Remote access into OT environments exploded during COVID, and most organizations never stopped to ask whether they got it right.
IT style VPNs, shared credentials, and flat network access are still common in facilities that control physical infrastructure, even though modern OT guidance calls for stricter controls, segmentation, and monitored access paths.
Featured Episode Deep Dive: OT Remote Access
This issue centers on Episode 91: OT Remote Access After COVID: Why IT Tools Fail and What Critical Infrastructure Needs Now.
In that episode, Steve Rutherford from HyperPort joins to break down why traditional IT remote access patterns fail in OT and what a modern, risk driven approach looks like.
Why this episode matters right now: as OT environments become more connected, the tools borrowed from IT are creating silent gaps in protection and incident visibility. Episode 91 walks through where IT tools break down in OT and what a purpose built remote access architecture should look like when safety, reliability, and uptime are the first priorities.
3 Key Takeaways
IT VPNs were not designed for OT. They often provide broad network reach, limited protocol awareness, and a flat path from corporate into critical systems.
Least privilege access is non negotiable. Every remote session into OT should be identity based, scoped to specific assets, time bound, enforced with MFA, and fully recorded.
Visibility gaps kill response. If you cannot see who is connected, through which path, and what commands they run, you cannot manage operational or cyber risk when something goes wrong.
Why You Cannot Just Use RDP, SSH, or VPN Directly
Attackers love VPNs, gateways, and remote access infrastructure because they act as a direct bridge into internal networks.
Guidance like NIST 800-82 and similar OT security frameworks are clear: secure architectures rely on segmented zones and conduits, strong identity controls at boundaries, and monitored jump hosts or access brokers in DMZs, not direct inbound connectivity from corporate networks or the internet.
Direct RDP, SSH, or VPN into OT bypasses those safeguards and creates a flat blast radius from office networks into plants, grids, and industrial assets.
The bottom line is simple. If a user or vendor can jack straight into a PLC network from the internet or from corporate, the architecture is broken.
OT Remote Access Platforms to Know
These platforms go well beyond opening a VPN tunnel and letting someone RDP into a box. They illustrate the kinds of controls OT teams should be demanding when vendors, engineers, and third parties need remote access.
HyperPort
HyperPort is designed for OT and ICS environments and focuses on risk driven remote access instead of static tunnels.
Trust driven controls that evaluate risk during the session, not just at login.
OT and ICS oriented access designed around vendor access, uptime requirements, and safety constraints.
Policy based permissions, identity centric access, and monitoring that support modern OT network architecture.
Why it stands out: instead of dropping a user onto an internal subnet with broad reach, access is mediated through policies, context, and oversight that match OT risk.
Dispel
Dispel provides an OT secure remote access platform built around a Zero Trust engine and moving target defense.
Zero trust controls that grant just in time access with per user identity, not shared VPN credentials.
Moving target defense that rotates paths and infrastructure so attackers cannot rely on fixed, exposed endpoints.
Live session monitoring, logging, and recording for vendor access, investigations, and compliance.
Deployment patterns that fit OT DMZ architectures and help control access into critical zones.
Why it stands out: instead of relying on a single published gateway with long lived tunnels, Dispel uses identity, short lived access, and dynamic infrastructure that is much harder to target.
Xona
Xona's secure access platform provides operational access to critical infrastructure without extending the OT network to the user device.
No traditional VPN tunnels and reduced inbound firewall exposure.
Protocol isolation and session brokering for RDP, VNC, SSH, and web sessions.
Browser based access that simplifies the endpoint and reduces implicit trust.
MFA, credential injection, and session recording to improve control and auditability.
Why it stands out: Xona keeps credentials and protocols inside the gateway tier instead of exposing OT networks or admin credentials to endpoints.
TDI ConsoleWorks
TDI ConsoleWorks provides secure, privileged interactive access across IT and OT with deep command level auditing.
A single controlled connection path between users and endpoints that becomes the enforced perimeter.
Role based and command based permissions that define exactly which assets a user can reach and what they can execute.
Full action logging down to the keystroke for investigations, accountability, and regulatory support.
