Skip to content

Lost your way?

Play a bit while you're here!

↑ / Space / click to jump

Leaderboard

OT Cybersecurity

Industrial network protection according to IEC 62443 and NIS2

OT CYBERSECURITY — NETWORK PROTECTION DASHBOARD PROTECTED OT ZONE — IEEE 802.1X Port Authentication PKI — X.509 Device Certificates SW-OT-01 (802.1X) PLC-01 HMI-02 UNKNOWN SCADA ENG-03 IDS/IPS — INDUSTRIAL PROTOCOL MONITOR 14:32:01 BLOCK Unauthorized Modbus WRITE — PLC-414:32:07 WARN ARP spoofing attempt on VLAN 2014:32:15 INFO Modbus READ coils — authorized14:32:31 BLOCK Port scan 192.168.20.55 dropped PORT DEVICE STATUS Gi1/0/1 PLC-SIEM-01 802.1X AUTH Gi1/0/2 HMI-PANEL-02 802.1X AUTH Gi1/0/3 UNKNOWN VIOLATION Gi1/0/4 SCADA-SRV-01 802.1X AUTH Gi1/0/5 ENG-LAPTOP-03 802.1X AUTH COMMON NAME EXPIRES plc-siem-01.ot.local exp 2026-09-01 hmi-panel-02.ot.local exp 2025-12-15 scada-srv-01.ot.local exp 2027-01-10 historian.dmz.local exp 2026-06-30 eng-laptop-03.it exp 2026-11-01 COMPLIANCE & FRAMEWORK IEC 62443-3-3 Security Level 2 NIS2 Directive Compliant IEEE 802.1X NAC Enabled PKI / TLS 1.3 mTLS on OPC-UA VLAN Seg. OT / DMZ / IT Wazuh SIEM Log Correlation Attack surface reduction 90%

Service description

OT (Operational Technology) networks are increasingly frequent targets of cyber attacks: unlike IT, an incident on an industrial network can halt production, damage machinery or endanger the physical safety of operators. Althera designs and implements cybersecurity architectures specific to ICS/SCADA environments, following the IEC 62443 standard and NIS2 requirements.

We address the entire attack surface: from physical OT network segmentation with dedicated VLANs and demarcation firewalls, to 802.1X authentication on every port of industrial switches to prevent unauthorised connections. We manage internal PKI infrastructures for issuing X.509 certificates to all field devices (PLCs, HMIs, gateways), enabling mutual TLS for OPC-UA and MQTT communication.

We install and configure IDS/IPS systems specialised for industrial traffic (Modbus, PROFINET, EtherNet/IP), capable of detecting protocol anomalies, unauthorised write attempts or network scans. Everything is integrated into a SIEM that correlates OT and IT events, providing complete visibility in a single console.

Technologies used

IEC 62443 / NIS2 IEEE 802.1X + RADIUS PKI / X.509 certificates Mutual TLS on OPC-UA Industrial IDS (Claroty / Zeek) VLAN OT/DMZ/IT pfSense / OPNsense SIEM (Wazuh / Graylog)
Request information about this service

Other services

Industrial Automation

PLC, HMI and SCADA to optimise production processes

Learn more

Industrial Robotics

ABB, KUKA and Kawasaki integration for advanced automation

Learn more

Vision Systems

Custom machine vision for quality control and automation

Learn more