Securing Industrial Control Systems: Rethinking Privileged Access in OT and SCADA Environments

Get Instant Access to this Content

Learn more about how to secure your business from threats in places you didn't even know existed.

About the session

In IT environments, a security breach means data loss. In OT environments, it can mean equipment damage, production shutdown, or threats to human safety. The security models built for enterprise IT do not translate cleanly to industrial control systems — and applying them incorrectly can cause the very disruptions they are meant to prevent. Drawing on his certified OT/SCADA expertise and federal background, Dr. Smith walked through the privileged access risks specific to ICS and SCADA networks, how threat actors exploit vendor remote sessions and shared device credentials, and how to apply least-privilege principles to OT environments without sacrificing operational continuity.

Key Takeaways

How ICS/SCADA environments differ architecturally and operationally from IT — and why it matters for security
The top privileged access risk vectors in OT: vendor remote sessions, shared credentials, and persistent connections
Why standard IT security controls break in OT environments and what to do instead
Applying least-privilege and session governance to industrial control systems without disrupting operations
Real-world OT breach case studies and the access control failures that enabled them
How organizations are enabling secure, controlled, and auditable remote access to OT environments through Privileged Remote Access (PRA)

Meet the Speakers

Derek A. Smith

Founder, National Cybersecurity Education Center

Derek A. Smith is an expert at cybersecurity, cyber forensics, healthcare IT, SCADA security, physical security, investigations, organizational leadership and training. He is currently an IT Supervisor at the Internal Revenue Service. He is also owner of The Intercessors Investigative and Training Group (www.theintercessorgroup.com). Formerly, Derek worked for several IT companies including Computer Sciences Corporation and Booz Allen Hamilton. Derek spent 18 years as a special agent for various government agencies and the military. He is also a cyber security professor at the University of Maryland, University College and Virginia University of Science and Technology and has taught for over 25 years. Derek is retired from the US Army and also served in the US Navy, and Air Force for a total of 24 years. He is completing his Doctorate Degree in Organizational Leadership and has completed an MBA, MS in IT Information Assurance, Masters in IT Project Management, and a BS in Education. Derek has written several books including Cybersense: The Leaders Guide to Protecting Critical Information, and its companion workbook, and he has contributed to several other books as an author and technical adviser.

Gayatri Karthy

Product Marketing Manager

Gayatri is a Product Marketing Manager at BeyondTrust for Privileged Remote Access. Prior to joining BeyondTrust, she worked across marketing functions, including channel marketing, customer marketing, and product marketing across large multinational corporations and smaller, agile companies. Gayatri currently lives in SF and enjoys traveling, practicing yoga, and watching horror movies in her free time.