<script type="application/ld+json">
{
 "@context": "https://schema.org",
 "@graph": [
   {
     "@type": "FAQPage",
     "mainEntity": [
       {
         "@type": "Question",
         "name": "Why is patching no longer enough for OT cybersecurity?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "Patching cannot eliminate every OT vulnerability because new flaws are discovered continuously, many industrial systems cannot be updated without downtime, and exploits remain available even after fixes are released. OT organizations need security controls that reduce exposure regardless of a device’s patch status."
         }
       },
       {
         "@type": "Question",
         "name": "What makes legacy OT security tools vulnerable?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "Legacy VPNs, firewalls, jump servers, and remote access systems often expose public IP addresses, open ports, credentials, or identifiable services. Attackers can target these security products directly, exploit their vulnerabilities, or use stolen credentials to reach operational systems."
         }
       },
       {
         "@type": "Question",
         "name": "What is network cloaking?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "Network cloaking makes OT systems, services, and network resources undiscoverable to unauthorized users. Attackers scanning the network cannot identify exposed devices, open ports, or available services, significantly reducing opportunities for reconnaissance and exploitation."
         }
       },
       {
         "@type": "Question",
         "name": "How does network cloaking protect unpatchable OT systems?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "Network cloaking hides legacy PLCs, HMIs, servers, and other industrial assets behind a software-defined security layer. Because unauthorized users cannot discover or connect to the systems, known and unknown vulnerabilities become much harder to exploit."
         }
       },
       {
         "@type": "Question",
         "name": "Can network cloaking replace OT patching?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "Network cloaking does not eliminate the need for all patching, but it reduces the urgency and operational risk associated with constant patch cycles. Organizations can test and deploy patches according to operational requirements while cloaking limits exposure in the meantime."
         }
       },
       {
         "@type": "Question",
         "name": "Why is passwordless MFA important for OT security?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "Passwordless MFA removes reusable passwords that can be stolen through phishing, credential stuffing, vishing, or data breaches. Access is granted only after verifying an authorized user and device, reducing the risk that compromised credentials will expose OT systems."
         }
       },
       {
         "@type": "Question",
         "name": "How do software-defined perimeters improve OT security?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "A software-defined perimeter creates encrypted, identity-based connections between authorized users and approved resources. It removes publicly exposed entry points and prevents users from seeing or accessing systems outside their assigned permissions."
         }
       },
       {
         "@type": "Question",
         "name": "How does network cloaking help defend against AI-powered attacks?",
         "acceptedAnswer": {
           "@type": "Answer",
           "text": "AI can accelerate scanning, vulnerability discovery, phishing, and exploit development. Network cloaking denies AI-powered tools the visibility and reconnaissance data they need to identify targets, while passwordless authentication reduces credential-based attack opportunities."
         }
       }
     ]
   },
   {
     "@type": "HowTo",
     "name": "How to Move from Patch-and-Pray to Network Cloaking",
     "description": "A step-by-step process for reducing OT cybersecurity risk by combining network cloaking, passwordless MFA, least-privilege access, microsegmentation, and risk-based patching.",
     "step": [
       {
         "@type": "HowToStep",
         "position": 1,
         "name": "Identify exposed OT assets",
         "text": "Inventory PLCs, HMIs, historians, engineering workstations, remote access systems, VPNs, firewalls, and jump servers. Determine which assets expose IP addresses, open ports, login pages, or remotely accessible services."
       },
       {
         "@type": "HowToStep",
         "position": 2,
         "name": "Prioritize unpatchable and high-risk systems",
         "text": "Identify systems that cannot be patched frequently because of production requirements, vendor restrictions, unsupported operating systems, or the risk of operational downtime. Prioritize these assets for additional protection."
       },
       {
         "@type": "HowToStep",
         "position": 3,
         "name": "Remove direct internet exposure",
         "text": "Eliminate unnecessary public IP addresses, inbound firewall rules, exposed remote desktop services, and publicly discoverable VPN gateways. Require all remote connections to pass through a controlled Zero Trust access layer."
       },
       {
         "@type": "HowToStep",
         "position": 4,
         "name": "Deploy network cloaking",
         "text": "Place a software-defined security overlay in front of critical OT systems. Configure it so unauthorized users and devices cannot scan, discover, or initiate connections to protected assets."
       },
       {
         "@type": "HowToStep",
         "position": 5,
         "name": "Replace passwords with phishing-resistant authentication",
         "text": "Implement passwordless MFA using biometrics, trusted devices, security keys, or cryptographic identity verification. Require authentication before users can see or connect to OT resources."
       },
       {
         "@type": "HowToStep",
         "position": 6,
         "name": "Apply least-privilege access",
         "text": "Grant each employee, contractor, or vendor access only to the systems required for their role. Prevent users from browsing the broader OT network or moving laterally between systems."
       },
       {
         "@type": "HowToStep",
         "position": 7,
         "name": "Microsegment critical OT resources",
         "text": "Create software-defined segments around production lines, control systems, remote maintenance environments, and legacy devices. Restrict communication between segments to explicitly authorized traffic."
       },
       {
         "@type": "HowToStep",
         "position": 8,
         "name": "Continue patching based on operational risk",
         "text": "Test and deploy patches when they can be applied safely, but do not depend on patching as the primary defense. Use cloaking, segmentation, and identity-based access to protect systems before, during, and after the patch process."
       },
       {
         "@type": "HowToStep",
         "position": 9,
         "name": "Test whether protected systems are discoverable",
         "text": "Use authorized scanning and penetration testing to confirm that cloaked assets, ports, and services are invisible to unauthorized users. Review access policies regularly as personnel, vendors, and infrastructure change."
       },
       {
         "@type": "HowToStep",
         "position": 10,
         "name": "Monitor and refine access policies",
         "text": "Track authentication attempts, connection requests, policy changes, and unusual activity. Revoke access immediately when employees change roles, vendors complete their work, or devices no longer meet security requirements."
       }
     ]
   }
 ]
}
</script>

