Author: Sri Sundaralingam, Chief Marketing Officer, Xage Security
Growing Remote Access and Third Party Risks
Industrial Control Systems (ICS) and Operational Technology (OT) are the backbone of critical infrastructure, running essential services like power grids, water treatment plants, and manufacturing facilities. However, new reports, including the latest SANS Critical Infrastructure Strategy Guide and the 2025 OT/ICS Cybersecurity Report by Dragos indicate that the ICS threat landscape continues to grow in sophistication.Some key trends include:
- High-Impact, Low-Frequency Attacks – Adversaries deploy ICS-specific malware (e.g., CRASHOVERRIDE, PIPEDREAM) that can shut down or damage critical operations.
- 87% Increase in Ransomware Attacks on Industrial Organizations – Manufacturing, energy, and utility sectors were heavily targeted, with attacks doubling year-over-year.
- 65% of OT Sites had Insecure Remote Access Configurations – Including unpatched VPNs, misconfigured remote access appliances, and lack of monitoring.
- 40% of ICS Attacks Originated from IT Networks – Despite perceived segregation, compromised IT systems frequently become entry points for ICS breaches.
Given these evolving threats, SANS recommend a Zero Trust approach, emphasizing strict identity-based access controls and network segmentation for secure remote access.
SANS’ Five ICS Cybersecurity Critical Controls
To combat modern ICS/OT threats, SANS outlines five essential cybersecurity controls, each of which is directly aligned with Xage Security’s Zero Trust model:
1. ICS-Specific Incident Response
- Xage provides forensics, analytics, and AI-based tools that can help the incident responders identify the root cause and the blast radius related to an incident.
2. Defensible Control System Network Architecture
- SANS recommends strict segmentation between IT, OT, and the Internet.
- Xage provides a virtual air gap by enforcing multi-hop session termination, ensuring every connection is isolated, authenticated, and authorized. Xage eliminates the need for ICS/OT systems to have direct or indirect connection to the internet.
3. ICS Network Visibility & Monitoring
- Xage provides deep visibility into access logs, user activity, and asset interactions for auditability and compliance.
4. ICS Secure Remote Access
- Xage eliminates VPN risks by providing granular, identity-based remote access that enforces Zero Trust principles.
5. Risk-Based ICS Vulnerability Management
- Many ICS environments cannot patch vulnerabilities due to operational uptime requirements.
- Xage mitigates these risks by controlling access to vulnerable assets and ensuring secure authentication and least privilege enforcement.
How Xage’s Zero Trust Remote Access Aligns with SANS Best Practices
Xage’s Zero Trust Secure Remote Access (SRA) solution directly addresses the top ICS security challenges outlined by SANS:
1. Eliminating VPN and Jump Server Risks
- Traditional VPNs and jump servers expose ICS to all-or-nothing access.
- Xage replaces VPNs with identity-based authentication that limits access to specific assets, not entire networks.
2. Virtual Air Gap (Multi-Hop Session Termination)
- Traditional remote access allows direct connections to OT assets—a major risk.
- Xage provides a virtual air gap by enforcing multi-hop authentication at each network layer, preventing initial access, credential compromise, and lateral movement.
3. Layered Multi-Factor Authentication (MFA)
- Xage applies MFA per site, per session, and per asset, ensuring each interaction is validated.
- Just-in-time access approval reduces persistent attack surfaces.
4. Granular Role-Based Access Control (RBAC)
- No broad access zones—users can only interact with specific devices based on predefined roles.
- Supports multiple identity providers (IdPs) for seamless third-party/vendor access.
5. Secure File Transfer & Session Monitoring
- Xage enables controlled, policy-driven file exchange with malware scanning and full session recording.
- Tamperproof audit logs ensure compliance with regulations like NERC-CIP and IEC 62443.
The Bottom Line: ICS Operators Must Adopt Zero Trust Now
The latest research makes it clear: ICS/OT security must be treated as a business-critical function, not an afterthought. Organizations that rely on outdated VPN-based remote access are leaving themselves open to sophisticated attacks.
As ICS threats escalate, the need for Zero Trust Secure Remote Access has never been greater. Download the SANS First Look Paper on Xage Security to see how industrial enterprises can achieve true Zero Trust Remote Access—without disrupting operations.
