[et_pb_section fb_built=”1″ _builder_version=”4.27.4″ _module_preset=”default” custom_padding=”0px|||||” global_colors_info=”{}”][et_pb_row _builder_version=”4.27.4″ _module_preset=”default” custom_padding=”4px|||||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https://izkr1zjmke.wpdns.site/wp-content/uploads/2025/10/it-services-02.jpg” title_text=”it-services-02″ _builder_version=”4.27.4″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.4″ _module_preset=”default” global_colors_info=”{}”]

Executive Summary: From Illusion to Reality—A Foundational Shift in
Industrial Cybersecurity

The cybersecurity landscape for industrial control systems (ICS) and operational technology
(OT) is at a critical inflection point. For decades, the foundational blueprint for securing these
environments has been based on an assumed reality of isolation and clear boundaries, a
concept most notably codified by the Purdue Model.

1 However, this report demonstrates that
these traditional defenses now provide only a fragile “illusion of protection,” a deceptive
appearance of security that is easily bypassed by modern adversaries. This strategic
vulnerability is not merely a technical flaw; it is a fundamental miscalculation that leaves
critical infrastructure susceptible to attack.
The traditional security posture has been undermined by three primary vectors that are
systematically eroding the integrity of the ICS perimeter. First, “wireless bleeding,” a
phenomenon where wireless signals—including Wi-Fi and Bluetooth—extend far beyond
physical perimeters, creates unseen pathways for unauthorized access.

1 Second, “remote site
gaps,” which are the unmanaged and often unsecured network points in geographically
dispersed infrastructure, serve as digital blind spots that attackers are actively exploiting.
1
Third, the “flawed assumptions” of the Purdue Model have created a paradox where networks,
despite being technically segmented, function as a single flat network in practice, enabling an
attacker to move laterally with ease once inside.
1

This report presents a comprehensive analysis of these vulnerabilities, supporting its claims
with extensive public research from sources such as the U.S. Cybersecurity and Infrastructure
Security Agency (CISA), the MITRE ATT&CK for ICS framework, and documented real-world
cyberattacks.

1 The evidence presented herein confirms that a perimeter-centric defense is

obsolete and fundamentally inadequate for securing modern, interconnected industrial
environments. The analysis concludes that the solution is not an incremental upgrade of
existing tools, but a foundational shift to a new security paradigm: Preemptive Cyber
Defense.
1 This proactive approach aims to neutralize threats at the earliest stages of an
attack, actively denying, disrupting, and deceiving adversaries before they can cause harm.
The report details how a solution anchored in this preemptive philosophy, such as
PacketViper’s Automated Moving Target Defense (AMTD), directly addresses the critical gaps
exposed by the failings of traditional security models.

1 This new approach provides not only a

demonstrably more resilient security posture but also a clear and auditable path to
compliance with stringent regulations, offering a sustainable defense for the future of critical
infrastructure.

1. The Shifting Ground: Why Traditional Defenses Are an Illusion

The long-standing reliance on static security measures in industrial environments has created
a predictable landscape that sophisticated attackers can methodically study and exploit.
1 This
predictability gives rise to a critical vulnerability: the illusion of protection. This section
deconstructs three primary pillars of this illusion, providing a detailed, evidence-based
critique of why they no longer provide adequate security.

1.1. The Obsolete Blueprint: The Fading Relevance of the Purdue Model

The Purdue Model, developed in the 1990s, was a pioneering architectural framework for
industrial network segmentation.
1
Its central premise was to create distinct security
boundaries by isolating OT systems from enterprise IT networks, often through “air gaps” or
strict firewalls.

1 This hierarchical structure was logical and effective in a world where industrial
systems operated in relative isolation, with physical separation serving as the primary security
control.
2 However, this model’s rigid design and core assumptions have been rendered
obsolete by the pervasive convergence of IT and OT.
2

This is no longer a theoretical concern. The SANS 2024 ICS/OT Survey found that only 8.2% of
organizations maintain 100% isolated systems, a statistic that underscores the disconnect
between the Purdue Model’s design and today’s operational reality.

2 Modern industrial
environments, driven by the need for remote monitoring, predictive maintenance, and
data-driven decision-making, are increasingly interconnected.

