In August 2025, Jaguar Land Rover suffered what the UK Cyber Monitoring Centre later described as the most economically damaging cyber incident in British industrial history. Attackers exploited a vulnerability in a third-party supplier’s software, moved laterally into JLR’s core production systems, and deployed ransomware that halted manufacturing across three countries for five weeks — an estimated £1.9 billion in damage affecting more than 5,000 businesses in the supply chain.
The attack was enabled by a single architectural condition: the connection between JLR’s business IT systems and its factory operational technology. Without that connection, the ransomware could not have reached the production lines. With that connection, the benefits of IT/OT integration — real-time production data, remote diagnostics, AI-driven quality control — were indistinguishable from a vulnerability.
That is the central tension of IT/OT convergence in 2026. The International Federation of Robotics identifies it as the second of the five global robotics trends defining the year: “The IT/OT convergence breaks down silos, creating a seamless flow of data between the digital and physical worlds, which significantly enhances the capabilities and versatility of robotics.” The same sentence could also read: “IT/OT convergence expands the attack surface that connects corporate network vulnerabilities to factory floor physical systems.”
Both are true. Understanding the tension between them — and how to capture the value while managing the risk — is what this article addresses.
IT and OT: What They Are and Why They Were Kept Separate
Information Technology (IT) and Operational Technology (OT) are not just different departments — they are different engineering traditions with different priorities, different equipment lifecycles, and different failure tolerances. Understanding this distinction is prerequisite to understanding why convergence is both valuable and complex.
Palo Alto Networks defines IT as systems that manage, process, and transmit information — servers, databases, business applications, enterprise networks. OT is systems that monitor and control physical processes and equipment — programmable logic controllers (PLCs), SCADA systems, distributed control systems (DCS), robot controllers, sensors, and human-machine interfaces (HMIs).
The table below captures the structural differences between the two domains:
| Dimension | Information Technology (IT) | Operational Technology (OT) |
| Primary purpose | Manage, process, and transmit business data | Monitor and control physical processes and machines |
| Examples | ERP, CRM, MES, databases, business apps | PLCs, SCADA, DCS, robot controllers, HMIs, sensors |
| Typical lifespan | 3–5 years (hardware refresh cycles) | 15–30 years (industrial equipment lifecycles) |
| Update frequency | Frequent — patches applied within days to weeks | Rare — updates require downtime and re-certification |
| Failure consequence | Data loss, application downtime, financial impact | Production stoppage, safety incidents, physical damage |
| Security priority | Confidentiality → Integrity → Availability (CIA) | Availability → Integrity → Confidentiality (AIC — inverted) |
| Connectivity | Always internet-connected; cloud-native architectures | Historically air-gapped; connectivity now expanding |
| Performance requirements | Throughput and response time | Real-time determinism; latency bounded in microseconds |
| Standardisation | High — TCP/IP, REST, SQL broadly universal | Fragmented — OPC-UA, Modbus, PROFINET, EtherNet/IP coexist |
Sources: Claroty IT/OT Cybersecurity (Feb 2026), TechTarget IT/OT Convergence Definition, Palo Alto Networks, ITECS Manufacturing Cybersecurity Guide (Feb 2026).
The security priority inversion in the table is the most important single difference. IT security follows the CIA triad: Confidentiality first, then Integrity, then Availability. OT security inverts this to AIC: Availability is paramount — a production line that goes down costs money by the minute. Confidentiality is the last concern. Applying IT security tools and practices to OT environments without understanding this inversion is how organisations create new failure modes while trying to reduce risk.
The historical separation was intentional and rational. OT systems ran on dedicated, isolated networks — “air-gapped” from the corporate IT infrastructure. A robot controller running PROFINET had no reason to talk to an ERP system running SAP. The robot did its job; the business system tracked the output separately. The isolation was the security. Industry 4.0, IIoT, and the economic pressure for real-time production intelligence changed that calculus — and opened the door that the JLR attackers walked through.
