This idea is to have the Edge Hub present itself as a PLC/HMI/other OT function. As the Edge Hub isn't part of the customer's production environment, any interaction can be deemed suspicious, and alerts should be fired.
With the Edge Hub logging to Splunk, these alerts would be easy for us to ingest. The customer would be warned early about any malicious activity in their OT/ICS environments.