2 This hyper-convergence

directly contradicts the Purdue Model’s vertical, hierarchical structure, leading to a state
where, while a network may be technically segmented on paper, it functions as a “flat
network” in practice.

1 This paradox occurs when segmentation rules are overly permissive,
granting broad communication between segments, or when all segments are routed through a
central management layer with open permissions.

1 The result is that a breach in one
“segment” can quickly spread to all others, as the underlying trust relationships remain intact
and lateral movement is unrestricted.
1

The illusion of security provided by the Purdue Model’s strict boundaries is a direct enabler of
documented security failures. The U.S. Cybersecurity and Infrastructure Security Agency
(CISA) has explicitly identified “poor network segmentation” between IT and OT environments
as a significant risk during its cyber threat hunts.

4 CISA’s findings directly validate the report’s
claim that segmentation, as it is often implemented, leaves critical systems exposed.
4 This
flawed practice creates the ideal environment for attackers to use the lateral movement
techniques outlined in the MITRE ATT&CK for ICS framework.

1 When the theoretical flaws of a
security model lead to documented security gaps and are exploited by real-world attack
techniques, the model is no longer a blueprint for protection but a documented enabler of
risk.

1.2. The Invisible Threat: Exposing Wireless Bleeding and Unseen Pathways

The concept of a physical perimeter—a fence, a wall, or a locked door—has long been the
cornerstone of industrial security. The illusion of protection assumes that if a physical barrier
is intact, a facility is secure. However, a significant and often-overlooked vulnerability is
“wireless bleeding,” where wireless signals extend far beyond these physical boundaries,
creating invisible pathways for unauthorized access.

1 This threat is not limited to Wi-Fi; it also

includes the often-neglected risk posed by Bluetooth.

1 A person in a nearby parking lot, a
residential area, or a public space can gain a foothold inside the network without breaching
the physical perimeter.
1

This is a real and documented threat. The U.S. Food and Drug Administration (FDA) has issued
a safety communication about a set of cybersecurity vulnerabilities, known as “SweynTooth,”
affecting certain medical devices that use Bluetooth Low Energy (BLE).

7 These vulnerabilities
could allow an unauthorized user to “wirelessly crash the device, stop it from working, or
access device functions normally only available to the authorized user”.

7 As medical devices
are a form of operational technology, this government-backed alert provides a critical parallel
to industrial systems, demonstrating that wireless vulnerabilities can affect physical,
mission-critical assets.

7 Another example involves security researchers who discovered that
Baxter’s Sigma Spectrum infusion pumps stored hospital Wi-Fi credentials in memory, which

an attacker with brief physical access could easily retrieve.
8

The illusion that a physical perimeter is sufficient is a dangerous one. As documented by
Check Point, Wi-Fi hacking can occur through various attack vectors, including “Evil Twin
attacks,” where an attacker creates a fake wireless network with a similar name to the
legitimate one, luring unsuspecting users to connect and reveal their credentials.
9 The FBI

also warns against conducting sensitive transactions on public Wi-Fi networks.
10 This
demonstrates that the threat is not just from a sophisticated, long-range attack but from a
proximal one. An attacker in a parking lot could create an evil twin network, which an
unsuspecting engineer or employee could connect to, thereby providing an initial foothold
that bypasses the physical security of the facility altogether. This confirms that the threat
landscape is not only digital and distant but also physical and proximal, and that the illusion of
physical security is a dangerous vulnerability.

1.3. The Unattended Perimeter: Securing Gaps at Remote Sites

For many critical infrastructure sectors, the network is not confined to a single, easily
defensible central facility. It is often a complex, geographically dispersed network of
unattended remote sites, such as pump stations, well pads, and substations.

1 These sites
represent a significant layer of exposure, as they often have minimal physical protection and
lack the managed network infrastructure found at a main plant.

1 These unattended perimeters
are, in effect, digital blind spots, lacking real-time monitoring and relying on unmanaged
switches, DHCP, and unsecured VPN endpoints.
1

This unattended perimeter has been the vector for some of the most impactful cyberattacks
on critical infrastructure. The 2021 Colonial Pipeline ransomware attack, while initiated
through a compromised VPN account, demonstrated the vulnerability of a distributed and
interconnected pipeline network.

