IT/OT Network Assessment: An Essential Guide to Securing Manufacturing Operations and Qualifying for Cyber Insurance

    Sept. 15, 2025
    An IT/OT network assessment compiles a full inventory of connected assets, maps communication paths, and pinpoints performance and cybersecurity gaps within a manufacturing facility’s OT network. This data allows manufacturers to strategically plan and budget upgrades based on each issue’s relative urgency while providing documentation that strengthens their cyber insurance position.
    Related To:
    Eric Medecke, E Tech Group
    • A comprehensive network assessment identifies all connected devices, maps network topology and evaluates physical infrastructure to eliminate blind spots that cause operational inefficiencies and security vulnerabilities in manufacturing facilities.
    • The assessment should aligns with ISA/IEC 62443-3-2 standards to create a System Security Plan that helps manufacturers qualify for cyber insurance coverage and reduces claim denial risks from incomplete documentation.
    • These assessments also reveal common high-priority problems including unsecured IT/OT network separation, unauthorized OEM remote access points, and non-compliant industrial cabling that violate NEC standards and create safety hazards.

     

    The OT (operational technology) network is the backbone of every manufacturing facility, carrying all production line communication and connecting critical systems to the broader enterprise. Built from a complex mix of industrial devices, cabling, connectors and switches, even a single weakness can lead to anything from nuisance downtime to a full-scale ransomware incident.

    And yet, most manufacturers have very little information about the state of their OT network. They don’t know the full list of connected devices, their network’s topology, bandwidth limitations or cybersecurity posture. As a result, communication bottlenecks, outdated firmware and undocumented assets persist, alongside the resulting operational inefficiencies and cybersecurity risks. 

    Because an IT/OT assessment views a facility through its OT network backbone, it delivers the data manufacturers need to rank and prioritize both asset and infrastructure upgrades. The resulting report becomes a practical roadmap for manufacturers to identify, plan and budget for the improvements that matter most.   

    IT/OT assessment deliverables

    An IT/OT assessment is a cost-effective undertaking that usually requires a few days onsite to complete. It typically includes: 

    Inventory all connected devices: This comprehensive network scan identifies the make, model, firmware version and, usually, the age of all connected devices and their associated IP addresses. With all assets fully identified, those approaching end-of-life can be scheduled and budgeted for upgrades based on relative urgency. Each device’s firmware version is also cross-referenced with the National Vulnerability Database to identify known vulnerabilities that require attention. Firmware upgrades can then be addressed in order of the severity of the threat they pose.

    Map network topology: This map shows the network’s overall structure including each device’s connection point and communication paths to help identify any underlying causes of latency and intermittent connectivity issues on the shop floor. It also guides OT network investments to improve equipment performance and reliability. 

    Evaluate physical infrastructure for industrial compliance: The physical inspection assesses the hardware and cabling infrastructure for industrial grade compliance. Office-grade cables, crimped ethernet connectors and unmanaged switches often cause intermittent production line performance and downtime issues. Replacing them with industrial-grade components strengthens the OT network’s reliability and ability to support critical production infrastructure.  

    Assess wireless coverage and security vulnerabilities: The assessment identifies wireless coverage issues including sources of electromagnetic interference (EMI) from poorly installed or misconfigured equipment and unauthorized OT network access points. These direct access points are commonly embedded in OEM machinery for remote support, creating a direct pathway onto the facility’s OT network. Upgrades can be planned to address EMI sources and remove unauthorized access points. 

    Secure the network to qualify for cyber insurance: A review of the network’s overall cybersecurity posture should be performed in alignment with ISA/IEC 62443-3-2 guidance to identify current risks. In E Tech Group’s experience, most manufacturers are not compliant with current standards, resulting in exposure not only to cyberthreats but also difficulty obtaining cyber insurance coverage. We recommend developing a “System Security Plan (SSP),” which documents a facility’s cybersecurity posture, including asset inventory, network architecture, security controls and known vulnerabilities. It is often required by cybersecurity insurance providers. An IT/OT network assessment, as described above, provides the information needed to accurately create or update an SSP. By submitting a complete, third-party supported SSP during the insurance application or renewal process, manufacturers can reduce the risk of claim denials due to incomplete or inaccurate self-reported information.

    Eric Medecke is group director of IT/OT Solutions at E Tech Group.  E Tech Group is a certified member of the Control System Integrators Association (CSIA). For more information about E Technologies Group, visit E Tech Group on the Industrial Automation Exchange.

    More cybersecurity insights from Automation World:

     

    Common network issues found during assessments

    E Tech Group frequently finds easily correctable issues during an IT/OT assessment. The following high-priority problems are among the most common:

    • No separation between IT and OT networks: Business and production systems often share the same network infrastructure, creating cybersecurity risks and degrading industrial traffic performance. 
    • Unsecured remote access from OEM equipment: New machines often include pre-installed remote access tools for OEM support. These access points bypass the facility’s cybersecurity controls and often retain default login credentials, creating potential entry points for external threats. 
    • Unsafe or incorrect cabling: Assessments often reveal office-grade Ethernet cables or crimped connectors being used in industrial environments. These practices violate NEC standards and increase the risk of insulation breakdown, which can lead to both communication issues and electrical hazards.

    Continued Reading

    Sponsored Recommendations

    Inductive Automation offers multiple editions of Ignition created for specific use cases. See what differentiates Ignition, Ignition Edge, Ignition Cloud Edition, and Ignition...
    Castle & Key brought new life to a historic Kentucky distillery by blending 140 years of heritage with cutting-edge automation. With help from Gray AES, they replaced outdated...
    Learn how Inductive University can help you overcome today’s biggest roadblocks in SCADA training, such as prohibitive costs, gated software access, and more.
    Forget complex programmingget smarter, faster automation with MOVI?C. With scalable performance, multibus flexibility, and safety built in, its control tech that adapts to ...