Your Air Gap is a Lie, and Other Inconvenient Truths About Industry 4.0

There’s a drumbeat in the industry. You’ve heard it. You might have seen me talk about it live in my recent webinar

Faster, better, cheaper. Faster, better, cheaper. It’s the soundtrack to every decision, every upgrade, every project plan. And the latest album is called Industry 4.0.

Now, before you roll your eyes at another Gartner-driven buzzword, let’s be real. This isn’t some far-off, sci-fi concept. It’s here, it’s happening, and if you’re in the water industry, it’s knocking on the door of your plant right now.

From Steam Engines to SkyNet (Sort Of)

To understand where we’re going, let’s take a quick trip in the way-back machine.

• Industry 1.0: Steam power. Big, centralised engines with belts running everywhere, mostly making textiles. Think Dickensian England, but with more grime.
• Industry 2.0: Electricity. The steam engines went away, assembly lines appeared, and Henry Ford let you have any color you wanted, as long as it was black.
• Industry 3.0: Automation and computers. This is where most water plants live today. You’ve got PLCs, robots, and SCADA historians doing the heavy lifting. It’s why GM made the most cars ever last year, but employed the most people back in the 1960s. The robots took the jobs.
• Industry 4.0: Cyber-physical systems. This is the new world. It’s about the Industrial Internet of Things (IIoT), AI, big data, and machines talking to other machines at speeds that make our human brains look like a dial-up modem.

The goal is the same — faster, better, cheaper — but the tools are getting a whole lot smarter.

The “Sassification” of Everything and the Death of the Air Gap

For years, the security model for water systems has been simple: the air gap. A beautiful, mythical wall where everything inside is trusted and everything outside is not.

Well, I’m here to tell you your air gap is a lie.

It’s already got more holes in it than a block of Swiss cheese. There’s a jump box here, a cellular modem there, a proxy server over there. And Industry 4.0 is about to detonate what’s left of it. You’ll have sensors in your customers’ homes. Your SCADA historian data won’t just be on-site; it’ll be in the cloud, cross-joined with other datasets to predict maintenance schedules.

This is what I call the “Sassification” of industry. When I was a kid, you could start our tractor with a screwdriver. Today, John Deere won’t sell you a tractor unless it’s 5G-connected, and only they can maintain it. It’s Tractor-as-a-Service. You’re going to see HMI-as-a-Service, PLC-as-a-Service… you get the picture. Siemens won’t even sell certain equipment unless you give them a maintenance contract with remote access.

You’re not in control of this decision. It’s coming.

Your Hybrid Workforce is a Cast of Thousands

When we say “hybrid workforce,” we’re not just talking about your staff working from home thanks to COVID. We’re talking about the reality that your plant is supported by a cast of thousands. You’ve got the system integrator, the equipment manufacturer, the IT staff, the upstream municipality — the list goes on.

The systems are now too complex for one person to understand everything. You need remote hands. The problem is, how do you give them access without handing over the keys to the kingdom?

You can’t use a VPN. That’s like giving someone a 100-foot Ethernet cable and telling them to “just plug into the right port.”. And you absolutely cannot use shared accounts. The average person has 110 passwords. Do you know what else has about that many words? “Wonderwall” by Oasis. Nobody is memorising all their passwords; they’re writing them down and sharing them. That shared “Siemens” account you created is probably on a sticky note in a desk drawer somewhere.

A Better Way: Zero Trust Without the Headache

The answer to this mess is a concept called Zero Trust. It’s not about replacing your firewalls; it’s part of a “defence in depth” strategy. It boils down to three simple pillars:

1. The Who Problem: Identity. You need to know that it is a single person logging in, not a shared account. Let them sign in with their own company’s credentials. You trust that Siemens hired their people properly; you just control what they can do.
2. The What Problem: Authorisation. This needs to be incredibly specific. I’m talking “read-only access to HMI-1 between 6 and 10 PM, but you can’t even see HMI-2.”. This prevents the nightmare scenario where a remote tech accidentally upgrades the wrong line and turns a person into a pancake.
3. The How Problem: Access. Make it dead simple. No installing your janky VPN client that conflicts with their nine other clients. It should be web-based and just work, whether they’re on a laptop in their office or a tablet by the side of the road.

Industry 4.0 is happening. AI is making attackers more powerful and lazier at the same time. The goal isn’t to be on the bleeding edge of technology for its own sake. The goal is to be a quiet, boring, and safe water treatment plant that no one ever hears about. And in this new world, that requires getting smart about who you let through the door– even when the door is digital.