Throughout history, societies have protected their most valuable assets by building walls, fortresses, and moats. Whether it was a medieval castle or an ancient city-state, security meant keeping threats on the outside and creating barriers around the things that mattered most.
We took these principles with us as we moved into the digital age, designing network security with firewalls, access controls, and gated perimeters to protect digital assets. Firewalls and network devices became our virtual walls, defining trusted and untrusted zones, and keeping the "bad actors" at the gate. For years, this perimeter-based approach was the primary line of defense in the world of cybersecurity, establishing a digital fortress around systems and data.
But just as history has shown us that walls and borders can be breached, so too has modern cybersecurity taught us that no perimeter is foolproof. As organizations increasingly connect their IT systems to the wider internet and integrate them with Operational Technology (OT) systems, a new breed of threat is emerging.
The security challenges that industrial and critical infrastructure systems face today are far more complex and dire than those in traditional IT environments. Attackers now have the tools and knowledge to breach not just data but systems that keep our lights on, our water flowing, and our cities running. And the stakes are no longer just financial; they're a matter of safety and national security.
Many OT systems are old, built on legacy technology that perhaps predate the internet and modern cybersecurity threats. Upgrading these systems isn't just a matter of software patches or minor updates; often, these legacy systems are incompatible with newer security protocols and practices. Replacing or retrofitting them can be prohibitively expensive and disruptive, requiring shutdowns that can cost millions in lost productivity.
A Virtual Attack Affects Physical Production Lines
The Eberspächer ransomware attack is just one example of how the modern threat landscape is impacting operational technology, disrupting critical systems and costing companies millions. In this incident, the German automotive supplier was forced to halt operations and send employees home for weeks as it worked to restore affected systems.
Other recent attacks underscore the same risks. For instance, Norwegian aluminum producer Norsk Hydro fell victim to the LockerGoga ransomware in 2019, forcing a global shutdown of production lines and incurring losses estimated at $70 million.
Similarly, in 2020, Honda experienced a ransomware attack that disrupted vehicle and engine manufacturing worldwide, revealing how a single breach can impact production on a massive scale. In 2021, JBS Foods, one of the largest meat processors globally, was forced to halt production across North America and Australia, affecting food supply chains and incurring millions in losses.
Even as far back as 2017, Maersk was struck by the NotPetya malware, crippling shipping and logistics operations across its global network and costing the company roughly $300 million to rebuild. These incidents reveal the extent of vulnerability in OT environments, where attacks once aimed at data theft now increasingly target entire production lines, threatening financial stability and the continuity of essential operations.
Focus on Access and Assets
These cases bring us to a crucial question for the executives responsible for protecting these environments. CIOs, CISOs, and security leaders must ask themselves: "Who has access to our critical systems? Who can reach our most sensitive data? Do we truly understand where those systems and data reside?"
In a network of interconnected digital and physical assets, these questions are foundational. In many OT environments, critical systems might include programmable logic controllers (PLCs) that manage complex industrial production lines , human-machine interfaces (HMIs) that monitor and adjust essential variables, or industrial control systems (ICS) that oversee entire production processes.
Additionally, secure access points like SSH servers and Windows jump hosts serve as gateways to these systems, adding another layer of sensitive access that must be managed carefully. The data flowing through these channels—real-time measurements, control commands, and process configurations—is highly sensitive and often irreplaceable, making rigorous control and visibility over these assets essential for robust OT security.
Protecting the Unupgradable
For legacy OT systems that cannot be upgraded, securing access without disrupting operations requires creative approaches that shield these systems from direct exposure. One effective strategy is to encapsulate legacy systems within a Privileged Access Management (PAM) framework, which controls access to critical systems, enforcing stringent permissions and monitoring user activity.
Additionally, because many legacy OT protocols lack native encryption and remain vulnerable to interception, these protocols can be tunneled through strong, even quantum-safe, encryption channels, ensuring data integrity and confidentiality even for sensitive OT communications.
By funneling unencrypted OT traffic through secure tunnels, organizations can protect these essential systems without altering their underlying technology, creating a layer of robust defense around legacy infrastructure that's crucial for safe and compliant operations in today's cybersecurity landscape.
It Starts with Identity
So, what does securing access to these systems and data actually look like? For many IT systems, identity-based access management (IAM) has proven effective. IAM solutions are designed to authenticate users and grant permissions based on predefined roles, allowing organizations to control who can access specific applications or data. This level of access control is typically enough for routine IT use cases, where roles are well-defined and risks are comparatively low. But when we're dealing with critical IT or OT environments, where a single unauthorized access could lead to a plant shutdown or a safety hazard, identity-based access isn't enough. Organizations need a more granular level of control, one that restricts access not just by identity but by specific need, activity, and even time of day.
When Identity Is Not Enough
For privileged access—particularly in OT—an additional layer of control is necessary. Privileged Access Management (PAM) solutions offer just-in-time (JIT) access, allowing permissions to be granted temporarily, on a need-to-use basis.
