{"id":3060,"date":"2026-02-26T21:27:37","date_gmt":"2026-02-26T21:27:37","guid":{"rendered":"https:\/\/renewasoft.com.tr\/?p=3060"},"modified":"2026-04-17T15:41:26","modified_gmt":"2026-04-17T15:41:26","slug":"ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies","status":"publish","type":"post","link":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/","title":{"rendered":"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text css=&#8221;&#8221;]<\/p>\n<h1>OT\/IT Network Segmentation and Micro-Segmentation<\/h1>\n<p><em>Secure SCADA Architecture for HPPs: Purdue Model, IEC 62443 and Zero Trust<\/em><br \/>\n<strong>Renewasoft | 2026<\/strong><\/p>\n<p><span class=\"level-badge\">Level: Advanced<\/span> \u00a0 Audience: SCADA Engineer, HPP Operator, CTO, Infrastructure Investor<\/p>\n<h1>Introduction: The Security Prerequisite for Digital Transformation<\/h1>\n<div class=\"relative w-full mt-4 mb-1\">\n<div class=\"\">\n<div class=\"relative\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"h-full min-h-0 min-w-0\">\n<div class=\"border border-token-border-light border-radius-3xl corner-superellipse\/1.1 rounded-3xl\">\n<div class=\"h-full w-full border-radius-3xl bg-token-bg-elevated-secondary corner-superellipse\/1.1 overflow-clip rounded-3xl lxnfua_clipPathFallback\">\n<div class=\"relative\">\n<div class=\"pe-11 pt-3\">\n<div class=\"relative z-0 flex max-w-full\">\n<div id=\"code-block-viewer\" class=\"q9tKkq_viewer cm-editor z-10 light:cm-light dark:cm-light flex h-full w-full flex-col items-stretch \u037ck \u037cy\" dir=\"ltr\">\n<div class=\"cm-scroller\">\n<div class=\"cm-content q9tKkq_readonly\">In hydropower operations, efficiency targets are rapidly driving the adoption of real-time monitoring, remote access, centralized reporting, and AI-supported analytics.<\/p>\n<p>Yet this transformation introduces a fundamental architectural challenge: how to enable data-driven operations without compromising the integrity of control systems.<\/p>\n<p>According to NIST SP 800-82r3, security in OT environments must be carefully engineered to align with strict performance, reliability, and safety requirements [1].<\/p><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h2>TL;DR &#8212; Executive Summary<\/h2>\n<div class=\"callout\">\n<ol>\n<li>OT\/IT separation is an architectural reality where IT security practices cannot be directly copied to OT due to latency, determinism and safety requirements<sup>[1]<\/sup>.<\/li>\n<li>Flat networks facilitate lateral movement from IT to OT; dual-homed systems, weak authentication and open remote access channels become pivot points<sup>[5][6]<\/sup>.<\/li>\n<li>The Purdue model + DMZ approach establishes a mandatory enforcement boundary between OT and the corporate network, making data flows auditable<sup>[1]<\/sup>.<\/li>\n<li>Micro-segmentation in Zero Trust architecture implements the never trust, always verify principle through Policy Enforcement Points (PEP) in practice<sup>[2]<\/sup>.<\/li>\n<li>Secure integration requires isolating OT data collection layers via DMZ, jump servers, and micro-segmentation, allowing only strictly controlled data flows.<\/li>\n<\/ol>\n<\/div>\n<h1>Paradigm Shift: IT\/OT Separation Through the Purdue Model<\/h1>\n<p>OT systems (SCADA, DCS, PLC-based topologies) monitor and control physical processes; therefore, security design must address safety and continuity objectives alongside the CIA triad. NIST SP 800-82r3 defines adapting security measures to OT&#8217;s unique performance, reliability and safety requirements as its foundational framework<sup>[1]<\/sup>.