July 3, 2026

Secure industrial communication depends on deployment as well as protocols

In brief

The article reports that the Industrial Security Harmonization Group has issued a joint industry perspective warning that secure industrial communication cannot be judged by protocol choice alone. The group, which includes organisations such as FieldComm Group, ODVA, OPC Foundation and PROFIBUS & PROFINET International, argues that industrial cybersecurity depends heavily on how communication technologies are configured, deployed and managed in real operational environments. Many protocols used in automation were not originally designed with cybersecurity as a central concern, but the article says it is too simplistic to label protocols as either secure or insecure.

Instead, the ISHG stresses that security is context-dependent and must include correct implementation, maintenance and surrounding protections. Even protocols with built-in security features can be weak if poorly deployed, while legacy or non-Ethernet systems can be better protected through compensating controls such as network segmentation, zones and conduits, monitoring and physical safeguards. The article links this practical deployment-focused approach to emerging European regulatory expectations, including the Cyber Resilience Act and NIS2, which place greater emphasis on cybersecurity across products, entities and operations.

Source: Control Engineering Europe

Choose a topic: