Our teams concerns regarding VPNs
Both traditional PC-based VPNs and newer hardware VPNs have limitations when it comes to OT networks. Once a VPN connection is established within perimeter protections, it has overly broad access to the network, negating the intentions of the firewall protections. Maintaining granular policies becomes complex, leading to misalignments with the original design over time.
Mature cybersecurity teams understand these risks and sometimes resort to air-gapping devices entirely to prevent compromised remote devices from spreading contamination to the protected OT network. However, these requirements burden the operations team and can limit the opportunities for data collection and real-time monitoring.