001 policy
- By April 18, 2027: compliance progress report
The personal liability of directors makes it all the more urgent: executives must attend mandatory training and can be held responsible for cybersecurity failures. Fines for non-compliance can amount to 10 million euros or 2% of annual turnover.
Bridging the culture gap
Beyond all the technical challenges, there is one factor that is at least as important: the culture gap between IT and OT teams. IT professionals talk about data integrity and encryption. OT engineers talk about cycle times, security margins and physical output. They often report to different departments and have different priorities.
An effective OT security strategy begins by bringing these two worlds together. This requires not only technical knowledge of both domains, but also the ability to speak a common language. It is exactly that translation, from technical complexity to understandable communication, that makes the difference between a security plan that ends up in the drawer and one that is actually implemented.
Here’s how to protect your production environment: five practical steps
- Map your OT environment. You can’t protect what you don’t know. Inventory all industrial systems, their software versions, network connections and communication protocols. Many companies discover devices they didn’t know existed during such an inventory.
- Have a specialized OT audit performed. A standard IT audit misses the nuances of operational technology. Choose a partner who understands that active scanning is not an option and deploys passive monitoring to identify vulnerabilities without disrupting your production.
- Segment your network. Make sure your office network and production environment are not directly connected. A compromised office endpoint should never have direct access to your PLCs and SCADA systems.
- Establish an OT-specific incident response plan. An incident response plan for OT environments is fundamentally different from an IT plan. It must take into account physical security risks, the impact on production continuity and specific lines of communication with operators on the shop floor.
- Train your employees. The human factor remains the first line of defense. Make sure both IT administrators and OT engineers understand how their actions affect the other, and that phishing awareness does not stop at the office door.
Frequently asked questions about IT versus OT security
What exactly is OT security?
OT security is the protection of operational technology: the hardware and software that control physical processes in factories, power plants and manufacturing facilities. It includes securing PLCs, SCADA systems, HMI displays and industrial networks against cyber attacks and unauthorized access.
Why can’t I just extend my existing IT security to the factory floor?
Because OT environments have fundamentally different priorities, protocols and life cycles than IT. Traditional security tools such as antivirus software and active vulnerability scanners can crash OT equipment or are blind to industrial protocols. A specialized approach is necessary.
Is my manufacturing company covered by NIS2?
Probably so. The NIS2 directive has been in effect in Belgium since Oct. 18, 2024, and now includes the manufacturing industry. If your company has more than 50 employees or an annual turnover above 10 million euros, chances are you will be classified as a “significant entity.” The CCB offers a self-assessment tool to check this.
How do I start securing my OT environment?
Start with an inventory of all OT equipment and their network connections. Then have a specialized cybersecurity audit performed by experts experienced in industrial environments. Based on the results, create a prioritized list of measures tailored to your specific risk profile and NIS2 requirements.
Can I get a grant for OT security investments?
Yes. Through the VLAIO SME Portfolio, Flemish SMEs can receive up to a 45% subsidy on cybersecurity consulting services with an approved service provider. In addition, the Cybersecurity Improvement Trajectories offer up to 50% subsidy on trajectories from 7,100 to 39,900 euros. This makes professional OT security accessible to smaller manufacturing companies as well.
Your production environment deserves specialized protection
Securing an industrial environment requires a partner who understands both the technical complexity of OT systems and the operational realities of the factory floor. Cyberplan combines the two: a team of 22 certified experts (OSCP, CISSP, CEH, CISM) that vets your IT and OT environment without disrupting your production, and translates the results into a concrete roadmap with priorities.
As a recognized VLAIO service provider, your investments are eligible for subsidies through the SME portfolio (up to 45% for small companies, 35% for medium-sized ones). This keeps high-quality OT security accessible, even for manufacturing companies that do not have their own security team.
Schedule a free consultation and find out how to protect your production environment from today’s threats while meeting tomorrow’s NIS2 requirements.