June 4, 2025
July 6, 2026
 —  
Blog

The “Mythos” Reality: Why the Patching Treadmill Just Broke

The “Mythos” Reality: Why the Patching Treadmill Just Broke

If you follow me, you know that I’ve been diving deep into the “Mythos” of digital repression: the belief that we can somehow contain, recall, or suppress a digital threat once it’s been unleashed. The research is in, and my conclusion is sobering: Digital technology cannot be repressed. In the OT world, we’ve been living in a collective fantasy. We’ve treated security like a game of Whack-A-Mole, believing that if we just “patch” fast enough, we can stay ahead.

Patching is a dead strategy.

Here’s three reasons why:

1. The Myth of the “Recall”

In the physical world, if a valve is faulty, you replace it. In the digital world, once a vulnerability (or the tool to exploit it) is discovered, it is immortal. The “Mythos” research proves that even when “fixes” are released, the original exploit remains in the wild, perfected by AI, and accessible to anyone with a laptop. You aren’t patching a hole; you’re trying to stop a flood with a screen door.

2. Legacy Security is Part of the Problem

The most dangerous realization? It’s not just your PLCs and HMIs that are vulnerable; it’s the very “security” products you bought to protect them.

  • Your legacy VPNs? Vulnerable. * Your traditional firewalls? Full of holes. * Your “jump boxes”? Primary targets. We are seeing a massive surge in attackers targeting the defensive layer itself. Patching your legacy security stack is like trying to fix a wooden shield while it’s already on fire.

Fortibleed anyone?

3. The Math Simply Doesn’t Work

Over 25,000 new vulnerabilities are discovered every year. In a complex manufacturing or utility environment, the downtime required to patch every “critical” CVE would result in zero productivity.

The hard truth: If your security strategy depends on your ability to update software faster than a nation-state can find a bug, you have already lost.

The Shift: From “Patching” to “Invisibility”

If we accept that digital threats cannot be repressed and that everything has vulnerabilities, then the only logical move is to hide the target.

We have to move beyond the “Patch-and-Pray” model and embrace Network Cloaking.

  • Don’t patch the door; make the door invisible.
  • Don’t trust the user; move to true Passwordless MFA.
  • Don’t rely on legacy stacks; adopt software-defined perimeters that don’t have a public IP to attack.

The mouse has the cheese, and it has taken over the house. It’s time to stop trying to catch it and start changing the locks.

Frequently Asked Questions

Why is patching no longer enough for OT cybersecurity?

