First, visibility is incomplete by design. Devices are frequently deployed by facilities teams, engineering groups, or third-party integrators rather than security organizations. Asset inventories lag reality. Telemetry is sparse, proprietary, or intermittent. Many devices communicate only during specific operational states, leaving long periods of silence that security tools interpret as usual.
CISA has repeatedly warned that unmanaged devices, limited visibility and legacy operational protocols remain among the most common weaknesses in IoT and OT environments, particularly where systems were never intended to be continuously monitored or centrally governed.
Second, networks are functionally flat even when they appear segmented. Broadcast discovery protocols, shared gateways and centralized controllers undermine isolation assumptions. Devices that never communicate directly can still influence one another through shared infrastructure. Segmentation exists on paper, but coupling persists in operation.
