@hacks4pancakes I could imagine a setup with a physical airgap that can be connected for maintenance and then disconnected, but I guess anything like that requires hands and time, and sounds like the industry is "optimizing" that out.
@david42 correct. I have seen remote access that’s connected and disconnected but it’s rarer all the time. It’s mostly just a normal DMZ between IT and the process environment, and those are as good as you make them.
@hacks4pancakes @david42 this kind of setup (OT and IT network separated) is supposed to be the standard in the marine space but I have yet to find a case where there wasn't something bridging the gap. a lot of the time it's intentional (remote monitoring) but it's also not uncommon that a contractor plugged a patch lead between the switches and then forgot to remove it. all the networked gear is serviced on-site by the vendor so rigid change control is borderline impossible.