11 The attack, which forced the shutdown of a system that
transports 45% of the fuel to the U.S. East Coast, underscored how a single point of failure
can lead to catastrophic consequences across a distributed network.

11 A more visceral
example is the 2021 Oldsmar, Florida, water treatment plant incident, where an attacker
remotely accessed the plant’s HMI and changed the sodium hydroxide levels to a toxic
amount.
12 The incident revealed a lack of remote access controls and a failure to enforce a
least privilege access policy.

12 The attacker’s ability to manipulate a physical process from a
remote location provides a stark warning about the risks posed by unmanaged remote
access.
12
Other documented events reinforce this concern. The report will cite the Australian sewage
company hack and a similar case in Louisiana where a terminated engineer was able to shut

down a paper mill from home, both demonstrating the dangers of a digital blind spot at
remote sites.

13 These documented incidents demonstrate that attackers have found and are
actively exploiting the critical gap at the unattended perimeter, turning a physical weakness
into a devastating digital vulnerability.
Table 1 provides a concise summary of the key vulnerabilities and how traditional defenses fail
to address them.

Vulnerability Publicly Sourced
Evidence

Traditional Defense
Failure

Wireless Bleeding FDA SweynTooth alert
7
;
infusion pump credential
leak.
8

Physical perimeters
(fences, walls, doors) are
bypassed by unseen
wireless pathways.

Remote Site Gaps Colonial Pipeline attack
11
;
Oldsmar water plant
attack.
12

A perimeter-centric
defense strategy leaves
unattended, geographically
dispersed sites as digital
blind spots.

Flawed Purdue Model CISA findings on poor
segmentation
4
; SANS
survey on isolated
systems.
2

The model’s rigid hierarchy
is unable to accommodate
modern IT/OT convergence,
leading to a false sense of
security and a
paradoxically flat network.

2. A New Reality: The Challenge of Internal Vulnerabilities

The illusion of protection is most dangerous when it leads organizations to believe that a
strong perimeter is all that is needed. The reality is that once a threat bypasses the perimeter,
whether through a wireless bleed or a compromised remote site, the internal environment is
often built on a flawed foundation of implicit trust.

1 This section explores the internal
vulnerabilities that allow threats to spread and the paradoxical challenges of applying
IT-centric security models to the unique realities of OT.

2.1. The Flawed Assumption of Trust

The Purdue Model’s lower levels (Levels 1 and 2), which govern controllers, HMIs, and field
devices, are often architected with the flawed assumption that they operate in a trusted
environment.
1
In many cases, these layers are flat networks, lacking internal segmentation or
authentication between devices. As a result, once an attacker gains access to these lower
levels, there is little to no obstacle to prevent lateral movement and direct interaction with
critical process control systems.

1 This is not a theoretical flaw; it is a direct contributor to

documented security failures.
A cyber threat hunt by CISA at a critical infrastructure organization found that shared local
administrator accounts with identical, plaintext passwords were being used across numerous
hosts.
4 CISA also noted that these accounts had unrestricted remote access, and that a
non-privileged user from the IT network could use their credentials to access the critical
SCADA VLAN, a failure of poor network segmentation.

4 These findings reveal a critical truth:
the threat is often not a sophisticated external hacker but a compromised or malicious insider.
When the internal network is built on a foundation of implicit trust, any breach of that
trust—whether from an external attacker using stolen credentials or an actual rogue
employee—can become catastrophic.

2.2. The Attacker’s Playbook: Lateral Movement in Industrial Networks

To truly understand the danger of a network built on implicit trust, it is necessary to examine
the attacker’s playbook. The MITRE ATT&CK for ICS framework provides a globally recognized
knowledge base of adversary tactics and techniques based on real-world observations.
5
It
provides a vocabulary for discussing how threats pivot from a point of initial access and move
laterally through a network to achieve their objectives.

1 The existence of these documented
techniques confirms that attackers have a clear, repeatable process for exploiting the internal
vulnerabilities discussed in this report.
The following table breaks down specific lateral movement techniques from the framework
and links them to the real-world vulnerabilities and incidents discussed in this report.