<\/p>\n<table>\n<tbody>\n<tr>\n<th>Criterion<\/th>\n<th>IT Network<\/th>\n<th>OT Network<\/th>\n<\/tr>\n<tr>\n<td><strong>Traffic Pattern<\/strong><\/td>\n<td>Variable, user-driven<\/td>\n<td>Deterministic, repeatable, predictable<\/td>\n<\/tr>\n<tr>\n<td><strong>Latency Tolerance<\/strong><\/td>\n<td>Seconds to minutes acceptable<\/td>\n<td>ms-level jitter affects process stability<\/td>\n<\/tr>\n<tr>\n<td><strong>Lifecycle<\/strong><\/td>\n<td>3-5 years, regular updates<\/td>\n<td>15-25 years, legacy devices prevalent<\/td>\n<\/tr>\n<tr>\n<td><strong>Priority Order<\/strong><\/td>\n<td>Confidentiality \u2192 Integrity \u2192 Availability<\/td>\n<td>Availability \u2192 Safety \u2192 Integrity<\/td>\n<\/tr>\n<tr>\n<td><strong>Anomaly Detection<\/strong><\/td>\n<td>Difficult: high variance<\/td>\n<td>Opportunity: deterministic baselining<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"caption\"><em>\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Table 1: IT vs OT Network Characteristics Comparison [1]<\/em><\/p>\n<p>A key challenge of this transformation is that operational data in HPPs no longer remains confined to the control room. Increasingly, data must be transmitted from OT environments to IT and cloud-based systems to support monitoring, analytics, and decision-making processes [13].<\/p>\n<p>The modern threat landscape has demonstrated that the OT\/IT boundary cannot be secured with a single firewall. In the 2015 Ukraine attack, adversaries exploited VPN pathways from the corporate network into OT environments; the absence of strong authentication mechanisms significantly amplified risk, and breaker operations were executed through compromised HMIs [5].<\/p>\n<p class=\"caption\" style=\"text-align: center;\"><em><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3245\" src=\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png\" alt=\"\" width=\"1400\" height=\"900\" srcset=\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png 1400w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-300x193.png 300w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-1024x658.png 1024w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-768x494.png 768w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-350x225.png 350w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-540x347.png 540w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-778x500.png 778w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-622x400.png 622w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1-600x386.png 600w\" sizes=\"auto, (max-width: 1400px) 100vw, 1400px\" \/>Infographic: Purdue Model + IEC 62443 Security Zones and Communication Conduits [1][9]<\/em><\/p>\n<h2>IEC 62443: Security Zones and Communication Conduits<\/h2>\n<p>The most valuable practical contribution of the IEC 62443 approach is thinking of the network not as subnets but as security zones and the communication conduits connecting them. ENISA addresses the zoning\/conduit approach within the framework of deriving security levels based on threat actor profiles<sup>[9]<\/sup>. Designing a conduit means pre-defining which ports\/protocols\/commands will pass between two zones.<\/p>\n<table>\n<tbody>\n<tr>\n<th>Zone<\/th>\n<th>Scope<\/th>\n<th>Critical Assets<\/th>\n<th>Conduit Constraint<\/th>\n<\/tr>\n<tr>\n<td><strong>Zone A: Safety<\/strong><\/td>\n<td>Protection relays, interlocks<\/td>\n<td>SIS, emergency stop, trip<\/td>\n<td>Read-only telemetry output only<\/td>\n<\/tr>\n<tr>\n<td><strong>Zone B: Control<\/strong><\/td>\n<td>PLC\/RTU, field switches<\/td>\n<td>Governor PLC, gate PLC<\/td>\n<td>Only authorized HMI\u2192PLC commands<\/td>\n<\/tr>\n<tr>\n<td><strong>Zone C: Supervisory<\/strong><\/td>\n<td>SCADA, historian, HMI<\/td>\n<td>SCADA server, collector<\/td>\n<td>DPI + ML baseline monitoring<\/td>\n<\/tr>\n<tr>\n<td><strong>Zone D: OT DMZ<\/strong><\/td>\n<td>Jump server, log broker<\/td>\n<td>Bastion, data diode, syslog<\/td>\n<td>MFA + time-based + session recording<\/td>\n<\/tr>\n<tr>\n<td><strong>Zone E: Enterprise<\/strong><\/td>\n<td>ERP, SOC\/SIEM, Cloud<\/td>\n<td>Corporate AD, UI<\/td>\n<td>No direct OT access<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"caption\">Table 2: IEC 62443 Security Zones &#8212; HPP Reference Architecture [1][9]<\/p>\n<h1>Attack Surface Mapping: HPP Vulnerabilities<\/h1>\n<p>To properly design network segmentation, one must first translate the question &#8216;where can attacks originate?&#8217; into an HPP-specific attack surface map. NIST defines OT topologies and components within this framework and lists typical vulnerability classes<sup>[1]<\/sup>.