Webinar Description
Key Takeaways
- Addresses the acceleration of vulnerability discovery and exploitation in operational technology environments driven by artificial intelligence capabilities
- Explores identity- and policy-based segmentation as an alternative to traditional network segmentation approaches
- Examines the practical application of ISA/IEC 62443 zones and conduits alongside the expanded Purdue Model
- Relevant to OT/ICS engineers, cybersecurity teams, and security leaders in power generation, manufacturing, refining, pipelines, and rail
- Features discussion led by OT/ICS cybersecurity expert Mike Holcomb and Roman Arutyunov, Co-Founder and CPO at Xage Security
Introduction
Industrial organisations face a shifting threat landscape as artificial intelligence tools enable attackers to discover and weaponise vulnerabilities in operational technology environments at unprecedented speed. This webinar brings together OT/ICS cybersecurity practitioners to examine how segmentation strategies must evolve to address these accelerated attack timelines while maintaining operational continuity across plants, substations, pipelines, and rail systems.
The session is designed for cybersecurity professionals and engineers responsible for protecting critical infrastructure, offering practical guidance on implementing modern segmentation without introducing the complexity that has historically made such projects difficult to sustain.
About This Event
Hosted by Xage Security, this 60-minute virtual session combines a 45-minute expert discussion with a 15-minute live question-and-answer segment. The presentation is led by Mike Holcomb, a recognised figure in OT/ICS cybersecurity, alongside Roman Arutyunov, Co-Founder and Chief Product Officer at Xage Security. Their discussion centres on defence-in-depth strategies tailored to industrial environments where availability and safety requirements constrain the security approaches that can be practically deployed.
The Challenge of AI-Accelerated Threats in Industrial Environments
The convergence of artificial intelligence with offensive cyber capabilities has compressed the timeline between vulnerability disclosure and active exploitation. For operational technology environments, this acceleration poses particular challenges. Unlike enterprise IT systems, industrial control systems often cannot be patched quickly due to availability requirements, safety certifications, and the operational impact of downtime. When attackers can identify and exploit weaknesses faster than defenders can remediate them, the traditional patch-and-protect model becomes increasingly untenable.
This dynamic has renewed focus on segmentation as a foundational control. By limiting lateral movement within industrial networks, organisations can contain incidents before they propagate across interconnected systems. However, the segmentation approaches that worked adequately in previous decades are struggling to keep pace with modern attack techniques and the expanded connectivity requirements of contemporary industrial operations.
Rethinking OT Segmentation for Modern Threat Landscapes
Traditional OT segmentation has relied heavily on network-based controls, creating zones separated by firewalls and demilitarised zones. The Purdue Model, which organises industrial networks into hierarchical levels from physical processes through enterprise systems, has served as the reference architecture for these implementations. While this model remains valuable for conceptualising industrial network architecture, its limitations become apparent when organisations attempt to accommodate modern connectivity requirements.
Third-party vendors, remote operations centres, and increasingly AI-driven analytics platforms all require access to OT environments. Providing this access through traditional virtual private networks creates broad exposure that contradicts the principle of least privilege. Each VPN connection potentially opens pathways that attackers can exploit for lateral movement once initial access is achieved.
The webinar examines how identity- and policy-based segmentation offers an alternative approach. Rather than relying solely on network topology to enforce boundaries, this model ties access permissions to verified identities and granular policies. Access decisions consider not just where a connection originates but who is requesting access, what they need to accomplish, and whether the request aligns with established operational patterns.
ISA/IEC 62443 and Practical Implementation
The ISA/IEC 62443 series of standards provides a framework for industrial cybersecurity that includes detailed guidance on zones and conduits. These standards define how to partition industrial control systems into security zones with common security requirements and how to manage the conduits that allow communication between zones. For organisations seeking to implement or improve OT segmentation, ISA/IEC 62443 offers both conceptual guidance and specific technical requirements.
However, translating these standards into operational reality presents challenges. Industrial environments are rarely greenfield deployments where ideal architectures can be implemented from scratch. Legacy systems, acquired facilities, and organic growth create complex environments where theoretical zone boundaries must accommodate practical constraints. The discussion addresses how organisations can apply ISA/IEC 62443 principles pragmatically, improving security posture incrementally without requiring wholesale infrastructure replacement.
Reducing Blast Radius Without Disrupting Operations
A central theme of the session is the concept of blast radius reduction. When a security incident occurs in an industrial environment, the consequences extend beyond data compromise to potential operational disruption, safety incidents, and physical damage. Effective segmentation limits how far an attacker can move from their initial foothold, containing the incident to a subset of systems rather than allowing it to cascade across the entire operational environment.
The challenge lies in implementing these controls without impeding legitimate operations. Industrial processes depend on reliable communication between systems, and security controls that introduce latency, complexity, or failure points can themselves become operational risks. The speakers address how modern segmentation approaches can be deployed in ways that remain transparent to normal operations while still providing meaningful security boundaries.
Who Should Attend
This session is particularly relevant for professionals working at the intersection of cybersecurity and industrial operations. OT and ICS engineers who design, maintain, or operate industrial control systems will find practical guidance applicable to their environments. Cybersecurity teams responsible for protecting industrial assets can gain insight into segmentation strategies that account for operational constraints unique to these environments.
Security leaders and executives in sectors including power generation, manufacturing, refining, pipeline operations, and rail transportation face increasing regulatory and operational pressure to demonstrate effective OT security programmes. The discussion provides context for understanding how segmentation fits within broader defence-in-depth strategies and how to evaluate approaches that balance security improvements against operational impact.
The Evolving Role of Third-Party and AI-Driven Access
Modern industrial operations increasingly depend on external connectivity. Equipment vendors require remote access for maintenance and support. Analytics platforms ingest operational data to optimise processes and predict equipment failures. AI-driven systems are beginning to play active roles in operational decision-making. Each of these use cases creates potential attack vectors that must be managed.
The webinar addresses how organisations can enable these legitimate access requirements without creating the broad network exposure that traditional remote access solutions often entail. Identity-based approaches allow organisations to grant precisely scoped access tied to specific purposes and time windows, reducing the persistent attack surface that always-on VPN connections create.
Conclusion
As artificial intelligence reshapes both offensive and defensive capabilities in cybersecurity, industrial organisations must reconsider whether their existing segmentation strategies remain adequate. This webinar offers an opportunity to learn from practitioners who have worked extensively with OT environments, providing guidance that bridges the gap between security frameworks and operational reality. For organisations responsible for critical infrastructure, the ability to contain incidents before they disrupt operations has become an essential capability rather than an aspirational goal.

