Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

COMMENTARY: When the United States and Israel launched coordinated strikes against Iran on February 28, the security community mobilized around the visible response. I’ve watched that response for two weeks: teams tracking hacktivist DDoS campaigns, incident counts climbing, news coverage following close behind.

Remote access into OT and ICS environments has always carried risk. But the nature of that risk has changed. Threat detections now happen in seconds. Sensors identify anomalous behavior in real time. Identity platforms continuously evaluate trust. SIEM and OT security tools generate rich, contextual alerts instantly. Yet in most environments, access enforcement is still manual. A detection triggers a ticket. A human reviews. A decision is made. Minutes—or hours—pass before action is taken.

TL;DR Xona Platform v5.5 strengthens remote access across distributed OT environments. It introduces session resilience to maintain continuity during network interruptions, expands centralized governance for more consistent access control, and enhances support for constrained or disconnected deployments. In critical infrastructure environments, remote access is not abstract. It supports maintenance windows, emergency response, vendor coordination, and day-to-day operations across distributed sites.

Secure remote access (SRA) is no longer a stopgap or an IT workaround; it’s become foundational to industrial cybersecurity. According to KuppingerCole, demand for SRA in OT and ICS environments is accelerating due to the convergence of IT and OT networks, rising cyber threats, and mounting regulatory pressure. Traditionally, remote access in industrial environments was limited, heavily manual, and often avoided due to risk.

Security incidents and service disruptions are never simple. They are rarely the result of a single mistake, and they don’t only happen to organizations that “did something wrong.” In reality, many of the most capable, well-resourced companies experience them precisely because they operate at scale, under constant pressure, and within complex, interconnected environments.

Remote access has become essential. However, for most industrial organizations, it’s also become the most dangerous blind spot in their cybersecurity posture. The tools many teams still rely on VPNs, jump servers, and shared logins that were never built for today’s OT and IT environments. These legacy systems were designed decades ago, when connectivity was simpler and threats were fewer.

Remote access isn’t optional in critical infrastructure anymore; it’s operationally essential. Whether for maintenance, OEM support, remote field work, or incident response, industrial organizations must enable access to critical systems. But, legacy access methods like VPNs, jump servers, and even agent-based Zero Trust or IT-based remote privileged access management (RPAM) tools all share one dangerous flaw: they implicitly trust the endpoint.

Cyberattacks on operational technology systems increased 87% in 2024 (Dragos 2024), with endpoint access emerging as THE top attack vector for OT and industrial control systems (ICS). This means the same connections vital to maintaining your critical systems, whether a vendor connecting remotely via VPN or an employee logging into a local workstation, represent a potential entry point into your environment.

In today’s connected OT, ICS and CPS world, critical infrastructure organizations have a need to extend remote access to employees, 3rd party contractors, and OEMs. But in the rush to support remote operations, many critical infrastructure operators have exposed their critical systems to a silent but severe risk: the user endpoint.

Xona, the leading provider of secure access solutions for critical infrastructure, is excited to announce a strategic partnership with Oregon Systems, a premier cybersecurity value added distributor specializing in Operational Technology (OT), Critical Infrastructure Security and providing High performance computing (HPC) solutions in the Middle East.