Operational technology (OT) networks silently hum across critical infrastructure. They power cooling systems and building management platforms. Behind their smooth operation lies a hidden risk as OT network owners struggle to secure asset visibility without risking downtime. Traditional IT visibility tools can destabilise OT in seconds, turning essential services into unexpected outages. Carl Henriksen, CEO at built environment cybersecurity specialist OryxAlign, says visibility in OT is becoming a security and engineering challenge; and getting it wrong, can compromise cyber resilience and operational continuity.
ย
Visibility gaps are clear obstacles in effective OT security. An estimation calculated in the Dragos 2026 OT Cybersecurity Year in Review report suggests, โfewer than ten per cent of OT networks worldwide have network visibility and monitoring in placeโ leaving defenders blind to malicious activity until an incident is already underway.
But simply bolting on traditional IT visibility tools designed for servers and endpoints into OT networks can, and often does, result in outages or degraded performance. To protect cyber and physical resilience, companies need an engineeringโfirst view of OT visibility that both respects uptime and safetyโcritical operations.
The visibility paradox
Visibility is often treated as fundamental for cybersecurity, but in OT environments the act of gaining visibility can itself introduce risks. Traditional IT security tools rely on active scanning or inline inspection, methods that cause latency in fragile OT systems if incorrectly configured.
Take environment controllers managing data centre cooling systems. These systems rely on real-time data to determine protocols for precise control, unexpected scans and network testing may cause latency issues that interrupt their communications. Such interruptions consequently result in unexpected downtime and potential service failures. Paradoxically, organisations cannot secure what they cannot see. However, attempting to observe OT networks using conventional IT methods can destabilise the very systems they are trying to protect.
In guidance published by the National Institute of Standards and Technology (NIST) it is stated that, โOT network owners should exercise extreme caution when permitting active scanning on an operational network due to device sensitivity on the target network. Active scans may cause device instability or interfere with the device process state, potentially impacting safety and integrity.โ
Passive monitoring resolves this, focusing on network traffic through engineered SPAN or TAP connections which do not introduce additional network traffic. This is ideal for fragile OT systems which may be interrupted through active scanning, allowing OT network owners to observe communications without interacting with sensitive devices that may result in unexpected downtime and system failures.
In large data centres, these approaches must be designed and validated before they go live. Passive monitoring devised specifically for data centre switches allows continuous asset discovery and exposure analysis without affecting production systems. Thousands of OT and supporting IT assets can be identified and normalised, replacing incomplete manual inventories with continuously updated operational intelligence.
Taking steps towards scalable resilience
Visibility alone does not reduce risks unless it informs how networks are structured and governed. In many businesses, OT systems that run machinery are connected to the business network without careful planning or separation.
One unified network exposes businesses, allowing attackers to easily move from company systems into critical operational systems once compromised. Legacy OT devices often cannot support modern security agents or deep packet inspection, so they are left unprotected when networks merge.
The next step is turning visibility into controlled, resilient infrastructure. NIST guidance emphasises that OT cybersecurity must address โunique performance, reliability and safety requirements,โ meaning security controls must be implemented without disrupting operational processes.
The recommended approach follows a clear progression. Organisations must first identify connected assets and communication flows to establish how systems communicate under normal conditions. Segmentation can then be introduced using methods such as VLANs and network isolation to separate domains based on their individual importance, such as management authority or trust levels. Finally, continuous monitoring ensures those boundaries remain effective over time, future-proofing infrastructure even as technology develops.
ย
Engineering visibility as a foundation
In large scale data centre environments, network security must be embedded into the architecture from the outset. OryxAlign designs and builds secure enterprise networks that support mission-critical operations while scaling to meet growing infrastructure demands across multiple sites. This approach combines robust network architecture with NIST-recommended OT cybersecurity protocols to ensure all connected systems are protected and operationally functional at the same time.
Visibility done poorly undermines resilience. It breaks processes and ultimately makes organisations less secure. But visibility done well, engineered and passive, enables defenders to anticipate issues based on real behaviour and implement security within the base of OT networks. OT owners looking to build real OT cyber resilience should start by asking not just whether they can see their environments, but whether they can do so safely and continuously.
Visit www.oryxalign.com/data-centre.
