OT Security Without VPN for Production Networks Siemens Presents Sinec Secure Connect: Zero-Trust Platform for Industrial Networks

A new platform from Siemens promises secure OT connections without traditional VPN tunnels. Sinec Secure Connect relies on identity-based end-to-end encrypted connections and places a virtual overlay over existing production networks.

Siemens is launching Sinec Secure Connect, a zero-trust platform for manufacturing. The software creates an overlay network over existing OT infrastructures and connects machines with each other, with the cloud or with data centers. Remote access is controlled and without blanket network permissions. Devices on the store floor remain shielded from the outside, but retain the connectivity required for operation. The solution celebrates its premiere at the it-sa 2025 cybersecurity trade fair in Nuremberg.

The timing is no coincidence: as IT/OT convergence progresses, attack surfaces and the administrative burden in plant networks are increasing. Sinec Secure Connect addresses both. The platform enforces identity-checked connections between authorized endpoints, encrypts traffic end-to-end and enforces fine-grained, rule-based policies. In this way, it prevents lateral movements in the network. At the same time, it streamlines IP-based device management and facilitates compliance with common standards such as IEC 62443.

Virtualized Connections Instead of Tunnels

In contrast to classic VPN architectures, there is no general network penetration. Instead, the platform defines which device is allowed to talk to which service - and a connection is only established for this. A practical side effect: outgoing connections are sufficient for operation. This reduces sources of error in firewalls and simplifies the rollout in plants with strict segmentation. The architecture supports local, cloud and hybrid scenarios, including integrated redundancy for high-availability environments.

According to Siemens, the solution is also compatible with existing systems: Sinec Secure Connect integrates into the Scalance portfolio and extends existing cell protection concepts. Companies can continue to use existing hardware such as Scalance S and Scalance Mum without having to fundamentally change the network topology. A unified platform approach is designed to bundle capital expenditure and reduce operating costs, for example through centralized policies and consistent visibility of connections across facilities, lines and sites.

Outgoing Connections Only: Use Cases and Market Environment

Typical use cases range from machine-to-machine communication in strictly separated cells to machine-to-cloud connections for analysis workloads and machine-to-data center for ERP/MES links. Finely controlled remote access is used for service, limited in time and restricted to specific systems. The overlay reduces the attack surface, especially in brownfield plants, because it does not expose services widely to the network and only opens explicitly permitted paths.

The OT security market is growing. Drivers are the digitalization of production and growing threats to critical infrastructures and factories. Against this backdrop, Siemens is positioning the platform as a building block for secure, resilient networking in the field, with the aim of unbundling rather than complicating security and operational management.

Sinec Secure Connect will be available via the Siemens Xcelerator marketplace. If you want to see the functions and architecture in detail, you can find live demos at the Siemens stand in Hall 7, Stand 421 at it-sa in Nuremberg, where the company will also be showing other components of its OT cybersecurity portfolio, from network components to tools for configuration and compliance. (mc)