MITRE ATT&CK for ICS Description of Technique Real-World Example

Technique
Default Credentials (T0812) Adversaries exploit
manufacturer-set default
credentials on control
system devices, which
often have administrative
permissions and are not
changed.
5

A direct consequence of
insecure remote access
and a key reason why
IT-style Zero Trust fails to
protect low-power OT
devices.
15

Exploitation of Remote
Services (T0866)

Adversaries exploit
software vulnerabilities to
abuse remote services like
RDP and SSH to gain initial
access and move laterally.
5
CISA has documented this
exact technique, noting
that attackers can use RDP
or SSH protocols to move
from compromised IT
workstations to OT
systems.
4

Valid Accounts (T0859) Adversaries steal legitimate
credentials to bypass
access controls, gain
persistence, and acquire
increased privileges.
5

The Colonial Pipeline attack
was initiated through a
compromised password for
an inactive VPN account
that lacked multi-factor
authentication.
11

Hardcoded Credentials
(T0891)

Adversaries use credentials
that are hardcoded into
software or firmware to
gain an unauthorized
session on an asset.
5

A vulnerability in
vendor-managed legacy
systems where passwords
cannot be easily changed
or are publicly available,
leaving a consistent attack
vector.
1

This detailed mapping reveals a powerful causal chain. The flawed assumptions of the Purdue
Model and the existence of internal vulnerabilities create a fertile environment.

1 The MITRE
ATT&CK framework provides the list of specific technical actions an attacker takes to exploit
that environment.

5 By linking the abstract security flaw to a concrete, documented attack
technique, the analysis provides a compelling and actionable argument for a new defense
strategy.

2.3. The Zero Trust Paradox: When IT Solutions Fall Short

In response to the failures of perimeter-based security, many organizations have looked to the
Zero Trust model, which operates on the principle of “never trust, always verify”.

17 While this is
a theoretically sound approach, its application in OT environments creates a “Zero Trust
paradox”.
1 The IT-centric solutions that embody this model are fundamentally incompatible
with the unique realities of industrial operations, a fact that multiple industry sources have
highlighted.
1

The core challenges are rooted in the nature of OT systems.

18 Many environments are built on
legacy technology and equipment deployed decades ago that cannot be easily patched,
updated, or replaced.

16 These systems, which have 20- to 30-year lifespans, simply do not
support the modern security agents or protocols that are central to many Zero Trust
implementations.

1 Furthermore, unlike IT, which prioritizes data confidentiality, OT’s absolute

priority is the availability and safety of physical processes.

16 This means that a planned

downtime for a security update is often not an option.
16

Another critical distinction is the difference between identity and behavior. IT-centric Zero
Trust relies heavily on verifying user identity, but in the lower-level OT environment, the
concept of a user often disappears.

16 Devices like PLCs and HMIs do not track which user
entered a command, and there is a lack of Identity Access Management (IAM) systems.
1
Therefore, a Zero Trust for OT policy must shift its focus from identity to behavior, evaluating
whether network traffic aligns with “known good” patterns and makes sense in the current
environment.

16 The paradox is that the principle of Zero Trust is a correct one, but the
implementation using IT-centric tools is fundamentally incompatible with OT realities. As
industry experts have noted, an organization cannot simply purchase a Zero Trust product; it
must adopt a tailored strategy that accounts for the specific challenges of its environment.
19

3. A Foundational Reorientation: The Dawn of Preemptive Cyber
Defense

The analysis of the illusion of protection demonstrates that traditional, reactive security
models are no longer sufficient. It is not enough to simply detect an attack after it has begun;
the goal must be to neutralize threats before they can materialize into a successful attack.
This fundamental reorientation of strategy marks the dawn of a new security paradigm:
Preemptive Cyber Defense.
1

3.1. Beyond Detect and Respond: A New Security Paradigm

For decades, cybersecurity has been a reactive discipline, centered on a “detect and
respond” model.

1 This approach relies on fixed, static defenses such as firewalls and intrusion

detection systems to form a perimeter that, once breached, triggers an alert and a
subsequent response.

1 However, as the analysis has shown, this creates a predictable
environment that modern, sophisticated attackers can meticulously study, map out, and
bypass.
1
Preemptive Cyber Defense is a strategic departure from this reactive model. Gartner, a
leading research and advisory company, defines this approach as one that aims to “prevent
and deter cyber attacks before they can launch or succeed”.

