Manufacturing processes fall broadly into two categories: batch and continuous. Batch processes—pharmaceutical, chemical, food manufacturing—have defined start and stop points, recipes, and product transitions. Continuous processes—steel, petrochemical, water treatment—run 24/7 with minimal interruption, changing only slowly and deliberately. These operational differences drive different security postures.
Many OT security frameworks treat batch and continuous identically, but they have fundamentally different attack surfaces and vulnerability windows. A security program that works for continuous refining may create intolerable operational friction in batch pharmaceutical manufacturing, and vice versa.
Batch Process Security Characteristics
Batch processes have natural start and stop points. Between batches, equipment is idle and validated. This creates "sealing" opportunities: before each batch, confirm that the equipment configuration matches the recipe, that no unauthorized modifications were made during the previous run, and that all sensors and controllers are functioning. This batch-to-batch sealing provides strong security boundaries.
However, batch processes often involve product changeover and recipe uploads. If recipes are controlled in a legacy system or external storage, the changeover creates a vulnerability window. An attacker who modifies a recipe could affect all subsequent batches. Implement strict change control for recipes: version control, approval workflows, cryptographic signing, and audit trails. Some facilities implement "golden masters"—validated recipe copies on read-only media—to prevent unauthorized modification.
Continuous Process Security Characteristics
- Permanent State: Continuous processes are never "off." Equipment runs continuously, and configurations are rarely reset. Security monitoring must be continuous and sensitive to gradual drift: a controller slowly changing setpoints, a sensor drifting out of calibration, or unauthorized access to equipment remotely.
- Slow Changes: Legitimate modifications to continuous processes are gradual: ramping to a new setpoint, adjusting feed rates, recalibrating sensors. Security controls must be designed to detect deliberate attacks while allowing legitimate operational changes.
- Limited Maintenance Windows: Continuous processes cannot tolerate extended downtime for maintenance or security updates. Patching, software upgrades, and equipment replacement must occur in tight windows, often with minimal preparation time.
- Remote Monitoring: Continuous processes often require remote monitoring: operators checking status from control centers, field engineers monitoring assets remotely, and external service providers accessing equipment for diagnostics and maintenance.
Security Design Principles
For batch processes, focus on transition security: validating state between batches, controlling recipe versions and deployment, and detecting unauthorized parameter changes. Implement robust change control that makes unauthorized modifications obvious. Use batch-oriented monitoring: alerting on unexpected recipe changes or sensor readings inconsistent with the current batch.
For continuous processes, focus on anomaly detection and gradual drift detection. Implement equipment baselines: normal operating parameters, normal traffic patterns, normal maintenance schedules. Alert when operations deviate significantly from baseline. Use predictive monitoring: if a sensor is drifting or a controller is degrading, alert before it causes an outage or safety issue.
The operational nature of your process should drive your security architecture. Generic "OT security" frameworks often serve both poorly. We specialize in process-specific security design: batch-oriented controls for manufacturing, continuous monitoring for utilities, and process-appropriate change management for both. Let's discuss your process security posture.
This article was written by the Cascadia OT Security practice, which advises Pacific Northwest data centers and manufacturers on industrial cybersecurity. For engagement inquiries, reach our practice team.