Why it stands out: rather than handing someone a remote desktop with broad admin rights, ConsoleWorks treats every interaction as a controlled, auditable privileged action.
Waterfall HERA and Hardware Enforced Remote Access
Waterfall Security's HERA combines unidirectional gateway principles with remote access needs, which is why it deserves special attention.
In many high criticality environments, the right answer is not better VPN. It is different physics. HERA is an example of that approach.
Hardware enforced one way flows for monitoring and data extraction, while keeping control networks physically protected.
Remote access patterns that are tightly scoped, highly monitored, and designed so inbound attack paths are not simply closed by policy, but removed at the physical layer.
Architectures that let engineers and vendors do their jobs without exposing the most sensitive OT assets to internet reachable attack surface.
These concepts are unpacked in detail in Episode 81: Data Diodes and Remote Access: How Industrial Systems Stay Secure in a Connected World, which features Waterfall's CEO and dives into what secure by design looks like for remote access in the highest risk environments.
Why OT Needs Different Remote Access Controls
Remote access is one of the highest risk functions in OT, which is why modern guidance highlights secure remote access, least privilege, and monitored jump hosts as core design requirements.
Experience across plants, pipelines, utilities, and manufacturing shows that remote vendor access only works at scale when identity is tied to individuals, MFA is used where feasible, and access is time bound and recorded.
Purpose built OT platforms help deliver:
Identity based, least privilege access instead of broad network level tunnels.
Strong segmentation between corporate, DMZ, and OT zones, with no direct inbound path.
Real time visibility and full audit records, including session and activity logging.
Faster and safer operations than legacy VPN plus RDP models.
This is why just turning on RDP or VPN to the plant is no longer acceptable for critical infrastructure and industrial environments.
If you want to go deeper on remote access, these episodes form a mini series:
Episode 91: OT Remote Access After COVID: Why IT Tools Fail and What Critical Infrastructure Needs Now. HyperPort and modern OT remote access.
Episode 90: Securing Remote Access in OT: Visibility, Segmentation, and What Compliance Misses. How to design OT access zones, logging, and monitoring beyond minimum compliance language.
Episode 81: Data Diodes and Remote Access: How Industrial Systems Stay Secure in a Connected World. Featuring Waterfall's CEO and exploring hardware enforced one way flows and HERA.
Episode 17: Bridging the Security Gap: How HERA Transforms Remote Access in Industrial Environments. An early look at why OT access needs purpose built solutions instead of repurposed IT tools.
Quick Intel Brief
CISA advisories and real world incidents keep proving the same point. Attackers actively target VPNs, gateways, and remote access appliances because they provide direct access into internal networks.
When a remote access gateway is vulnerable, attackers can often steal session cookies, read device memory, or pivot into internal assets in a single move.
If an OT architecture still depends on flat VPN access and unmonitored RDP into plants or critical sites, it is out of alignment with modern guidance and current threat activity.
The question is not whether someone will scan and test those exposed services. The question is whether you will detect and contain them when they do.
Aaron's Take
Many facilities still have dozens of active vendor accounts, shared logins, and remote access tools that nobody has fully inventoried in years.
That is not only a compliance issue. It is a maturity issue.
Remote access in OT should be treated like physical access to the control room. You know who is there, why they are there, and you escort them out when they are done.
With purpose built platforms and clear policy, the digital equivalent is absolutely achievable. Identity based access, time boxed approvals, session recording, and protocol isolation let operations teams support the business without handing out a permanent key to critical systems.
What To Do Next
Map every remote access path into OT, including vendor tools, legacy VPNs, and jump hosts.
Identify where IT style VPN, RDP, or SSH still reaches OT zones and put interim controls in place.
Evaluate at least one purpose built OT remote access platform against your current risk, compliance requirements, and operational needs.
Listen to Episode 91, Episode 90, Episode 81, and Episode 17 with your OT and IT teams and use them as a discussion starter for redesigning your access model.
Question for readers: How are you handling vendor remote access today, and where do you feel the most exposed?
Aaron Crow
aaroncrow.ai
protectitallpod.com
LinkedIn