Delinea experts outline why privileged access, third-party identities, and visibility gaps are increasing risk across critical infrastructure, and what organisations need to do to strengthen OT resilience.
Identity security is rapidly emerging as one of the most important priorities for organisations operating critical infrastructure and industrial environments. Increased connectivity, remote access requirements, and the growing convergence of IT and operational technology (OT) have created new opportunities for attackers to exploit trusted access pathways into essential systems.
A growing reliance on connected industrial systems, third-party access and digital transformation initiatives formed the backdrop to a webinar hosted by CPI Media Group in association with Delinea, titled From Credentials to Catastrophe: Securing OT Before the Next Colonial Pipeline.
The session featured Andrea Scott, Product Marketing Manager; Alex FitzGerald, Product Marketing Manager; Brance Spradlin, Global Identity Specialist; and Albert Beattie, Senior Technical Partner Manager at Delinea, who examined the changing OT threat landscape and the growing role of identity in securing critical operations.
OT security has become a business issue
Cybersecurity threats targeting industrial environments have evolved significantly over the past decade. Traditional assumptions that OT systems could remain isolated from external threats no longer hold true in a world of remote monitoring, cloud-connected systems, predictive maintenance and third-party support services.
Threat actors continue to exploit the gaps that exist between IT and OT environments. Many organisations still manage these domains separately, creating blind spots that attackers can leverage to move between networks and gain access to critical assets. This reality is driving a shift towards unified governance models that provide a consolidated view of cyber risk across the organisation.Boardrooms are increasingly involved in these discussions because the consequences of a successful attack extend far beyond technology.
Production downtime, supply chain disruption, revenue loss, regulatory scrutiny and safety concerns can quickly transform a cybersecurity incident into a major business continuity event.
Lessons from major cyber incidents
Several high-profile attacks illustrate the risks facing industrial organisations today. The panel referenced incidents such as Triton, which targeted safety systems at a petrochemical facility in Saudi Arabia, Shamoon’s destructive attack on Saudi Aramco, the Colonial Pipeline breach in the United States and the activities of the Volt Typhoon threat group. Each incident demonstrated how trusted access, compromised credentials or poorly governed identities can become entry points into critical environments.
One of the strongest messages from the discussion was that attackers increasingly rely on legitimate credentials rather than sophisticated malware. Valid accounts allow malicious actors to blend into normal operational activity, making detection significantly more challenging.
Put simply, many modern attacks begin not with a breach of the perimeter but with access that appears legitimate.
Identity has become the new control plane
Network segmentation remains an important component of OT security. However, the speakers argued that identity has become the most effective lens through which organisations can understand and manage risk.
Every engineer, contractor, vendor, administrator, application, machine identity and service account represents a potential access pathway. Growth in automation, cloud services and artificial intelligence is accelerating this challenge, creating a rapidly expanding population of non-human identities that require the same level of governance as human users.
Visibility into who has access, what they can do, when they can perform actions and how quickly permissions can be revoked has become essential. Organizations that fail to govern identities consistently across IT and OT environments leave dangerous gaps that can be exploited by attackers.
Third-party access remains a major challenge
Third-party access emerged as one of the most significant concerns discussed during the webinar.
Industrial operations frequently depend on equipment manufacturers, contractors, service providers and maintenance teams that require remote connectivity to critical systems. Many organisations continue to provide access through persistent VPN connections and shared accounts, often with limited oversight once access has been granted.
Problems often arise when vendor relationships end but accounts remain active. Dormant credentials can persist for months or even years, creating unnecessary exposure and expanding the organisation’s attack surface. Limited visibility into vendor activity further compounds the challenge.
According to the panel, stronger governance of third-party access represents one of the fastest and most effective ways to reduce OT identity risk.
Roadmap to stronger OT identity security
Building a mature identity security programme does not require organisations to replace existing infrastructure or undertake disruptive transformation projects.
The speakers described a maturity journey that begins with basic visibility and progresses towards comprehensive governance. Early-stage environments often rely on shared credentials and have limited auditing capabilities. More advanced organisations implement privileged access management, just-in-time authorisation, session monitoring, multi-factor authentication, role-based controls and identity governance processes.
The desired end state is a zero-trust model in which access is granted only when needed, credentials remain protected from users, privileged sessions are monitored and recorded, and permissions are automatically revoked once work has been completed.
Delinea outlined three core pillars for achieving this outcome: protecting privileged credentials, securing remote access through brokered connections rather than traditional VPNs, and providing comprehensive visibility into privileged activity through monitoring, auditing and session recording.
Visibility should come first
A consistent recommendation from all panellists centred on visibility. Organisations need a clear understanding of the identities operating within their OT environments before they can effectively manage risk. Discovery of privileged accounts, vendor access pathways, service accounts and remote sessions provides the foundation for stronger governance and better decision-making.
Quick wins can often be achieved by focusing on high-risk areas such as third-party access and privileged accounts. Improved visibility enables organizations to move from assumptions to evidence-based risk management while creating the groundwork for a broader identity security strategy.
Identity security is no longer solely an IT concern. Modern industrial environments depend on trusted access to maintain operations, support innovation and drive efficiency. Organisations that can govern those identities effectively will be better positioned to protect critical infrastructure, strengthen resilience and reduce the likelihood of the next operationally disruptive cyber incident.
Source: Tahawul Tech


