Client case: Regaining control of OT flows on a hydrogen-related industrial infrastructure
Industrial projects involving hydrogen impose particularly high standards. Safety, reliability and operational continuity are inseparable. DATIVE supports an industrial client specialising in the development of carbon-free hydrogen solutions. Its business relies on sensitive industrial infrastructure subject to stringent technical and regulatory constraints. In this context, industrial cybersecurity cannot be limited to a theoretical or generic approach. It must be finely integrated into the actual operation of the facilities and support operational performance. We are currently supporting this client on key OT cybersecurity issues. Our objective is to provide visibility, secure exchanges and enable informed technical decisions.
A hydrogen industrial environment where infrastructure availability is critical
Hydrogen production facilities address critical challenges, both for operators themselves and for society as a whole. For these reasons, they are considered by ANSSI to be vital infrastructures.
These environments are subject to strong and non-negotiable constraints. Facilities often operate in ATEX zones (Explosive Atmospheres), with very high requirements in terms of safety and operational continuity.
In this context, infrastructure availability takes precedence over all other considerations. Operators frequently rely on proven industrial technologies, sometimes legacy systems. As long as the process operates reliably, the infrastructure is deliberately left unchanged.
The physical security of these sites is generally well addressed. Access control, zoning, operating procedures, and physical protections are well established. Conversely, OT cybersecurity has long been overlooked. Historically, these environments were weakly connected and perceived as isolated. However, OT systems form the core of these installations. PLCs, I/O modules, HMIs, and industrial network equipment (industrial control systems) ensure process control and stability.
Usage has progressively evolved. Even legacy industrial equipment now sends data to remote systems. Hydrogen facilities increasingly rely on remote supervision, Manufacturing Execution Systems (MES), and centralized alarm systems.
This growing interconnection relies entirely on network communications. When OT flows are not controlled, operational visibility quickly degrades. Information losses, unidentified alarms, or inconsistent data complicate operations.
In such critical environments, mastering OT flows becomes essential. It directly determines the availability of supervision systems and the ability to respond quickly to incidents. This is the precise context in which our intervention takes place. Providing a clear visualization of network flows to restore clarity and support operations, without calling existing systems into question.
Communication issues revealing a lack of network visibility
The first alerts came from the field. Technical teams observed intermittent losses of information being reported to supervision tools. Monitoring became unstable. Some data was no longer reliably displayed in the monitoring solution used by operators. The ability to read the actual state of the installations became partial and sometimes inconsistent. In such a sensitive industrial environment, this situation posed a real safety concern, with the loss of operational reference points and decision-support tools.
Teams had to make decisions without having all the necessary information. At this stage, no hypothesis could be ruled out: application issues, network congestion, configuration errors, or unexpected behavior from industrial equipment. Without network visibility, it was impossible to determine the root cause.
We therefore chose a factual approach. Rather than assuming, we observed. In this context, we carried out an OT network inventory and built a flow matrix to understand how equipment actually communicated. The objective was not to secure the environment immediately, but first to identify the origin of communication failures.
By analyzing exchanges, we were able to answer simple questions: which protocols were used, which flows were critical, and what volumes were actually circulating. This step transformed a perceived issue into a measurable one.
OT network inventory: accurately identifying connected equipment
This first step helped structure a reliable view of the existing OT network. We conducted an OT network inventory designed to be directly actionable. Each device was uniquely identified, making it possible to know exactly which asset it was and where it was installed.
Location plays a central role in industrial environments. Building, room, and cabinet information connects each device to its real operational context.
We also classified the nature of each piece of equipment present in this hydrogen production facility. Distinguishing between an HMI, an industrial workstation, or a network component facilitates overall understanding. The inventory also includes connectivity-related information. It describes how each device is connected and integrated into the OT network. These elements make it possible to link devices together and provide a clear view of the actual architecture in place.
Finally, the inventory consolidates complementary technical information. Beyond documentation, it becomes a shared foundation for understanding, analysis, and communication between field teams.
This approach is consistent with the recommendations issued by institutional bodies. The work carried out aligns with the guidance of ANSSI, which promotes better knowledge of industrial systems and their interconnections.
Flow analysis and matrix: understanding real exchanges
Once the scope was clarified, we observed communications under real operating conditions. To do so, we deployed a listening probe to analyze OT flows without impacting operations. This approach makes it possible to see what is actually circulating on the network, beyond theoretical architectures. Protocols in use, exchange frequencies, and frame volumes become visible, whether EtherNet/IP, Modbus, OPC UA, or HTTP communications. Flows essential to process operation can then be clearly distinguished from secondary or non-contributory traffic.
All these observations were then structured into a flow matrix, designed as an operational reading tool for the OT network. This matrix lists each observed communication as a flow linking a source device to a destination device. For each flow, the protocol used is identified, as well as the volume of data exchanged, expressed in bytes. This level of detail makes it possible to precisely understand how information circulates between industrial systems and which communications truly support supervision and remote control.
