Internet of Things 8 min read

Secure IIoT integration: bridging IT and OT

Industrial IoT provides production data for analytics and predictive maintenance, but it also exposes OT systems to new risks. A practical approach involves standardizing data exchange via OPC UA, building cybersecurity based on ISA/IEC 62443, and never treating any protocol as a substitute for netw

Connecting production lines to corporate networks or cloud analytics without a well-thought-out security architecture creates a direct risk for critical OT systems. The convergence of information technology (IT) and operational technology (OT) has become essential for modern manufacturing: enterprises want to monitor equipment status in real time, predict failures, and make decisions faster. However, industrial equipment often uses insecure data transmission protocols, so simply connecting the shop floor to business circuits can open the door to unauthorized interference.

Secure IIoT integration is not limited to installing a separate gateway or switching to a new protocol. It requires a combination of standardized interoperability, network segmentation, risk management, and controlled integration with corporate applications. In this context, OPC UA helps normalize and securely transmit industrial data, while the ISA/IEC 62443 series provides a methodological framework for the cybersecurity of industrial automation systems.

IT/OT convergence: security challenges for the industrial Internet of Things

In a typical industrial environment, controllers, SCADA systems, sensors of various generations, production servers, and corporate IT services operate side-by-side. Some of this equipment was designed for isolated OT networks, not for interaction with cloud platforms, remote access, or analytical services. This is why, when connected to a corporate network, insecure data exchange becomes not just a technical issue, but a management one.

A telling scenario is the integration of vibration sensors on a production line with a cloud-based analytical platform for predictive maintenance. The business goal is clear: detect anomalies earlier and plan repairs before an emergency shutdown. However, if the data collection circuit is not separated from the control circuit during architectural design, there is a risk of unauthorized access to PLC controllers. In IIoT projects, security must be embedded at the data flow design stage, not added after launch.

Scale also matters. Complex industrial facilities with thousands of connected sensors require a unified data normalization standard; otherwise, SCADA and analytical systems quickly turn into a collection of point-to-point integrations. The more formats, exceptions, and uncontrolled exchange channels exist, the harder it is to track what data is being transmitted, who has access to it, and where exactly risks arise.

OPC UA standard as a foundation for secure equipment interoperability

The OPC Foundation defines OPC Unified Architecture as a platform-independent architecture for secure and reliable interoperability in industrial systems. For an enterprise, this means that OPC UA can be viewed as a standardized exchange layer between equipment, industrial systems, and IT applications, when the goal is not just to collect signals, but to make data suitable for controlled transmission and subsequent analytics.

The practical role of OPC UA in an IIoT architecture is to reduce integration chaos. Instead of directly connecting legacy controllers to the corporate network, it is advisable to use industrial gateways or an intermediate data collection layer. Such a layer receives information within a controlled OT segment, normalizes it, and transmits it further to analytical or corporate systems via a standardized interface.

At the same time, OPC UA should not be treated as a universal defense against all threats. Switching to OPC UA does not eliminate the need for network segmentation, physical access control, firewall rules, and monitoring processes. It is an important element of secure interoperability, but it only works as part of a broader IT/OT environment protection strategy.

  • Do not connect PLCs and other critical OT assets directly to the corporate network without an intermediate secure layer.
  • Determine which data is truly needed for analytics and which should remain in the local OT circuit.
  • Use OPC UA as a layer for standardized and more secure exchange, but combine it with segmentation.
  • Verify that the integration does not create a reverse access channel from IT systems to critical controllers.

Protecting industrial systems with the ISA/IEC 62443 standard series

If OPC UA addresses interoperability and secure data exchange, the ISA/IEC 62443 series sets a broader approach to the cybersecurity of industrial automation systems. According to ISA, this series of standards covers over 20 industries where operational technologies are used. This is important for enterprises that have not only individual IIoT projects but also extensive critical infrastructure with varying levels of risk.

The practical significance of ISA/IEC 62443 lies in the transition from point-based technical solutions to a managed security program. The enterprise must identify which assets belong to OT, which exchange channels connect them to IT, where segmentation is needed, who is responsible for configuration changes, and how compliance with selected security requirements is verified. This approach is especially important where industrial data becomes part of business processes: repairs, procurement, production planning, or reporting.

A convenient way to start is to assess the maturity of the IIoT infrastructure not by the number of connected sensors, but by the quality of risk management.