1 This is achieved through a
combination of capabilities: denying attackers the opportunity to initiate an attack, disrupting
ongoing attacks, and deceiving adversaries to divert them from critical assets.

1 The goal is not
to build a series of increasingly formidable, yet static, walls, but to transform the network into
a dynamic, unpredictable, and hostile environment where an attacker’s intelligence-gathering
efforts are rendered futile.
1

3.2. A Paradoxical Strategy: Increasing the Perceived Attack Surface

A core strategic innovation of Preemptive Cyber Defense is its paradoxical approach to
managing the attack surface.

1 While traditional security wisdom dictates that an organization
should actively shrink its attack surface by closing ports and eliminating unnecessary services,
this is an incomplete strategy that modern attackers can easily bypass.
1

The counter-intuitive strategy is to intentionally increase the perceived attack surface to
defend and conceal the actual one.

1 This is accomplished by deploying a vast and
unpredictable layer of deceptive elements—such as decoys, fake network services, and
deceptive responders—across both IT and OT environments.

1 This expansion makes the
network appear far larger and more complex than it actually is, creating a “target-rich” but
“amorphous” and “unreliable” environment for adversaries.

1 The deceptive assets are
designed to attract unauthorized scans and connections, luring attackers away from
production systems and into a virtual minefield of false targets.

1 This strategy, which targets
the earliest stages of the cyber kill chain—reconnaissance and initial access—turns the
attacker’s own reconnaissance efforts against them.
1
It forces adversaries to expend their

time and resources, while providing high-fidelity intelligence to defenders.
1

4. The Solution in Action: A Case Study in Proactive Defense

A foundational platform for this new paradigm is PacketViper’s Automated Moving Target
Defense (AMTD) solution.
1
It is a tangible example of a preemptive security architecture
purpose-built to address the vulnerabilities exposed in this report. The platform’s unique
capabilities directly map to the challenges of wireless bleeding, remote site gaps, and flawed
Purdue Model assumptions, providing a holistic and proactive defense.

4.1. The PacketViper Preemptive Architecture

PacketViper’s solution is a multi-layered, agentless defense that operates autonomously to
protect both IT and OT environments.

1 The core is its patented AMTD, which continuously and
automatically alters key network parameters to disrupt an adversary’s ability to conduct
reconnaissance and exploit vulnerabilities.

1 The solution’s architecture is distributed, with a
central Control and Management Unit (CMU) that coordinates defensive actions with
Boundary Security Units (BSUs) and Remote Security Units (RSUs).

1 The RSU is a ruggedized,
industrial-grade device designed for deployment at small, unattended remote sites, providing
autonomous detection and containment even without central connectivity.

1 This distributed,
“hive-minded” architecture ensures that a threat detected at a single remote location can be
instantly neutralized across the entire network by propagating a blacklist rule at “wire speed”.
1
The platform’s deceptive responders provide a verifiable data feed of unauthorized activity,
creating a “false positive free” signal of a malicious actor engaged in reconnaissance or an
attack.
1 This capability directly addresses the internal blind spot created by ineffective
network segmentation. Furthermore, the solution’s native support for OT protocols like
Modbus TCP/IP addresses the key pitfalls of IT-centric Zero Trust by providing non-disruptive,
agentless protection for legacy devices.
1
Its Deceptive Responder Identity Detection (DR ID)
capability provides critical identity intelligence in environments where traditional Identity
Access Management (IAM) systems are limited or nonexistent, providing a compelling
compensating control for unpatchable or vendor-managed systems.
1

4.2. Third-Party Validation and Measurable Impact

The efficacy of PacketViper’s solution is not merely a theoretical exercise; it is validated by a
series of compelling real-world use cases and demonstrable, quantifiable outcomes.
1
● The ManuTech Case Study: In a scenario involving an automotive parts manufacturer
with a decentralized OT network, a rogue insider threat introduced a malicious device
that bypassed traditional firewalls and antivirus protocols.

1 The PacketViper OT Remote
(OTR) solution instantly detected the anomalous behavior and isolated the compromised
network segment.