<\/p>\n<div class=\"callout-warn\">\n<p><strong>\u26a0 Technical Note: Vulnerable Areas in HPPs<\/strong><\/p>\n<p><strong>Remote Access (VPN\/RDP):<\/strong>\u00a0The Ukraine attack report highlights that adversaries discovered and exploited VPN connections; absence of 2FA created risk and recommends remote access DMZ\/jump host\/split tunneling shutdown as countermeasures<sup>[5]<\/sup>.<\/p>\n<p><strong>Dual-homed Systems:<\/strong>\u00a0The ICS tactics framework explains that adversaries use default passwords and dual-homed devices for lateral movement. In flat networks, there is no segment barrier<sup>[6]<\/sup>.<\/p>\n<p><strong>Engineering Workstations:<\/strong>\u00a0PLC\/RTU programs, governor setpoints are typically managed from EWS. High-priority attack surface as they are close to OT and require USB\/vendor software<sup>[1]<\/sup>.<\/p>\n<p><strong>Legacy Protocols:<\/strong>\u00a0Some OT protocols were not born with security design. NIST notes that OT firewalls can perform DPI with DNP3\/CIP\/Modbus parsers<sup>[10]<\/sup>.<\/p>\n<p><strong>Bowman Dam Breach (2013):<\/strong>\u00a0Unauthorized access to the Bowman Dam SCADA in the US; water level, temperature and sluice gate status data was compromised. Remediation cost: $30,000+<sup>[12]<\/sup>.<\/p>\n<\/div>\n<h1>Defense Layers and Zero Trust<\/h1>\n<h2>Layered Defense: VLAN \/ Firewall \/ DMZ \/ Jump Server \/ Data Diode<\/h2>\n<table>\n<tbody>\n<tr>\n<th>Layer<\/th>\n<th>Technical Function<\/th>\n<th>HPP Implementation<\/th>\n<\/tr>\n<tr>\n<td><strong>DMZ<\/strong><\/td>\n<td>Blocks direct access from corporate network to OT; centralizes services at a single point [1]<\/td>\n<td>OT gateway, log broker, time sync proxy located in DMZ<\/td>\n<\/tr>\n<tr>\n<td><strong>Jump Server<\/strong><\/td>\n<td>Routes OT access through a single controlled hop point [5]<\/td>\n<td>MFA + time-based + session recording; split tunneling disabled<\/td>\n<\/tr>\n<tr>\n<td><strong>Firewall (DPI)<\/strong><\/td>\n<td>deny-all \/ permit-by-exception; stateful + DPI [10]<\/td>\n<td>OT NGFW: Modbus FC, DNP3, OPC UA parser for command-level filtering<\/td>\n<\/tr>\n<tr>\n<td><strong>Data Diode<\/strong><\/td>\n<td>OT\u2192DMZ unidirectional data flow; physically eliminates C2 channel [1]<\/td>\n<td>All reverse flow physically blocked except critical telemetry<\/td>\n<\/tr>\n<tr>\n<td><strong>VLAN<\/strong><\/td>\n<td>Valuable for initial segmentation; trunk\/routing\/ACL bypass risk [10]<\/td>\n<td>Should be supported with physical separation + enforcement devices where possible<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"caption\">Table 3: Layered Defense Components [1][5][10]<\/p>\n<h2>Zero Trust and Micro-Segmentation<\/h2>\n<p>Zero Trust makes access decisions with least privilege on every request under the assumption that the network may already be compromised. NIST SP 800-207 explains that in micro-segmentation, resources are placed in separate segments and each segment is protected by a gateway\/PEP<sup>[2]<\/sup>. In OT, this means cell\/area-based segments, engineering workstation\u2192PLC program download flows open only during defined maintenance windows, and HMI\u2192PLC commands arriving only through operator role + MFA + designated jump host.<\/p>\n<h3>Deterministic Traffic Baselining<\/h3>\n<p>Traffic patterns in OT networks are far more deterministic than IT. NIST emphasizes that this determinism is critical for anomaly detection with IDS\/IPS\/BAD\/SIEM and recommends tuning sensors in learning mode according to OT traffic<sup>[1][10]<\/sup>.<\/p>\n<h3>Protocol Security: OPC UA and IEC 62351<\/h3>\n<p>The OPC UA security model includes client\/server authentication, X.509 certificates, communication integrity\/confidentiality and audit trail support<sup>[13]<\/sup>. IEC 62351 focuses on communication security for energy control protocols such as IEC 60870-5 and IEC 61850<sup>[14]<\/sup>.