What Convergence Actually Enables: Seven Capabilities That Did Not Exist Before
The business case for IT/OT convergence is not theoretical. The capabilities it unlocks are commercially proven, documented, and delivering ROI across automotive, electronics, logistics, and process manufacturing globally. The table below maps the primary convergence capabilities to documented examples:
| Capability | How IT/OT Convergence Enables It | ROI Horizon | Real Example |
| Predictive maintenance | Sensor data (OT) fed to ML models (IT) to predict failure before it occurs | 6–18 months | Automotive plants reducing unplanned downtime 30–50% with vibration and temperature analytics |
| Digital twin commissioning | Production line simulated in IT-side digital twin before physical build begins | 12–24 months | ABB RobotStudio + NVIDIA Omniverse: validate entire robot cells before deployment |
| Real-time quality control | Machine vision OT systems feed defect data into IT quality management in real time | 6–12 months | VLA-equipped cobots detecting defects at 98% accuracy vs 95% for traditional inline gauging |
| Adaptive production scheduling | MES (IT) reads live OT machine states to dynamically reschedule around breakdowns | 12–24 months | Siemens Opcenter scheduling cutting changeover time 40% in high-mix manufacturing |
| Remote monitoring & ops | OT equipment accessible via IT cloud platforms for remote diagnostics and control | 3–9 months | Fanuc and Siemens remote monitoring reducing service call costs 25–35% in post-pandemic field ops |
| Robot fleet orchestration | IT-side WES/MES coordinates mixed AMR-human-robot teams using real-time OT state | 12–36 months | KION + Accenture + NVIDIA: physics-accurate warehouse digital twins for fleet training and testing |
| AI model deployment to edge | VLA model updates pushed from IT infrastructure to OT-side Jetson edge modules on robots | 18–36 months | FANUC + NVIDIA Jetson: real-time AI inference embedded in industrial robot controllers at GTC 2026 |
Sources: NVIDIA GTC 2026, SealingTech IT/OT Convergence Guide, IoT Analytics OT Cybersecurity Report 2026, KION / Accenture / NVIDIA partnership announcement.
The digital twin commissioning capability — row two in the table — is the one that most directly reshaped the robotics industry in 2026. At NVIDIA GTC in March 2026, all four of the world’s largest industrial robot manufacturers — FANUC, ABB Robotics, KUKA, and YASKAWA — announced integration of NVIDIA Omniverse and Isaac simulation frameworks into their virtual commissioning workflows. These companies have a combined global install base of over 2 million robots. The announcement that all four are building digital twin commissioning into their standard workflows is an infrastructure change, not a product launch.
What digital twin commissioning means in practice: a robot cell, production line, or entire factory is built in physically accurate simulation before a single physical component is installed. Kinematics are validated, collision scenarios are tested, cycle times are optimised, and VLA models are trained — all before the physical installation begins. ABB’s RobotStudio integration with NVIDIA Omniverse — with HyperReality expected in 2026 — is designed specifically to improve sim-to-real accuracy and reduce the physical commissioning time that currently accounts for a significant share of total robot deployment cost. FANUC’s integration with Isaac Sim, Omniverse, and IGX Thor targets the same outcome: accelerate intelligent automation deployment by validating in simulation before committing to physical installation.
The last row — AI model deployment to edge — is the convergence capability that connects directly to VLA models and the robotics intelligence layer. NVIDIA Jetson modules integrated into FANUC, ABB, KUKA, and YASKAWA controllers enable real-time AI inference at the OT edge — model updates pushed from IT cloud infrastructure to on-robot compute without requiring physical access to the machine. The robot’s intelligence layer is now a software product that can be updated, versioned, and rolled back using IT-side deployment pipelines. That is a fundamental change to the robot’s operational architecture and maintenance model.
