Food industry case study: regaining control of the OT environment through comprehensive inventory and industrial mapping

Context and challenges within a highly automated food-processing environment

Our client: a strategic food industry player based in northern France

The site is one of the main production centers for fish-based products. Each line combines mechanical, thermal, cutting, weighing and packaging operations. These steps are orchestrated by industrial PLCs, HMI interfaces, control modules and supervision stations that communicate continuously.

In such an environment, the slightest network disruption can desynchronize the lines, impact supervision or even cut communication between a PLC and a robot. The impact goes far beyond digital systems. It directly affects production, food safety and the company’s logistical commitments. These food-processing operations run in a just-in-time flow and rely heavily on the availability of OT equipment.

A progressive loss of OT knowledge following team turnover and an IT manager change

Over time, organizational changes and the departure of key personnel resulted in a loss of knowledge of the industrial network. The new IT manager, whose scope now included OT, discovered an environment that was largely undocumented and had become opaque over the years.

The old network diagrams no longer matched reality. Some PLCs added in emergency situations had never been mapped. Other devices had been replaced with newer models without any documentation updates. The maintenance teams had a strong functional understanding of each line, but an incomplete view of network interconnections.

This loss of visibility is one of the most common challenges in mature industrial environments, and our client was no exception.

A major gap between estimated and actual OT assets

When preparing a mission, we always request an estimate of the number of OT assets to scope our intervention. The IT manager at this food-processing plant estimated around 150 devices. The on-site inventory revealed more than 500. A considerable gap, highlighting the magnitude of the documentation loss.

This discrepancy is not only technical — it is strategic. It meant that site management was making decisions based on a partially known environment. Under these conditions, it was impossible to assess asset criticality, plan OT segmentation or prepare for emerging regulatory obligations.

Critical industrial, regulatory and cybersecurity stakes

The food industry is subject to multiple imperatives: production lines must run without interruption to meet demanding cadences, traceability must be guaranteed for sanitary reasons, and cybersecurity must be strengthened to comply with regulatory requirements such as NIS2 and technical frameworks like IEC 62443.

Without a reliable inventory, it becomes impossible to meet these requirements or implement a coherent industrial cybersecurity strategy. The site therefore engaged in a structured approach to regain full visibility of its OT environment.

Initial issues: loss of visibility and operational risks

An OT environment difficult to control without documentation

Teams were dealing with an industrial network whose documentation had vanished over the years. PLCs, HMIs and industrial switches were running properly, but no one could accurately describe how the different elements were connected or what dependencies existed between workshops.

An industrial network without reliable documentation operates in a state of unstable equilibrium. It may run for years without a major incident, but becomes extremely vulnerable in the event of a failure or change.

Unidentified IT/OT interconnections

This plant relied on several IT services used in production, such as MES, recipe systems, quality tools or labelling systems. Yet, no diagram existed describing how these systems interacted with OT. Some flows transited through unexpected networks. Others depended on switches that no one was aware of.

This lack of visibility made each network change risky. A single cable movement could stop an entire production line.

An IT manager confronted with an unfamiliar OT scope

The IT manager suddenly found himself responsible for a domain that was not historically his. The logic of an industrial network differs significantly from that of an office network. The consequences of any action are heavier. Physical constraints and industrial protocols require specific expertise.

Without an inventory or mapping, he was unable to make informed decisions.

Difficulty initiating NIS2 or IEC 62443 compliance

Regulatory texts require clear visibility of assets, zones, flows and dependencies. The site no longer had this information, making it urgent to rebuild this foundational layer. Even though this food-processing site does not intend to seek certification today, establishing solid foundations for cybersecurity deployment was essential.

Our intervention: full inventory, logical mapping and physical mapping

Exhaustive OT asset inventory

We began with an on-site immersion. Line by line, cabinet by cabinet, we identified every industrial device. Our teams documented PLCs, HMIs, switches, local servers, machine vision systems and all OT assets.

For each asset, we recorded its function, IP address, firmware, exact location and operational dependencies. This meticulous work restored an accurate view of the site’s actual OT landscape.

Logical mapping of network flows and architecture

We then reconstructed the logical network architecture. This includes analysis of VLANs, subnets, gateways, supervision flows, inter-workshop communications and IT/OT dependencies.

This logical mapping enables understanding of critical flows, sensitive zones and potential propagation paths. It is an essential foundation to anticipate cyber risks and define segmentation strategies.

Physical mapping of cabinets and connections — a rare expertise

Physical mapping is one of DATIVE’s unique strengths. Very few companies perform this type of work, as it requires on-site expertise, presence in the workshops and a detailed understanding of mechanical and electrical installations.

We physically represented every cabinet, PLC, switch and actual connection. We mapped cables, used ports and dependencies between production lines.

This physical mapping offers significant value to maintenance teams. It enables them to quickly locate failures, avoid accidental disconnections and plan interventions safely.

Cross-analysis and documentation consolidation

All collected data was consolidated into a single repository. This documentation was shared with the IT, OT and maintenance teams to establish a common language and shared understanding of the industrial environment.

Findings: an environment far larger and more complex than expected

More than 500 industrial devices identified

Field reality confirmed the importance of a full inventory. The site actually contained more than 500 OT devices across several workshops and functional zones.

Discovery of undocumented or obsolete assets

Some cabinets still contained decommissioned devices that remained connected. Others housed PLCs whose criticality was unknown. Several firmwares were outdated.

Inconsistent network topologies compared with supplied diagrams

Historical diagrams no longer reflected reality. Some lines depended on switches located in other buildings. Other critical flows transited through segments that should not have been used.

Critical dependencies invisible without physical mapping

The physical mapping revealed dependencies that only field teams suspected. Some devices played a central role without any documentation.

Direct impacts on cybersecurity and OT resilience

Without visibility, security is impossible. The plant was exposed to propagation risks, human errors and unplanned production interruptions.

Recommendations: structure, secure and prepare for compliance

Creation of an up-to-date and maintainable OT asset database

We proposed a simple, clear and usable asset database format for all stakeholders.

Living documentation and update procedures for OT infrastructure changes

We defined the mandatory rules to keep documentation up to date, particularly during maintenance activities or equipment replacements.

IEC 62443-compliant network segmentation plan

With a clear view of the environment, it becomes possible to segment the network into zones and conduits according to the standard’s principles.

Securing IT/OT interconnections

The reconstruction of flows made it possible to identify the points to secure in order to prevent propagation risks in the event of a cyberattack.

Preparation for NIS2 compliance and upskilling of teams

The site now has all the necessary elements to anticipate and prepare for NIS2 compliance.

Conclusion

Restoring visibility is never a simple technical operation. It is a fundamental step in regaining control of an industrial environment that has evolved for years without structured documentation. In this food-processing plant, the absence of a clear reference system prevented sound decision-making. Thanks to the exhaustive inventory and dual logical and physical mapping, the site rediscovered the real structure of its OT architecture.

This renewed understanding revealed dependencies, critical zones and potential risks. The IT, OT and maintenance teams now work from a shared baseline. Decisions are made with a global, documented vision. Industrial performance is strengthened.

Cybersecurity is never just a matter of tools. It is above all a matter of knowledge. And when that knowledge is clear, structured and shared, every action gains precision and effectiveness. This food-processing site now has all the necessary foundations to secure its production tool sustainably, modernize its infrastructure and calmly progress toward NIS2 compliance.

In an industry where every minute counts, this restored visibility is not a comfort — it is a necessity.