Securing Remote Access To Mission-Critical OT Assets
HelpNet Security, Tuesday, July 30th, 2024
In this Help Net Security interview, Grant Geyer, Chief Strategy Officer at Claroty, discusses the prevalent vulnerabilities in Windows-based engineering workstations (EWS) and human-machine interfaces (HMI) within OT environments. Geyer also addresses the challenges and solutions for securing remote access to critical OT assets.
What are some of the most common vulnerabilities in Windows-based engineering workstations (EWS) and human-machine interfaces (HMI) within OT environments?
It's critical that we expand the scope of the question from vulnerabilities to exposures. Let me explain: by definition NIST defines a CVE as 'a weakness in the computational logic (e.g., code).' By this definition entire classes of easily exploitable weaknesses that are commonly present in OT assets are excluded. Some examples include weak & credentials, hard-coded credentials, and clear text communication.