<\/p>\n<h1>Technical Risk Scoring Model<\/h1>\n<p>NIST defines risk as a function of impact and likelihood<sup>[3]<\/sup>. NREL&#8217;s VaR framework formulates how risk can be reduced through control implementation level (CI)<sup>[7]<\/sup>:<\/p>\n<div class=\"risk-formula\">VaR = L \u00d7 (1 \u2212 CI_seg) \u00d7 I<br \/>\nL = Event likelihood (0-1) \u00a0|\u00a0 CI_seg = Segmentation maturity (0-1) \u00a0|\u00a0 I = Impact (0-1)<\/div>\n<table>\n<tbody>\n<tr>\n<th>Status<\/th>\n<th>L<\/th>\n<th>CI_seg<\/th>\n<th>I<\/th>\n<th>VaR<\/th>\n<\/tr>\n<tr>\n<td><strong>Baseline (VLAN exists, limited DMZ)<\/strong><\/td>\n<td>0.40<\/td>\n<td>0.20<\/td>\n<td>0.70<\/td>\n<td><strong>0.224<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Target (DMZ+jump+micro-seg+DPI)<\/strong><\/td>\n<td>0.40<\/td>\n<td>0.70<\/td>\n<td>0.70<\/td>\n<td><strong>0.084<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"caption\">Table 4: NREL VaR &#8212; Impact of Segmentation Maturity on Risk Indicator [7]<\/p>\n<p>Segmentation\/micro-segmentation maturity\u00a0<strong>reduces the risk indicator by ~62%<\/strong>\u00a0(0.224 \u2192 0.084). This is not a definitive result; it is a decision-support metric for prioritizing investment<sup>[7][3]<\/sup>.<\/p>\n<p class=\"caption\" style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3251\" src=\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1.png\" alt=\"\" width=\"1400\" height=\"700\" srcset=\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1.png 1400w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-300x150.png 300w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-1024x512.png 1024w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-768x384.png 768w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-350x175.png 350w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-540x270.png 540w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-920x460.png 920w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-730x365.png 730w, https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/seg-gorsel-2-risk-azaltma-1-600x300.png 600w\" sizes=\"auto, (max-width: 1400px) 100vw, 1400px\" \/><em>Infographic: Segmentation Maturity Levels and NREL VaR Risk Reduction Model [7]<\/em><\/p>\n<h1>Case Study: HPP Attack Simulation<\/h1>\n<div class=\"callout-red\">\n<p><strong>\ud83d\udca5 Evidence-Based Background<\/strong><\/p>\n<p><strong>Ukraine 2015:<\/strong>\u00a0Adversaries executed operations not only through malware but by directly using control systems; BlackEnergy\/KillDisk facilitated access and delayed recovery<sup>[5]<\/sup>.<\/p>\n<p><strong>ICS-CERT:<\/strong>\u00a0KillDisk corrupted MBR rendering systems unusable; Windows-based HMIs and serial-to-Ethernet firmware were affected<sup>[6]<\/sup>.<\/p>\n<p><strong>Bowman Dam 2013:<\/strong>\u00a0Unauthorized SCADA access; $30K+ remediation cost<sup>[12]<\/sup>.<\/p>\n<\/div>\n<table>\n<tbody>\n<tr>\n<th>#<\/th>\n<th>Phase<\/th>\n<th>Technical Step<\/th>\n<th>Segmentation Impact<\/th>\n<\/tr>\n<tr>\n<td><strong>1<\/strong><\/td>\n<td><strong>Initial Access<\/strong><\/td>\n<td>Spearphishing to enter corporate network [5]<\/td>\n<td>IT segmentation forms the first barrier<\/td>\n<\/tr>\n<tr>\n<td><strong>2<\/strong><\/td>\n<td><strong>Credential Access<\/strong><\/td>\n<td>Domain credentials + VPN path discovery [5]<\/td>\n<td>MFA + PAM blocks credential harvesting<\/td>\n<\/tr>\n<tr>\n<td><strong>3<\/strong><\/td>\n<td><strong>Pivot (IT\u2192OT)<\/strong><\/td>\n<td>Lateral movement to OT via dual-homed EWS [6]<\/td>\n<td>DMZ + jump server + data diode prevents pivot<\/td>\n<\/tr>\n<tr>\n<td><strong>4<\/strong><\/td>\n<td><strong>Lateral Movement<\/strong><\/td>\n<td>Spreading within OT via RDP\/SMB [6]<\/td>\n<td>Micro-segmentation provides cell-based isolation<\/td>\n<\/tr>\n<tr>\n<td><strong>5<\/strong><\/td>\n<td><strong>Impact<\/strong><\/td>\n<td>Breaker\/gate control, wiper, DoV\/DoC [5][6]<\/td>\n<td>Segmentation hardens steps 3-4, limiting impact<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"caption\">Table 5: Attack Simulation Flow and Segmentation Impact [5][6]<\/p>\n<p>DOE&#8217;s document emphasizes that an HPP cyber incident can affect public safety, critical infrastructure and grid energy distribution<sup>[8]<\/sup>. In a 100 MW HPP, a 4-hour forced outage = 400 MWh loss + market\/imbalance and restart costs.