In many organizations, the digital protection of industrial equipment is still overlooked or delayed. Yet in today’s hyperconnected industrial landscape, “later” can easily turn into “too late”. A recent investigation by Soitron Group, of which Datanet Systems is a member, identified over 1,600 industrial devices in Romania directly connected to the Internet without authentication; these included UPS systems, photovoltaic panels, and industrial controllers, many running outdated or unpatched software. Such environments become easy prey for attackers leveraging artificial intelligence to detect and exploit vulnerabilities.

 

The local reality mirrors a global trend: industrial networks are becoming more interconnected, as Operational Technology (OT) systems increasingly merge with Information Technology (IT) environments, creating a complex and often fragile ecosystem. The acceleration of automation and digital transformation, the proliferation of IoT devices connected to the cloud, remote access for third parties, and the rise of Shadow IT within industrial settings are all expanding the attack surface. This convergence introduces new threat vectors that traditional industrial infrastructures were never designed to handle.

Compounding the problem are aging systems, equipment with 10–15 year lifecycles, proprietary industrial protocols, and a shortage of dedicated cybersecurity expertise. Together, these factors amplify risks, increase exposure to malware, and intensify the pressure to meet emerging compliance requirements. Against this backdrop, 92% of executives recognize the importance of a unified security approach, yet only 41% of organizations admit that their IT and OT teams still operate in isolation, according to the „Cisco 2024 State of Industrial Networking” report.

 

Datanet Systems’ solution? A Multi-Layered Digital Shield for Industrial Security

 

In industrial environments, the order of security priorities is well defined: Availability, Integrity, and Confidentiality, having this hierarchy mandatory as the foundation of any security architecture designed for operational systems.

„In these environments, security is not just about protection — it’s about business continuity. Architectures must be built for real-time performance, where every millisecond counts for fault tolerance and uptime becomes a safety objective. At the same time, they must deliver long-term stability in ecosystems where equipment often operates for more than a decade. That’s why we focus on controlled updates and compatibility with industrial protocols, ensuring every layer of security is not only effective but also aligned with real-world operational constraints”, stated Cornel Chirculete, Technical Director at Datanet Systems.

 

To meet these demands, Datanet Systems has developed a multi-layered security architecture designed to address a wide range of industrial risks.

„A layered approach delivers resilience through redundancy — each level is designed under the assumption that another could be compromised. In industrial settings, effective cybersecurity must be proactive, adaptive, and aligned with operational realities. Our goal isn’t theoretical perfection, but operational resilience in the face of constantly evolving threats. By combining strategic architectural vision with robust technical controls, we help organizations build infrastructures that withstand attacks without compromising performance or uptime”, Cornel Chirculete  continues.

 

Inside the Multi-Layered Security Framework:

1. Network Segmentation

• Implement both physical and logical segmentation (VLANs, firewalls, and technologies such as Cisco ACI to ensure consistent policy enforcement).
• Traffic between segments must pass through firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS) — acting as guardians that block lateral movement within the network.
• Network Access Control (NAC) governs device access to the OT network, with key OT-specific functions including compliance validation of industrial devices before connection, automatic VLAN segregation for OT versus IT devices, as well as virtual patching, a network-level protection mechanism that blocks the exploitation of OT vulnerabilities without altering the equipment itself — ensuring rapid protection and operational continuity.

2. Perimeter Security

• Deploy firewalls and IDS/IPS at all network boundaries.
• Allow remote access only via secure VPN connections, protected by strong multifactor authentication and guided by least-privilege access principles.

3. Internal Network Security

• Apply “perimeter-like” protections between internal segments to ensure that a compromised zone does not affect the rest of the network.
• Implement continuous monitoring of east–west traffic, not just north–south flows.

4. Host Security

• Ensure firmware authentication through trusted boot mechanisms.
• Conduct regular vulnerability scans and maintain clear remediation processes.
• Apply system hardening — disabling unused services, reducing the attack surface, and enforcing strict security policies.

5. Application and Data Security

• Use secure communication protocols across all layers.
• Implement encryption (hop-by-hop or end-to-end, depending on OT capabilities and latency requirements). The focus should remain on pragmatism and operational sustainability.

6. Physical Security

• Enforce access control for sensitive zones and equipment.
• Protect interfaces and physical ports to prevent unauthorized connections or physical tampering.

 

Cisco Industrial Threat Defense: Unified IT–OT Security for the Modern Industrial Enterprise

 

To secure today’s complex industrial environments — and ensure alignment with frameworks such as NIS2 — Datanet Systems leverages Cisco Industrial Threat Defense, the industry’s most comprehensive OT security platform. Built on a modular, pre-integrated architecture, it delivers all core capabilities required to prevent attacks, detect threats in real time, and coordinate an effective response across both IT and OT domains.

• Cisco Cyber Vision: Provides deep visibility into OT and ICS environments, enabling organizations to assess their security posture, identify vulnerabilities, and implement best-practice defenses. Key capabilities include comprehensive asset inventory and profiling, mapping of asset communications and vulnerabilities, risk scoring and baseline behavior modeling, threat detection powered by Snort and continuous threat intelligence from Cisco Talos.
• Cisco Secure Equipment Access (SEA): Delivers Zero Trust Network Access (ZTNA) purpose-built for industrial environments, ensuring secure, frictionless remote access to OT and ICS assets. The platform is scalable and easy to deploy, providing multifactor authentication (MFA) and Single Sign-On (SSO) under Zero Trust principles; asset isolation with both clientless and agent-based access options; security posture validation for remote endpoints, and session recording, monitoring, and approval workflows for full auditability.
• Cisco Identity Services Engine (ISE): Supports the implementation of zones and conduits aligned with ISA/IEC 62443 standards. ISE enforces access control to critical OT systems based on Zero Trust policies, ensuring that only verified users and systems can connect to sensitive assets.
• Cisco Secure Firewall: In combination with ISE, Secure Firewall enables macro- and micro-segmentation, creation of an Industrial Demilitarized Zone (IDMZ), and strict communication control across industrial networks. It protects both IT and OT environments from zero-day exploits and other advanced threats.
• Cisco Extended Detection and Response (XDR) și Splunk: Together, these technologies deliver integrated threat investigation and response. They provide a unified view across IT and OT domains, correlate events, detect sophisticated attacks, and orchestrate response actions across the organization’s entire security stack. Key capabilities include broad telemetry collection across network, cloud, endpoint, email, and third-party systems; cross-domain correlation with automated incident enrichment and prioritization, as well as automated and user-initiated response to block indicators of compromise using any connected technology.

„The future of industrial cybersecurity is clearly moving toward AI-driven, Zero Trust IT–OT integration. These technologies deliver the visibility, segmentation, and automated response required to protect industrial operations. As a systems integrator, Datanet helps organizations adopt these innovations securely, at scale, and in full regulatory compliance, through comprehensive consulting, implementation, and managed operations services”, continued Cornel Chirculete, Technical Director at Datanet Systems.

Datanet Systems is among the few integrators in Romania with proven expertise in projects that combine Cisco and Splunk technologies, providing end-to-end solutions for visibility, detection, and response across industrial infrastructures. A Cisco Gold Integrator for more than two decades, Datanet’s team of 100+ Cisco-certified experts embodies technical excellence and operational maturity. Since 2023, Datanet has been the first Cisco partner in Romania authorized to deliver services under the Partner Lifecycle Services – Support (PLS-Support) framework, ensuring customers receive Cisco-standard technical support and service quality. For more information, contact sales@datanets.ro.