Maturity levelState indicatorsPractical focus
Level 1: BasicOT networks are mostly isolated, but individual connections to IT appear without a unified architecture. Some data exchange lacks proper protection.Inventory of connections, detection of insecure data flows, prohibition of direct uncontrolled access to critical assets.
Level 2: StandardizedOPC UA or an intermediate integration layer is implemented for the normalization and more secure transmission of industrial data.Standardization of exchange, description of data flows, separation of telemetry collection from control circuits.
Level 3: ManagedNetworks are segmented, and the security program is aligned with ISA/IEC 62443 approaches for industrial automation systems.IT/OT risk management, control of exchange channels, regular review of access rights and architectural changes.
Level 4: OptimizedIndustrial data is monitored continuously, and IIoT security events are integrated with broader IT security processes.Anomaly detection, coordinated incident response, risk assessment for AI and analytical components.

The role of modern communication networks and Edge AI in IIoT development

The growing number of IIoT devices increases the requirements for stable connectivity. The Ericsson Mobility Report predicts a significant increase in the number of commercial 5G Standalone (SA) launches to ensure reliable communication. For industrial enterprises, this means that 5G SA can become an important element of future connection architectures; however, the mere presence of a modern network does not solve cybersecurity issues. Access control, segmentation, secure data exchange, and monitoring remain mandatory.

Edge AI requires special attention—the use of artificial intelligence models closer to the source of industrial data. If an enterprise uses AI to analyze anomalies, predictive maintenance, or support operator decisions, risks must be assessed not only in terms of model accuracy. The NIST Artificial Intelligence Risk Management Framework 1.0 emphasizes the need to consider the context of use, potential harm, reliability, and security of AI systems, especially when they operate in critical infrastructure.

Once the technical IIoT circuit is designed with OPC UA, segmentation, and ISA/IEC 62443 requirements in mind, industrial data can be more securely integrated with corporate processes: repair requests, approvals, change audits, or document archives. At this level, products built on the UnityBase platform from InBase can be used, such as Megapolis.DocNet for corporate document management and Scriptum for business process automation. UnityBase is a low-code full-stack JavaScript platform for enterprise applications and supports role-based security, row-level security, audit trails, work with Oracle, Microsoft SQL Server, PostgreSQL, and integration with Active Directory. This is an enterprise-level solution: it does not replace industrial protocols or OT protection, but works with data that should already arrive through a controlled intra-organizational architecture.

For custom components—analytical services, AI modules, or integration applications—it is important to involve teams that understand both software development and the risks of industrial environments. Within the Intecracy Group ecosystem, this role can be performed by Softengi, which works with custom software development, AI, and Data Analytics and holds ISO/IEC 42001:2023 certification in the field of artificial intelligence management. This is appropriate to consider as an engineering competency for specific projects, rather than as a replacement for OPC UA or ISA/IEC 62443 standards.

In conclusion, secure IIoT integration is not a one-time modernization, but an architectural discipline. OPC UA helps standardize and protect industrial data exchange, ISA/IEC 62443 sets the framework for managing OT cyber risks, and modern networks and AI components should be implemented only after assessing context, reliability, and security. This is how IT/OT convergence can support the digital transformation of manufacturing without uncontrollably expanding the attack surface.

FAQ

What are the advantages of using OPC UA for industrial network security?

OPC UA is a platform-independent architecture for secure and reliable interoperability in industrial systems. In IIoT practice, it helps standardize data exchange between equipment, industrial systems, and analytics. At the same time, OPC UA does not replace network segmentation, access control, and other OT security measures.

How does the ISA/IEC 62443 standard help protect critical infrastructure?

The ISA/IEC 62443 series provides a cybersecurity methodology for industrial automation systems and is applied in over 20 industries where OT is used. For an enterprise, this is a useful framework for risk management, segmentation, control of exchange channels, and alignment of IT and OT security processes.

What role do 5G Standalone networks play in production automation?

Ericsson predicts a significant increase in the number of commercial 5G Standalone launches to ensure reliable communication. For IIoT, this can be an important foundation for future connection scenarios, but 5G SA does not waive security architecture requirements: data, access, and OT segments still need to be controlled.

Data sources

Fact trail

Sources

Links referenced in the article.

  1. OPC Foundation: OPC Unified Architecture
  2. ISA/IEC 62443 Series of Standards
  3. NIST: Artificial Intelligence Risk Management Framework (AI RMF 1.0)
  4. Ericsson Mobility Report November 2025