<\/p>\n<h1>Enterprise Integration Approach: Secure OT Data Flow<\/h1>\n<p>Secure integration in HPP environments requires enabling data visibility without compromising control integrity.<\/p>\n<p>This architecture is based on:<\/p>\n<p>\u2022 Read-only data extraction from OT systems<br \/>\n\u2022 Controlled data transfer via DMZ<br \/>\n\u2022 Jump server-based controlled access<br \/>\n\u2022 Micro-segmentation for cell-level isolation<br \/>\n\u2022 Secure protocols such as OPC UA with certificate-based authentication<\/p>\n<p>This approach ensures that data is accessible while maintaining strict control over operational systems.<\/p>\n<h2>DMZ Reference Architecture<\/h2>\n<table>\n<tbody>\n<tr>\n<th>Zone<\/th>\n<th>Components<\/th>\n<th>Security Controls<\/th>\n<\/tr>\n<tr>\n<td><strong>Zone 0-2 (Field\/Control)<\/strong><\/td>\n<td>PLC\/RTU, I\/O networks, turbine-gate control cells<\/td>\n<td>Micro-seg: each cell isolated; DPI for Modbus FC control<\/td>\n<\/tr>\n<tr>\n<td><strong>Zone 3 (Supervisory)<\/strong><\/td>\n<td>SCADA servers, historian, HMI<\/td>\n<td>HMI\u2192PLC only from authorized hosts\/protocols; ML baseline<\/td>\n<\/tr>\n<tr>\n<td><strong>Zone 3.5 (OT DMZ)<\/strong><\/td>\n<td>OT gateway, jump server, log broker<\/td>\n<td>MFA + time-based + session recording; optional data diode<\/td>\n<\/tr>\n<tr>\n<td><strong>Zone 4-5 (Enterprise\/Cloud)<\/strong><\/td>\n<td>SOC\/SIEM, corporate IAM, UI<\/td>\n<td>No direct OT access; controlled flow through DMZ<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p class=\"caption\">Table 6: Integrated HPP OT\/IT DMZ Reference Architecture [1][2][9]<\/p>\n<p>Critical design principle: The\u00a0 OT collector <strong>only collects read-only telemetry<\/strong>; it does not generate control commands. Identity verification is X.509 certificate-based via the OPC UA security model<sup>[13]<\/sup>.<\/p>\n<div class=\"callout\">\n<p><strong>\ud83d\udd0d HPP-Specific AI Capabilities<\/strong><\/p>\n<p><strong>Water Flow Prediction:<\/strong>\u00a0ML model trained on meteorological data (rainfall, snowmelt, temperature), watershed parameters and historical flow records. 72-hour forecast window.<\/p>\n<p><strong>Production Forecasting:<\/strong>\u00a0Integrated forecast combining reservoir level + water flow + turbine efficiency curves + market price signals. Output aligned with EPI\u0130A\u015e DAM\/IDM periods.<\/p>\n<p><strong>Predictive Maintenance:<\/strong>\u00a0Multi-variable anomaly scoring from turbine vibration, bearing temperature, oil quality, winding insulation resistance.<\/p>\n<p><strong>EPI\u0130A\u015e Integration:<\/strong>\u00a0Optimization integrated with DAM\/IDM price signals. Automated bidding, imbalance risk analysis and revenue maximization.<\/p>\n<\/div>\n<h1>Frequently Asked Questions (FAQ)<\/h1>\n<p><strong>Q1: Can VLAN alone provide OT\/IT separation?<\/strong><br \/>\nVLANs are valuable for cost efficiency; however, NIST recommends physical separation and enforcement devices (firewall\/unidirectional gateway) where possible. VLANs can be bypassed through trunk\/routing\/ACL gaps<sup>[1][10]<\/sup>.<\/p>\n<p><strong>Q2: Does micro-segmentation degrade OT latency?<\/strong><br \/>\nIf poorly designed, yes. When selecting PEPs (NGFW\/OT firewall), throughput\/latency tests must be conducted; sensors should be tuned in learning mode; allowlists for critical control flows must be clearly defined<sup>[1][2]<\/sup>.<\/p>\n<p><strong>Q3: What belongs in the DMZ?<\/strong><br \/>\nData collectors, jump host, log broker, time sync proxy. Direct domain controller dependency to OT makes OT dependent on IT reliability<sup>[1]<\/sup>.<\/p>\n<p><strong>Q4: Is DPI necessary for OT firewalls?<\/strong><br \/>\nPort-based filtering is the baseline; command\/function differentiation in OT protocols is critical. NIST recommends DPI-capable firewalls as compensating controls for legacy devices<sup>[10]<\/sup>.<\/p>\n<p><strong>Q5: Should Zero Trust be implemented gradually in OT?