Beyond listing exchanges, the matrix provides a global view of how the network operates. It highlights the distribution of flows between zones, the concentration of exchanges on certain devices, and the relative weight of each protocol in network activity. A visual summary complements this analysis by illustrating the share occupied by each industrial or application protocol. This representation enables a rapid understanding of dominant usages and the real structure of OT communications.
In a hydrogen industrial environment, this visibility is decisive. It provides a shared understanding of the exchanges that feed supervision, alarms, and remote systems, while preserving the existing setup. The flow matrix thus becomes a reference baseline, facilitating discussions between teams and supporting the management of changes without disrupting infrastructure availability.
Having a structured OT inventory and an actionable flow matrix fundamentally transforms the understanding of an industrial network. Let’s discuss your OT visibility and supervision challenges.
Stabilizing communications without impacting the industrial process
Flow analysis quickly revealed imbalances. Certain exchanges generated unnecessary network load, disrupting supervision. These excessive volumes explained the data losses observed in the monitoring software.
By correcting these behaviors, the situation stabilized. Communication quality improved without modifying the process. This step confirmed an essential point: OT cybersecurity also contributes to performance and reliability.
A long-term relationship embedded in a global industrial cybersecurity strategy
This intervention is part of a long-term support strategy.
We work with our client across several structural levers to strengthen industrial cybersecurity. Each action aims to improve system control without disrupting operations. We notably contributed to clarifying the scope of industrial systems. Environment classification helps structure projects and responsibilities more effectively.
We also supported the hardening of certain industrial systems, based on operational frameworks such as the recommendations of the CIS. These provide a pragmatic foundation to improve configuration consistency and usage without unnecessarily complicating industrial environments.
These actions aim to improve the stability and consistency of existing configurations. Securing communications is also part of this approach. Industrial firewalls were integrated to better control exchanges between zones. In the same spirit, we supported the deployment of secure remote access to provide remote maintenance capabilities while maintaining controlled visibility.
Each building block fits into a coherent logic: the network inventory and flow matrix naturally complement this approach by providing a concrete understanding of how the OT network operates.
This continuity helps align teams and improves clarity in exchanges between operations, IT, and industrial projects. This approach fits within a broader industrial cybersecurity framework. Regulations such as NIS2 reinforce expectations around the control of industrial systems.
The principles applied also align with recognized standards such as IEC 62443, which provides a coherent structure for OT architectures and communications.
Restored visibility to confidently manage industrial projects
The effects of this approach were quickly noticeable. Field teams now have a clear view of the OT network and its exchanges. Supervision teams regained stable and consistent visibility, with information reflecting the real behavior of the installations.
Automation engineers, IT teams, and project managers now speak the same language. Technical decisions are more accurate because they rely on observable, shared, and well-understood elements. When a change is considered, its impact can be anticipated more easily.
The flow matrix serves as a shared reference. It enables technical choices to be discussed on a factual basis. The OT network inventory plays a central role in this dynamic by linking equipment, communications, and operational use cases.
This combination provides real steering capability. It turns the OT network into a controlled asset rather than a constraint.
Conclusion: securing hydrogen projects by mastering OT from the design phase
In hydrogen-related industrial environments, mastering OT is essential. It directly impacts project stability, clarity, and effectiveness. This client case highlights the importance of understanding how the network actually operates. Visibility over equipment and flows becomes a decisive lever. By structuring the OT network inventory and the flow matrix, we delivered this clarity. These efforts are part of a broader, long-term industrial cybersecurity approach.
At DATIVE, we support industrial players with a pragmatic mindset: understanding, structuring, and mastering OT to sustainably support industrial projects.
Looking to gain better visibility over your OT network and improve the management of your industrial projects? Our teams are available to discuss your challenges.
News
A major food industry company engaged DATIVE to regain control over its OT network. Through a full asset inventory and both logical and physical mapping, the site was able to rediscover its true industrial architecture, secure its operations, and strengthen its cybersecurity posture.
In the pharmaceutical sector, industrial cybersecurity is no longer just about protecting sensitive data. It now underpins the reliability of every medicine produced, the continuity of production, and the trust placed by health authorities. Faced with interconnected OT infrastructures, strict regulatory obligations and critical public health stakes, DATIVE supports manufacturers in securing their critical environments and sustainably improving their operational performance.
When an industrial network becomes unstable, pharmaceutical production feels the impact immediately. We were engaged to understand, diagnose, and stabilize an environment where each interruption could jeopardize the production of a vital drug. Here is how our team conducted the network audit for a global pharmaceutical leader to restore performance, stability, and cybersecurity.
A local authority in Savoie operating around twenty wastewater treatment plants (WWTPs) tasked our DATIVE experts with an industrial cybersecurity assessment. Objective: identify OT vulnerabilities, secure the infrastructure, and build a robust action plan to reinforce resilience against cyber threats.
This article presents a comprehensive hardening strategy for obsolete workstations to strengthen your industrial cybersecurity. In industrial environments, we regularly encounter outdated systems (Windows 2000 SP4, XP, 7 or old Windows 10). These systems, although critical in industry, can no longer receive patches: license issues, PLC incompatibilities, or risk of production shutdown.