Patching cannot eliminate every OT vulnerability because new flaws are discovered continuously, many industrial systems cannot be updated without downtime, and exploits remain available even after fixes are released. OT organizations need security controls that reduce exposure regardless of a device’s patch status.

What makes legacy OT security tools vulnerable?

Legacy VPNs, firewalls, jump servers, and remote access systems often expose public IP addresses, open ports, credentials, or identifiable services. Attackers can target these security products directly, exploit their vulnerabilities, or use stolen credentials to reach operational systems.

What is network cloaking?

Network cloaking makes OT systems, services, and network resources undiscoverable to unauthorized users. Attackers scanning the network cannot identify exposed devices, open ports, or available services, significantly reducing opportunities for reconnaissance and exploitation.

How does network cloaking protect unpatchable OT systems?

Network cloaking hides legacy PLCs, HMIs, servers, and other industrial assets behind a software-defined security layer. Because unauthorized users cannot discover or connect to the systems, known and unknown vulnerabilities become much harder to exploit.

Can network cloaking replace OT patching?

Network cloaking does not eliminate the need for all patching, but it reduces the urgency and operational risk associated with constant patch cycles. Organizations can test and deploy patches according to operational requirements while cloaking limits exposure in the meantime.

Why is passwordless MFA important for OT security?

Passwordless MFA removes reusable passwords that can be stolen through phishing, credential stuffing, vishing, or data breaches. Access is granted only after verifying an authorized user and device, reducing the risk that compromised credentials will expose OT systems.

How do software-defined perimeters improve OT security?

A software-defined perimeter creates encrypted, identity-based connections between authorized users and approved resources. It removes publicly exposed entry points and prevents users from seeing or accessing systems outside their assigned permissions.

How does network cloaking help defend against AI-powered attacks?

AI can accelerate scanning, vulnerability discovery, phishing, and exploit development. Network cloaking denies AI-powered tools the visibility and reconnaissance data they need to identify targets, while passwordless authentication reduces credential-based attack opportunities.

How to Move from Patch-and-Pray to Network Cloaking

1. Identify exposed OT assets

Inventory PLCs, HMIs, historians, engineering workstations, remote access systems, VPNs, firewalls, and jump servers. Determine which assets expose IP addresses, open ports, login pages, or remotely accessible services.

2. Prioritize unpatchable and high-risk systems

Identify systems that cannot be patched frequently because of production requirements, vendor restrictions, unsupported operating systems, or the risk of operational downtime. Prioritize these assets for additional protection.

3. Remove direct internet exposure

Eliminate unnecessary public IP addresses, inbound firewall rules, exposed remote desktop services, and publicly discoverable VPN gateways. Require all remote connections to pass through a controlled Zero Trust access layer.

4. Deploy network cloaking

Place a software-defined security overlay in front of critical OT systems. Configure it so unauthorized users and devices cannot scan, discover, or initiate connections to protected assets.

5. Replace passwords with phishing-resistant authentication

Implement passwordless MFA using biometrics, trusted devices, security keys, or cryptographic identity verification. Require authentication before users can see or connect to OT resources.

6. Apply least-privilege access

Grant each employee, contractor, or vendor access only to the systems required for their role. Prevent users from browsing the broader OT network or moving laterally between systems.

7. Microsegment critical OT resources

Create software-defined segments around production lines, control systems, remote maintenance environments, and legacy devices. Restrict communication between segments to explicitly authorized traffic.

8. Continue patching based on operational risk

Test and deploy patches when they can be applied safely, but do not depend on patching as the primary defense. Use cloaking, segmentation, and identity-based access to protect systems before, during, and after the patch process.

9. Test whether protected systems are discoverable

Use authorized scanning and penetration testing to confirm that cloaked assets, ports, and services are invisible to unauthorized users. Review access policies regularly as personnel, vendors, and infrastructure change.

10. Monitor and refine access policies

Track authentication attempts, connection requests, policy changes, and unusual activity. Revoke access immediately when employees change roles, vendors complete their work, or devices no longer meet security requirements.

OT Secure Remote Access
Network Cloaking
Network Segmentation

REvil’s Kaseya attack showed how trusted tools can become attack paths. BlastWave explains why Zero Trust and network cloaking protect OT environments worldwide.

Explore the complete analysis of 23 OT attacks that defeated firewalls, VPNs, and air gaps.