<\/strong><br \/>\nYes. First isolate critical assets with micro-segments and control access through jump hosts; then mature the policy engines<sup>[2]<\/sup>.<\/p>\n<p><strong>Q6: How is remote access secured?<\/strong><br \/>\nRemote access should be routed through a jump server within the DMZ, protected by MFA, time-based access controls, and session recording.<\/p>\n<p><strong>Q7: How is segmentation&#8217;s contribution measured?<\/strong><br \/>\nNREL VaR framework: VaR = L\u00d7(1-CI)\u00d7I. Segmentation maturity is scored within CI_seg; as DMZ, jump host, DPI, baselining controls increase, the risk metric decreases<sup>[3][7]<\/sup>.<\/p>\n<h1>Conclusion and Next Steps<\/h1>\n<p>OT\/IT segmentation and micro-segmentation are not only cybersecurity measures in HPPs, but essential components of operational continuity and safety.<\/p>\n<p>A properly designed segmentation architecture reduces attack surfaces, limits lateral movement, and protects critical control systems.<\/p>\n<p>In modern energy infrastructures, security must be treated as a continuously monitored and improved system rather than a static control.<\/p>\n<p>If you would like to learn more about securing critical energy infrastructure and improving OT cybersecurity practices, feel free to contact us:<\/p>\n<p><strong>info@renewasoft.com.tr<\/strong><\/p>\n<p>[\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row][vc_column][vc_column_text css=&#8221;&#8221;] OT\/IT Network Segmentation and Micro-Segmentation Secure SCADA Architecture for HPPs: Purdue Model, IEC 62443 and Zero Trust Renewasoft | 2026 Level: Advanced \u00a0 Audience: SCADA Engineer, HPP Operator, CTO, Infrastructure Investor Introduction: The Security Prerequisite for Digital Transformation In hydropower operations, efficiency targets are rapidly driving the adoption of real-time monitoring, remote access, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1855],"tags":[469,445,439,441,443,471],"class_list":["post-3060","post","type-post","status-publish","format-standard","hentry","category-critical-infrastructure-cybersecurity-and-industrial-systems-security","tag-iec-62443-en","tag-network-segmentation","tag-ot-it-separation","tag-purdue-model","tag-risk-scoring","tag-zero-trust-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies - Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e<\/title>\n<meta name=\"description\" content=\"Architectural foundations of OT\/IT network segmentation and micro-segmentation in HPPs, Zero Trust approach, risk scoring model.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/\" \/>\n<meta property=\"og:locale\" content=\"tr_TR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies - Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e\" \/>\n<meta property=\"og:description\" content=\"Architectural foundations of OT\/IT network segmentation and micro-segmentation in HPPs, Zero Trust approach, risk scoring model.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/\" \/>\n<meta property=\"og:site_name\" content=\"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-26T21:27:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T15:41:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Yazan:\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tahmini okuma s\u00fcresi\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 dakika\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/renewasoft.com.tr\/#\/schema\/person\/10d993efeb2f91dcbbaefb266c7a435c\"},\"headline\":\"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies\",\"datePublished\":\"2026-02-26T21:27:37+00:00\",\"dateModified\":\"2026-04-17T15:41:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/\"},\"wordCount\":1889,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/renewasoft.com.tr\/#organization\"},\"image\":{\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png\",\"keywords\":[\"IEC 62443\",\"network segmentation\",\"OT\/IT separation\",\"Purdue model\",\"risk scoring\",\"Zero Trust\"],\"articleSection\":[\"Critical Infrastructure Cybersecurity and Industrial Systems Security\"],\"inLanguage\":\"tr\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/\",\"url\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/\",\"name\":\"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies - Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e\",\"isPartOf\":{\"@id\":\"https:\/\/renewasoft.com.tr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png\",\"datePublished\":\"2026-02-26T21:27:37+00:00\",\"dateModified\":\"2026-04-17T15:41:26+00:00\",\"description\":\"Architectural foundations of OT\/IT network segmentation and micro-segmentation in HPPs, Zero Trust approach, risk scoring model.