1 The central CMU then pushed out containment rules to all RSUs
across the enterprise, blacklisting the threat vector’s IP and preventing any lateral
movement, thereby neutralizing a potentially catastrophic zero-day exploit.
1

● The Fortune 500 Oil & Gas Case Study: After deploying the solution, a Fortune 500 Oil
& Gas company with a complex, distributed network of hundreds of unattended OT
assets saw its security posture so dramatically improved that a subsequent third-party
penetration test was a failure for the attackers.

1 The penetration testers were “unable to
complete the test until the automated threat detection and prevention tool was turned
off,” providing a powerful, third-party-validated endorsement of the technology’s
effectiveness against sophisticated red teams.
1

● The Municipal Water/Wastewater Case Study: This use case demonstrates the
operational and economic benefits of the solution for understaffed security teams.
1 A
municipal water authority deployed the solution and demonstrated “over 50K probes and
scans in a half-day test period” targeting remote OT assets.

1 The in-line deployment not
only obfuscated these assets but also successfully contained a threat during a red team
exercise. The solution acts as a “force multiplier” by drastically reducing network “noise”
and freeing up analysts to focus on genuine threats.
1

The measurable business impact extends to the bottom line. The solution significantly reduces
network traffic, with customers typically experiencing a 30% to 70% reduction in total inbound
traffic.
1 This has a profound economic impact, as it lowers operational costs for volumetrically
priced Managed SIEM and SOC services.

1 The demonstrable reduction in false positives also
lowers alert fatigue and frees up security analysts to focus on real threats, thereby making the
entire security operation more efficient.

5. Strategic Synthesis and Recommendations

The analysis confirms that the illusion of protection created by traditional security models is
no longer tenable in a world of IT/OT convergence, wireless bleeding, and unattended remote
sites. A fundamental reorientation of defensive strategy is not a luxury but an operational

imperative. The solution lies in adopting a new paradigm: Preemptive Cyber Defense.

5.1. The Unique Market Differentiator

PacketViper’s technology occupies a unique and defensible position in the nascent but critical
market for preemptive security solutions. Its patented approach to AMTD is a significant
evolution of prior art, which often focuses exclusively on IT environments and lacks the
advanced elements of a modern preemptive defense.
1
Its solution is fundamentally different
from other commercial vendors, which are often out-of-band and require complex
orchestration with external platforms for a response.

1 The key differentiators are summarized

in the following table.

Capability PacketViper Prior Art (e.g.,
MITRE)

Commercial
Vendors (e.g.,
Zscaler)

OT/ICS Protocol
Support (Modbus,
SCADA)

Yes No

1 Limited/Out-of-ban

d
1

Agentless &
Non-disruptive
Deployment

Yes No (requires
agents/orchestratio
n)
1

Often requires
agents/orchestratio
n
1

Autonomous,
Real-time
Containment

Yes No

(Reactive/Manual)
1
Often requires
SIEM/SOAR
orchestration
1

In-line Deployment
for Wire-speed
Blocking

Yes No Out-of-band
1

Patented Deceptive
OT Asset
Simulation

Yes No (IT-only)
1

IT-focused
1

5.2. A Path Forward for CISOs and Compliance Officers

For Chief Information Security Officers (CISOs), the recommendation is clear: achieving a
resilient security posture requires moving beyond a reactive, perimeter-based mindset. It
demands the adoption of a new security paradigm that provides real-time, autonomous
protection at the network edge.