“The IT/OT convergence breaks down silos, creating a seamless flow of data between the digital and physical worlds, which significantly enhances the capabilities and versatility of robotics.” — IFR, Top 5 Global Robotics Trends 2026
The Purdue Model: The Architecture That Governed OT Security for Three Decades
To understand why IT/OT convergence creates security challenges, it helps to understand the architecture it disrupts. The Purdue Enterprise Reference Architecture — developed at Purdue University in the early 1990s and formalised in the ISA-95 standard — organises industrial networks into five hierarchical levels:
- Level 0: Physical process — sensors, actuators, motors, the actual machines
- Level 1: Intelligent devices — PLCs, drives, and controllers that directly interface with physical equipment
- Level 2: Control systems — SCADA, DCS, HMIs that supervise Level 1 devices
- Level 3: Manufacturing operations — MES, historians, batch management — the factory-level IT/OT boundary
- Levels 4–5: Enterprise — ERP, business applications, corporate IT infrastructure
The model’s security principle was strict separation between levels, with controlled conduits (data pathways) between zones. Data flowed up from physical processes to enterprise systems in a one-way, controlled manner. Levels 0–3 were the OT world; Levels 4–5 were the IT world. An Industrial DMZ (Level 3.5) acted as the boundary — the January 2026 CISA/NCSC-UK joint guidance on OT connectivity explicitly states: “All connections with the OT environment should be initiated as outbound connections from within the OT environment.” The principle is that IT never initiates connections into OT — only OT pushes data out.
Industry 4.0 and IIoT have broken this model in practice. Cloud platforms connect directly to Level 2 devices for remote monitoring. ERP systems receive real-time data from Level 1 PLCs. AI inference engines in cloud infrastructure send model updates to Level 1 robot controllers. The Purdue hierarchy has not been abandoned — but in many deployments, its conduit controls have been bypassed in the name of operational convenience, and the consequences are measurable.
ISA-95 was updated in 2025 (ANSI/ISA-95.00.01-2025) specifically to address digital transformation pressures — introducing more modular architectures and recognising the increasingly fluid boundary between enterprise and manufacturing domains. The standard is adapting to reality rather than insisting on an ideal that most facilities have already departed from.
The Security Layer: Why IT/OT Convergence Is the Most Targeted Attack Surface in Manufacturing
Manufacturing has been the most cyberattacked sector for the fourth consecutive year. Ransomware incidents surged 61% in 2025, and manufacturing accounts for 14% of all ransomware victims — the largest share of any sector. The targeting logic is simple: manufacturing operations depend on uptime, every minute of production stoppage costs money, and the combination of IT and OT in a single networked environment means an attacker who compromises a corporate laptop can potentially reach a robot controller on the factory floor.
Case study — Jaguar Land Rover (Aug 2025): Attackers exploited a third-party software vulnerability, moved laterally through corporate IT into production systems, and deployed ransomware that halted manufacturing across three countries for five weeks. Estimated damage: £1.9 billion. Vector: IT/OT convergence without adequate boundary controls.
The attack mechanics are consistent across documented incidents. 75% of successful OT attacks cross from IT networks — the attacker enters through a corporate email phishing campaign, a supplier software update, or a remote access credential, then pivots into the OT environment through the converged network. Once inside OT, the consequences are physical: “When ransomware reaches an HMI or a historian server feeding data to PLCs, production lines stop. Sensors go dark. Safety systems may lose visibility into the processes they’re designed to protect.”
The patching problem compounds the risk. The average time to patch an OT vulnerability is 180 days — six times longer than IT systems. OT equipment is difficult to patch because it cannot be taken offline without stopping production, because vendors require re-certification of patched systems, and because many OT assets are running operating systems that no longer receive security updates. The Purdue Model was designed for an era when OT systems were not connected to external networks. That era is over in most manufacturing facilities.
The IoT Analytics OT Cybersecurity Insights Report 2026 identifies five trends reshaping OT security this year: the shift to hybrid (centralised-decentralised) security architecture; the rise of zero-trust microsegmentation; the enduring criticality of firewalls at IT/OT boundaries; AI’s growing role in OT security monitoring; and the new focus on securing AI workloads in OT environments — specifically the challenge of protecting VLA model update pipelines from manipulation.