\",\"breadcrumb\":{\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#breadcrumb\"},\"inLanguage\":\"tr\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage\",\"url\":\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png\",\"contentUrl\":\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png\",\"width\":1400,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Anasayfa\",\"item\":\"https:\/\/renewasoft.com.tr\/index.php\/tr\/ana-sayfa\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/renewasoft.com.tr\/#website\",\"url\":\"https:\/\/renewasoft.com.tr\/\",\"name\":\"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/renewasoft.com.tr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/renewasoft.com.tr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"tr\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/renewasoft.com.tr\/#organization\",\"name\":\"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e\",\"url\":\"https:\/\/renewasoft.com.tr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/renewasoft.com.tr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2025\/03\/images.jpg\",\"contentUrl\":\"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2025\/03\/images.jpg\",\"width\":225,\"height\":225,\"caption\":\"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e\"},\"image\":{\"@id\":\"https:\/\/renewasoft.com.tr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/renewasoft\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/renewasoft.com.tr\/#\/schema\/person\/10d993efeb2f91dcbbaefb266c7a435c\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/renewasoft.com.tr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/41856038e39e8f2a0cddff7c91fae35b638d4b919a6e7afff13ee17f7bf9dc59?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/41856038e39e8f2a0cddff7c91fae35b638d4b919a6e7afff13ee17f7bf9dc59?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/renewasoft.com.tr\"],\"url\":\"https:\/\/renewasoft.com.tr\/index.php\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies - Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e","description":"Architectural foundations of OT\/IT network segmentation and micro-segmentation in HPPs, Zero Trust approach, risk scoring model.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/","og_locale":"tr_TR","og_type":"article","og_title":"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies - Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e","og_description":"Architectural foundations of OT\/IT network segmentation and micro-segmentation in HPPs, Zero Trust approach, risk scoring model.","og_url":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/","og_site_name":"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e","article_published_time":"2026-02-26T21:27:37+00:00","article_modified_time":"2026-04-17T15:41:26+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png","type":"image\/png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Yazan:":"admin","Tahmini okuma s\u00fcresi":"12 dakika"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#article","isPartOf":{"@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/"},"author":{"name":"admin","@id":"https:\/\/renewasoft.com.tr\/#\/schema\/person\/10d993efeb2f91dcbbaefb266c7a435c"},"headline":"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies","datePublished":"2026-02-26T21:27:37+00:00","dateModified":"2026-04-17T15:41:26+00:00","mainEntityOfPage":{"@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/"},"wordCount":1889,"commentCount":0,"publisher":{"@id":"https:\/\/renewasoft.com.tr\/#organization"},"image":{"@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png","keywords":["IEC 