← All Updates
EDUCATIONJune 20, 2026

Automation Anatomy: Why OT Security Starts with the Machine

Industrial cybersecurity starts by understanding the control chain behind the screen: sensors, PLC memory, HMI requests, engineering workstations, outputs, and physical process behavior.

A utility plant can look simple from the operator screen.

The HMI shows pumps, valves, tanks, temperatures, alarms, and buttons.

To the operator, the plant appears as a controlled interface.

Inside the system, it is not one device.

It is a chain.

Sensors report the physical process.

The PLC reads those signals.

The program evaluates conditions.

Outputs command equipment.

The HMI displays state and sends operator requests.

The engineering workstation changes logic.

The network carries the data between layers.

Automation is not the screen.

Automation is the control chain behind the screen.

And in industrial cybersecurity, that chain matters.

The PLC Does Not Control Ideas

A PLC controls physical state.

A bit may represent a pump command.

An analog value may represent tank level.

A timer may represent how long a valve has been open.

A fault flag may represent equipment that can no longer be trusted.

This is where many people new to OT make their first mistake.

They look at variables like software values.

But PLC memory is not abstract.

Memory represents machines.

A command bit can energize a motor.

A register can change valve position.

A setpoint can change pressure.

A false sensor value can make the PLC react as if the physical process changed.

In OT, data can become movement.

The Control Chain

A simple control path looks like this:

A level sensor detects water level.

The input module converts that signal into a PLC-readable value.

The PLC stores the value in memory.

The program evaluates the value.

If the level is low, the logic may start a fill pump.

The output module energizes the pump starter.

The pump moves water.

The level changes.

The sensor reports the new state.

This loop is the foundation of automation.

The same model applies to temperature, pressure, flow, motor feedback, valve position, alarms, and interlocks.

The equipment changes.

The chain remains.

The HMI Requests. The PLC Decides.

A strong automation system separates operator request from machine command.

When an operator presses Start Pump, the HMI should not directly energize the output.

The HMI should write a request.

The PLC should check:

  • Is the pump available?
  • Is the system in the correct mode?
  • Is there an active fault?
  • Is the process state valid?
  • Are interlocks clear?
  • Is feedback trustworthy?
  • Is the command allowed by the sequence?

Only then should the PLC command the pump.

Weak systems allow the HMI to write too directly into control memory.

That creates risk.

An exposed HMI is not only a screen risk.

It may become a write path into PLC memory.

Engineering Workstations Are Control Authority Systems

The engineering workstation is not just a programming laptop.

It can open projects, modify logic, download programs, force I/O, monitor live values, change communication settings, and stop or start PLC execution.

That makes it one of the most sensitive systems in the plant.

If an attacker gains engineering access, the question is no longer only:

Can they view the process?

The real question becomes:

Can they change the logic that controls the process?

In OT, engineering access can become process authority.

Trust Boundaries Define the Real Security Model

Industrial systems are built on trust.

The PLC trusts inputs.

The HMI trusts PLC values.

The operator trusts the HMI.

The engineering workstation trusts the project file.

The process trusts outputs.

Security begins by asking where trust exists.

Can any workstation reach the PLC?

Can the HMI write directly to command memory?

Can setpoints be changed without limits?

Can logic be downloaded without approval?

Can outputs be forced?

Can alarms be acknowledged without tracking?

Can false sensor values enter the process model?

When trust is too broad, small access becomes control.

This is the core weakness of many OT systems.

They were built for predictable operation.

Predictability is safety during normal operation.

Predictability is weakness when hostile input enters the chain.

Final Model

Automation is not built from screens.

It is built from connected decisions.

Sensor reports.

PLC decides.

Output moves.

Process changes.

HMI displays.

Operator requests.

Engineering workstation modifies.

Network carries.

Every variable has a physical meaning.

Every command has a consequence.

Every interlock has a reason.

Every alarm has a source.

This is automation anatomy.

And it is where industrial cybersecurity begins.

LABSHOCK SECURITY — OT SECURITY MUST BE TESTABLE, NOT DOCUMENTED