- 61% surge in manufacturing ransomware incidents in 2025 — GRIT 2026 Ransomware Report — manufacturing = 14% of all victims
- 180 days average time to patch an OT vulnerability — 6x longer than IT — TerraZone Zero Trust / Purdue Model Analysis (Mar 2026)
- 75% of successful OT attacks that originate from IT networks — lateral movement through converged IT/OT environment
The Security Standard That Applies: ISA/IEC 62443
The primary international standard for securing converged IT/OT environments in industrial settings is ISA/IEC 62443 — a multi-part framework covering network architecture, system security requirements, component security requirements, and security management practices. It is the framework referenced in every serious IT/OT security guidance document published in 2025–2026, including the CISA/NCSC-UK joint guidance and the DoD’s November 2025 OT security directive.
ISA/IEC 62443 operates on a zone-and-conduit model directly aligned with the Purdue architecture: the industrial network is divided into security zones with defined trust levels, and conduits — the communication pathways between zones — are strictly controlled. Each conduit has an explicit justification, a defined protocol set, and a monitoring mechanism. The framework provides four Security Levels (SL 1–4) that map the required controls to the consequence severity of a breach in that zone.
For robot manufacturers and integrators deploying AI-driven systems in 2026, the ISA/IEC 62443 implication that is most commonly missed is the secure-by-design requirement for AI model update pipelines. A robot controller that receives VLA model updates over a network connection is a conduit in ISA/IEC 62443 terms — and that conduit requires authentication, integrity verification, protocol restriction, and monitoring. An unsigned, unauthenticated model update pushed from cloud to robot controller is not just a software quality problem; it is a Security Level 1 control failure that creates a direct physical risk on the factory floor.
What Good IT/OT Convergence Architecture Looks Like in 2026
The deployments delivering the best combination of operational benefit and security posture in 2026 share five consistent architectural characteristics.
1. Zero-Trust Microsegmentation at the IT/OT Boundary
Rather than treating the Purdue Level 3–4 boundary as a single firewall, leading deployments implement zero-trust microsegmentation — network zones with individual trust policies, where every connection is authenticated and authorised regardless of where it originates. The DoD’s November 2025 OT security directive defined 105 mandatory and advanced zero-trust activities for OT systems; commercial manufacturing is implementing the same principles. The principle: the JLR attack succeeded because lateral movement was possible across the converged network — microsegmentation limits the blast radius of any single compromise.
2. OPC-UA as the Convergence Protocol
Open Platform Communications Unified Architecture (OPC-UA) has become the de facto convergence protocol for connecting OT equipment to IT systems securely. Unlike legacy OT protocols (Modbus, PROFINET, EtherNet/IP) which were not designed for authenticated, encrypted communication, OPC-UA provides end-to-end encryption, authentication, and authorisation — and has been adopted by every major industrial robotics platform including FANUC, ABB, KUKA, Siemens, and Universal Robots. Deployments that standardise on OPC-UA as the IT/OT communication layer significantly reduce the attack surface compared to legacy protocol environments.
3. Digital Twin as Simulation and Security Test Environment
The digital twin layer — represented most prominently by NVIDIA Omniverse DSX Blueprint announced at GTC 2026 — functions as both a commissioning environment and a security test platform. New robot configurations, software updates, and AI model versions can be validated in simulation before deployment to physical equipment. Security teams can run adversarial scenarios in the digital twin without risk to production systems. For the first time, the same platform that validates robot behaviour before commissioning can validate security posture before deployment.
4. Hybrid (Central–Decentral) Security Architecture
The IoT Analytics 2026 OT security research identifies a shift toward hybrid security architectures: centralised visibility and policy management combined with decentralised edge enforcement. In the context of robot fleets, this means a central security operations centre (SOC) monitoring network traffic, model update integrity, and anomalous robot behaviour — while edge-level controls on Jetson modules and robot controllers enforce local security policies without requiring cloud round-trips. Centralised policy, decentralised enforcement is the architecture that works at the latency requirements of real-time robot control.
