In 2026, the traditional “air gap” is a logical challenge. The convergence of IT and OT, coupled with AI-driven threats, has rendered “security by obscurity” obsolete. To maintain operational resilience, industrial leaders are shifting their focus toward Identity, Visibility, and Secure Data Transfer.
Based on insights from IIoT World Days 2025, this guide highlights six platforms defining the Industrial Control Systems (ICS) cybersecurity stack for 2026.
Note: This list was curated based on companies that participated as sponsors or speakers at IIoT World Days 2025, with several solutions specifically highlighted during expert panel discussions.
1. OPSWAT: The Guardian of Data Transfer
In the session “Securing OT Data Transfers,” experts noted that transient devices, like USB drives, remain a primary threat vector. OPSWAT addresses the “sneakernet” risk by ensuring no file enters an air-gapped environment without verification.
- Core Solutions: MetaDefender Kiosks for USB sanitization, Hardware-enforced Data Diodes, and Managed File Transfer (MFT).
- 2026 Strategy: Enforcing a verifiable workflow for third-party vendors and maintenance teams who must interface with sensitive production zones.
2. Armis: Asset Intelligence & Visibility
The mantra for 2026 is: You cannot protect what you cannot see. During the “From the Concrete to the Carpet” session, Armis demonstrated how shadow IoT, like a Nintendo Switch connected to a factory network, can go unnoticed without passive monitoring.
- Core Solutions: Asset Intelligence Engine for full inventory and a proprietary Vulnerability Management database.
- 2026 Strategy: Providing 100% visibility of IIoT sensors without disrupting legacy PLC operations.
3. Keyfactor: Machine Identity & Trust
Panelists in the “Cybersecurity in the Energy Industry” session explained that trust is a human notion that should not be blindly granted to machines. Keyfactor provides the “digital fingerprint” required for a Zero Trust architecture.
- Core Solutions: PKI (Public Key Infrastructure) for certificate management and Crypto-Agility to prepare for quantum-resistant encryption.
- 2026 Strategy: Eliminating hardcoded passwords by giving every machine a unique, manageable identity.
4. Fortinet: Network Segmentation & Defense
While data diodes handle one-way flow, Fortinet remains the industry standard for internal segmentation. It is the primary tool for enforcing the Purdue Model, preventing lateral movement from the business office to the plant floor.
- Core Solutions: OT-Aware Firewalls and Secure Remote Access using double-layer Multi-Factor Authentication (MFA).
- 2026 Strategy: Preventing “flat network” risks where an IT-based phishing attack could compromise heavy machinery.
5. Schneider Electric: Secure-by-Design Ecosystems
Schneider Electric is leading the shift toward “Secure by Design,” where security is a fundamental component of the hardware rather than an afterthought.
- Core Solutions: Managed Security Services and vendor-agnostic consulting for heterogeneous environments (e.g., Siemens, Rockwell).
- 2026 Strategy: Hardening assets at the PLC level to ensure the physical hardware is as resilient as the network.
6. BlackFog: Anti-Data Exfiltration
Modern ransomware has evolved from simple encryption to data extortion. BlackFog focuses on the final stage of the kill chain: stopping data from leaving the building.
- Core Solutions: Real-time Exfiltration Prevention to neutralize ransomware leverage.
- 2026 Strategy: Protecting sensitive operational data and intellectual property from being leaked to the dark web.
2026 ICS Security Comparison Table
| Provider | Primary Role | Key 2026 Use Case |
|---|---|---|
| OPSWAT | Secure Transfer | Scanning USBs and enforcing one-way data flow via diodes. |
| Armis | Visibility | Discovering unmanaged assets and shadow IoT on the floor. |
| Keyfactor | Identity | Issuing unique digital identities for Zero Trust. |
| Fortinet | Segmentation | Enforcing the Purdue Model to isolate IT from OT. |
| Schneider Electric | Resilience | Delivering secure-by-design hardware and monitoring. |
| BlackFog | Data Defense | Preventing the exfiltration of sensitive operational data. |
Frequently Asked Questions (FAQ)
What is the biggest threat to air-gapped networks in 2026?
The “Sneakernet”, the physical movement of data via USBs and laptops, remains the most significant threat. Solutions like OPSWAT are used to sanitize these devices before they can interact with the ICS.
Why is “Identity” becoming a focus for OT security?
With the rise of Zero Trust, organizations no longer assume a device is safe just because it is plugged into the network. Every asset requires a unique “machine identity” (managed by providers like Keyfactor) to authenticate its communication.
How does passive visibility differ from active scanning in OT?
Active scanning can crash sensitive legacy PLCs. Passive visibility (like Armis) “listens” to network traffic to identify assets without sending disruptive signals that could stop production.
What is the Purdue Model in 2026?
The Purdue Model is a framework for industrial network segmentation. While IT and OT are more connected than ever, the model (enforced by firewalls like Fortinet) ensures that layers of security exist between the internet and the actual control hardware.
This article was written by Carolina Rudinschi based on the insights shared during the IIoT World Days 2025. Interested to participate as a speaker or as an attendee to IIoT World Days 2026? Check this link.