62443","network segmentation","OT\/IT separation","Purdue model","risk scoring","Zero Trust"],"articleSection":["Critical Infrastructure Cybersecurity and Industrial Systems Security"],"inLanguage":"tr","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/","url":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/","name":"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies - Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e","isPartOf":{"@id":"https:\/\/renewasoft.com.tr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage"},"image":{"@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png","datePublished":"2026-02-26T21:27:37+00:00","dateModified":"2026-04-17T15:41:26+00:00","description":"Architectural foundations of OT\/IT network segmentation and micro-segmentation in HPPs, Zero Trust approach, risk scoring model.","breadcrumb":{"@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#breadcrumb"},"inLanguage":"tr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/"]}]},{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#primaryimage","url":"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png","contentUrl":"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2026\/02\/yazilim-gorsel-2-purdue-iec62443-1.png","width":1400,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/renewasoft.com.tr\/index.php\/en\/2026\/02\/26\/ot-it-network-segmentation-and-micro-segmentation-secure-architecture-design-for-energy-companies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Anasayfa","item":"https:\/\/renewasoft.com.tr\/index.php\/tr\/ana-sayfa\/"},{"@type":"ListItem","position":2,"name":"OT\/IT Network Segmentation and Micro-Segmentation Secure Architecture Design for Energy Companies"}]},{"@type":"WebSite","@id":"https:\/\/renewasoft.com.tr\/#website","url":"https:\/\/renewasoft.com.tr\/","name":"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e","description":"","publisher":{"@id":"https:\/\/renewasoft.com.tr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/renewasoft.com.tr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"tr"},{"@type":"Organization","@id":"https:\/\/renewasoft.com.tr\/#organization","name":"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e","url":"https:\/\/renewasoft.com.tr\/","logo":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/renewasoft.com.tr\/#\/schema\/logo\/image\/","url":"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2025\/03\/images.jpg","contentUrl":"https:\/\/renewasoft.com.tr\/wp-content\/uploads\/2025\/03\/images.jpg","width":225,"height":225,"caption":"Renewasoft Enerji ve Yaz\u0131l\u0131m A.\u015e"},"image":{"@id":"https:\/\/renewasoft.com.tr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/renewasoft\/"]},{"@type":"Person","@id":"https:\/\/renewasoft.com.tr\/#\/schema\/person\/10d993efeb2f91dcbbaefb266c7a435c","name":"admin","image":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/renewasoft.com.tr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/41856038e39e8f2a0cddff7c91fae35b638d4b919a6e7afff13ee17f7bf9dc59?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/41856038e39e8f2a0cddff7c91fae35b638d4b919a6e7afff13ee17f7bf9dc59?s=96&d=mm&r=g","caption":"admin"},"sameAs":["http:\/\/renewasoft.com.tr"],"url":"https:\/\/renewasoft.com.tr\/index.php\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/3060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/comments?post=3060"}],"version-history":[{"count":4,"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/3060\/revisions"}],"predecessor-version":[{"id":3476,"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/posts\/3060\/revisions\/3476"}],"wp:attachment":[{"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/media?parent=3060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/categories?post=3060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/renewasoft.com.tr\/index.php\/wp-json\/wp\/v2\/tags?post=3060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}