5. IT and OT Team Integration
The organisational dimension is as important as the technical one. SealingTech identifies the shortage of hybrid expertise — professionals who understand both enterprise networking and industrial control systems — as “the first challenging step of the convergence journey.” Organisations that have integrated IT and OT security teams — or hired the hybrid experts who can work across both — demonstrate materially better security outcomes than those that treat them as separate functions with separate escalation paths. The JLR attack crossed from IT to OT; the team that could have detected and contained it needed to understand both.
What IT/OT Convergence Means for the Next Generation of Factory Robotics
The convergence of IT and OT is not a background infrastructure story — it is the enabling architecture for every significant capability in modern factory robotics. VLA models cannot be deployed to robot controllers without a secure IT-to-OT software update pipeline. Digital twin commissioning requires OT equipment state data accessible from IT simulation environments. Predictive maintenance requires OT sensor streams analysed by IT-side machine learning. Adaptive production scheduling requires live OT machine state readable by IT-side MES systems.
Jensen Huang’s GTC 2026 statement — “every industrial company will become a robotics company” — is only accurate in the context of IT/OT convergence. A factory where robots are isolated OT assets generating no data that the business systems can act on is not a robotics company; it is a factory with expensive equipment. The intelligence layer — the VLA models, the digital twins, the predictive maintenance, the fleet orchestration — requires the IT/OT integration to exist.
The implication for manufacturers, integrators, and enterprise buyers is that security is not a separate workstream from robotics deployment — it is a prerequisite for it. The Jaguar Land Rover incident is the reference case for what happens when the IT/OT integration is built for operational benefit without equivalent investment in security architecture. The five architectural patterns above are not theoretical best practices — they are the baseline that responsible deployment in a converged environment requires.
The Bottom Line
IT/OT convergence is the technical foundation underneath every major development in factory robotics in 2026 — from digital twin commissioning to VLA model deployment to fleet orchestration. The IFR is correct that it “significantly enhances the capabilities and versatility of robotics.” The same convergence that enables those capabilities creates the attack surface that manufacturing ransomware operators are exploiting at record rates.
The organisations getting this right in 2026 are not choosing between operational benefit and security. They are implementing convergence with zero-trust microsegmentation, OPC-UA protocols, digital twin security testing, hybrid security architecture, and integrated IT/OT teams — building the security layer into the architecture from the start rather than attempting to retrofit it after the production systems are connected. The JLR case demonstrates, with £1.9 billion of precision, that retrofitting is not a strategy.
Key Sources
- IFR — Top 5 Global Robotics Trends 2026: IT/OT Convergence
- The Robot Report — IFR Top 5 Robotics Trends 2026 (Jan 2026)
- NVIDIA Newsroom — Physical AI Leaders Take Robotics to the Real World, GTC 2026
- NVIDIA Blog — GTC 2026 Virtual Worlds Powering the Physical AI Era
- The AI Insider — 10 Robotics Highlights From NVIDIA GTC 2026 (Mar 2026)
- The Robot Report — NVIDIA Collaborates With Global Robotics Leaders (Mar 2026)
- AsoTech — NVIDIA GTC 2026: The CAD–Simulation–Factory Bridge (Apr 2026)
- IoT Analytics — OT Cybersecurity Insights Report 2026: IT/OT Convergence and AI (Jan 2026)
- ITECS — Cybersecurity for Manufacturing: OT/IT Convergence Guide (Feb 2026)
- TerraZone — Zero Trust for the Purdue Model (Mar 2026)
- Palo Alto Networks — What Is IT/OT Convergence?
- Claroty — IT vs OT Security: Key Differences (Feb 2026)
- International Security Journal — IT/OT Security Convergence Complete Guide (2026)
- Industrial Cyber — New ISA-95 Standard Enhances IT/OT Convergence (Apr 2025)
- SealingTech — Covering Your Bases: IT/OT Convergence (Sep 2025)
- CyberPractices — IT and OT Convergence Security Best Practices (Mar 2026)
- Fortinet — What Is the Purdue Model for ICS Security?
- HGTech — IT vs OT Security: Purdue Model, ICS Threats and Hardening (Apr 2026)