With PAM, even if a user has legitimate access to an OT system, they don't have a permanent green light to use it whenever they please. This approach minimizes the attack surface by keeping access limited to those who need it, only when they need it.
Furthermore, PAM solutions provide session auditing and monitoring, so that every action within these critical systems can be tracked, reviewed, and, if necessary, interrupted. Additionally, more context-based limitations can be enforced, requiring specific source addresses or time windows for approved access. Newer breed of PAM solutions also employ built-in user entity behavior analytics (UEBA) solutions for filtering abnormal access.
Securing Vendor Access
In multi-vendor OT environments, these types of access controls are especially crucial. A manufacturing plant, for example, may rely on specialized systems from various vendors, each requiring periodic access for maintenance and updates. By implementing a Privileged Access Management (PAM) solution, organizations can grant these vendors temporary access, ensuring they interact only with the specific systems they are responsible for and within a defined timeframe.
However, for PAM to be effective in OT, it must be deployed in a way that respects established network segmentation principles like the Purdue Model or PERA (Purdue Enterprise Reference Architecture). These architectures guide OT networks in creating distinct layers and zones for different system types, helping limit access and interactions across network layers. A PAM solution that aligns with these architectures not only strengthens security but also maintains a clear audit trail, invaluable for post-event analysis and regulatory compliance.
Zero Trust Access
One of the guiding principles that has emerged in this landscape is the concept of Zero Trust—a model that operates under the assumption that every access attempt is untrusted until verified. In IT environments, Zero Trust has become the gold standard, rejecting the outdated idea that anyone or anything inside the network perimeter, or within the castle if you will, can be implicitly trusted. Every user, every device, and every connection must be authenticated and authorized continuously, with permissions tightly controlled and monitored.
Yet in OT, Zero Trust is still emerging as a standard practice. In many ways, this model represents a significant cultural shift for OT environments, where safety, stability, predictability, and uninterrupted operations are paramount. The changes brought on by IT/OT convergence will require OT to adopt the same best practices it has taken years to develop on the IT side.
Cybersecurity is one area where OT can really benefit from IT/OT convergence.
As the cyber threat landscape continues to evolve, the need for Zero Trust in OT environments is becoming undeniable. Zero Trust isn't just about verifying every access attempt; it's about embracing a mindset that views security as an ongoing process. With a Zero Trust framework in place, organizations can ensure that only the right people, at the right time, under the right conditions, are able to access critical systems and data. This model doesn't just secure OT networks; it helps organizations proactively defend against breaches before they happen. It helps us to move from post-mortem analysis to proactive prevention.
The benefits of this approach go beyond merely protecting the bottom line. In OT environments, security isn't just about dollars and cents; it's about operational safety, public safety and even national security. These are not hypothetical threats; they're real threats that we've already seen play out in various forms. Securing OT environments ensures the safety of the organizations that rely on these systems, the people who operate and benefit from them, and even the nations that depend on their continued functionality.
Go for Access Controls Beyond Firewalls, VPNs and Identities
In conclusion, while the shift from perimeter-based security to identity-based access control has been an essential development in the cybersecurity world, it's only the beginning. As we move toward a zero-trust future, organizations must go beyond identity alone to ensure that access to critical OT systems is as secure, controlled, and auditable as possible.
PAM solutions with JIT access, session monitoring, and multi-vendor access controls offer the tools organizations need to protect their most valuable and vulnerable systems. By embracing Zero Trust in both IT and OT, companies can safeguard their operations in a world where the stakes have never been higher. The transition may be challenging, but in the end, it's not just about protecting assets—it's about ensuring the safety and stability of our interconnected world.
Check out our PrivX OT Edition for your IT/OT security needs.
About the Author: Miikka Sainio has been with SSH since 2016 when he joined as the Head of UX to consolidate and improve the SSH product user experience. Later on, he moved to work as the principal architect and product owner for SSH PrivX Privileged Access Management solution. As a solutions architect, Miikka has worked with building and coordinating large, international software and service development teams in launching massive consumer products. Miikka has a 25-year history of developing software and services in companies ranging from small startups to Nokia. Product usability and user happiness are close to Miikka's heart, and he has found that the most enticing and positively disruptive product opportunities stem from the intersections of established real-world operational models and the opportunities made possible by digitalization.
Miikka Sainio — Chief Technological Officer at SSH https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilKCzFeM_t63Zs_OCxgEgofKwqdS66rGt0oE14Jgkw2xFl5D8s4Qye3aEQBBu6Ra9dzYkYhLglCRK2-YLrmz4cW9e7HYMs4Hh72n3CczOyCTmmq33r0JFcCsNWUjija4K9s25gLq0mk4lYje5GxbLjFmo3-5xPaBSPmC16l2JWU47mPsofmR8iWeFM7jr2/s100-rw-e365/image.png