1 A solution like PacketViper’s AMTD serves as a foundational
component for this new strategy, acting as a force multiplier for understaffed security teams
and providing demonstrable, third-party-validated protection against sophisticated threats.
1
For Compliance Officers, this technology provides a compelling path to not only meet the
letter of the law but also exceed its intent. The solution’s clear alignment with the core
requirements of NERC CIP-015-1 and its ability to act as a proven compensating control for
difficult-to-secure, vendor-managed systems provides a defensible and auditable security
posture.
1
The analysis concludes that PacketViper’s technology represents a fundamental reorientation
of defensive strategy. It is not merely a tool but a foundational platform for a new era of
proactive security, forcing the attacker to play on a field where the rules are constantly
changing. By moving beyond the illusion of protection, organizations can build a truly resilient,
intelligent, and preemptive defense for the future.
Works cited
1. The Illusion of Protection_ Why Wireless Bleeding, Remote Site Gaps, and Flawed
Purdue Model Assumptions Endanger Industrial Control Systems.pdf
2. Is It Time to Rethink the Purdue Model? | Nexus, accessed August 17, 2025,
https://nexusconnect.io/articles/is-it-time-to-rethink-the-purdue-model
3. Is the Purdue Model for operational technology security outdated? – Acronis,
accessed August 17, 2025,
https://www.acronis.com/en-sg/blog/posts/is-the-purdue-model-for-operational
-technology-security-outdated/
4. CISA identifies OT configuration flaws during cyber threat hunt at …, accessed
August 17, 2025,
https://industrialcyber.co/cisa/cisa-identifies-ot-configuration-flaws-during-cybe
r-threat-hunt-at-critical-infrastructure-organization-lists-cyber-hygiene/
5. Lateral Movement, Tactic TA0109 – ICS | MITRE ATT&CK®, accessed August 17,
2025, https://attack.mitre.org/tactics/TA0109/
6. Vulnerabilities and Attacks on Bluetooth LE Devices—Reviewing Recent Info –
Technical Articles – All About Circuits, accessed August 17, 2025,
https://www.allaboutcircuits.com/technical-articles/vulnerabilities-and-attacks-o
n-bluetooth-le-devicesreviewing-recent-info/

7. FDA Informs Patients, Providers and Manufacturers About Potential Cybersecurity
Vulnerabilities in Certain Medical Devices with Bluetooth Low Energy, accessed
August 17, 2025,
https://www.fda.gov/news-events/press-announcements/fda-informs-patients-pr
oviders-and-manufacturers-about-potential-cybersecurity-vulnerabilities-0
8. Dangers of Healthcare Wi-Fi-Based Location Systems – RF Technologies,
accessed August 17, 2025,
https://www.rft.com/dangers-of-healthcare-wi-fi-based-location-systems/
9. Wi-Fi Hacking: How It Works, and How to Stay Secure – Check Point Software,
accessed August 17, 2025,
https://www.checkpoint.com/cyber-hub/cyber-security/what-is-hacking/wi-fi-ha
cking-how-it-works-and-how-to-stay-secure/
10. Cybercrime | Federal Bureau of Investigation – FBI, accessed August 17, 2025,
https://www.fbi.gov/investigate/cyber
11. Colonial Pipeline ransomware attack – Wikipedia, accessed August 17, 2025,
https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attack
12. Excerpt #5: Industrial Cybersecurity Case Studies and Best Practices, accessed
August 17, 2025,
https://gca.isa.org/blog/excerpt-5-industrial-cybersecurity-case-studies-and-bes
t-practices
13. Real-Life Industrial IoT Cyberattack Scenarios – EE Times Europe, accessed
August 17, 2025,
https://www.eetimes.eu/real-life-industrial-iot-cyberattack-scenarios%EF%BB%B
F/
14. Best Practices for MITRE ATT&CK Mapping – CISA, accessed August 17, 2025,
https://www.cisa.gov/sites/default/files/2023-01/Best%20Practices%20for%20MIT
RE%20ATTCK%20Mapping.pdf
15. Top 10 most common vulnerabilities in Industrial Control Systems ICS – negg
Blog, accessed August 17, 2025,
https://negg.blog/en/top-10-most-common-vulnerabilities-in-industrial-control-s
ystems-ics/
16. Is Zero Trust the Right Choice for Operational Technology (OT)?, accessed August
17, 2025, https://instasafe.com/blog/is-zero-trust-right-choice-for-ot/
17. Zero Trust & Enforcing OT Security Inside the Perimeter – Industrial Defender,
accessed August 17, 2025,
https://www.industrialdefender.com/blog/zero-trust-enforcing-ot-security-inside
-the-perimeter
18. Why is Zero Trust Access important in OT? – SSH Communications Security,
accessed August 17, 2025,
https://www.ssh.com/academy/operational-technology/why-is-zero-trust-access
-important-in-ot
19. Six Common Pitfalls to Avoid When Implementing a Zero Trust Model, accessed
August 17, 2025,
https://blog.wei.com/six-common-pitfalls-to-avoid-when-implementing-a-zero-tr
ust-model

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]