What's the difference between air-gapped and connected OT networks?

An air-gapped OT network is intended to have no direct connection to other networks or the internet. A connected OT network has one or more links to business systems, suppliers, remote access platforms, cloud services or other external environments.

In practice, many networks described as air-gapped are not truly isolated. Temporary maintenance laptops, USB media, vendor modems, data transfers, wireless links or undocumented connections can create pathways into the environment.

Air-gapped does not mean risk-free

Air gaps can reduce exposure, but they can also create false confidence. Malware can still enter through removable media, laptops, engineering tools or supply chain updates. Isolated systems can also suffer from poor patching, weak account management and outdated documentation.

Connected networks need strong controls

Connected OT networks can support useful capabilities such as remote monitoring, predictive maintenance, data analytics and vendor support. However, they require careful segmentation, access control, monitoring, logging and governance.

The question is not simply whether a network is connected. It is whether the connections are understood, justified, secured and monitored.

How ControlShield can help

ControlShield can review your OT network architecture to confirm whether it is truly isolated, partially connected or highly integrated. We can map communication paths, identify undocumented connections, assess remote access, develop zone and conduit diagrams, and recommend practical controls.

We help replace assumptions with evidence, which is essential for both risk management and compliance.

Ask ControlShield to review your OT network connectivity and identify hidden exposure.