Secure remote access design for OT
Remote access is where most OT compromises start. We design vendor and engineering access the defensible way — never straight to plant — and validate it against IEC 62443.
The reference pattern, enforced
Untrusted access terminates at a VPN/firewall, lands in a DMZ broker that enforces MFA and records the session, then reaches OT only through a scoped, time-limited conduit. We design this path and check it automatically.
- VPN terminates in a DMZ, never directly in the control zone
- MFA, encryption and session recording on the access broker
- Scoped conduits with session timeouts (IEC 62443 SR 1.13 / SR 2.6)
Catch the unsafe path
A vendor VPN run straight into turbine or plant control is a classic finding. Synapse models both the compliant and the unsafe pattern, so the risk is visible and the fix is obvious.
Frequently asked questions
How should OT remote access be designed?+
Route untrusted access through a VPN/firewall to a DMZ broker (jump host) that enforces multi-factor authentication and records the session, then into OT only through a scoped conduit. Remote access should never terminate directly in the control zone.
What does IEC 62443 SR 1.13 require?+
SR 1.13 concerns access via untrusted networks: such access must be monitored and controlled. In practice that means terminating in a DMZ, enforcing MFA and encryption, and brokering the connection rather than allowing direct OT access.
Why is a vendor VPN straight into plant a problem?+
It bypasses the DMZ and trust boundary, giving an external party a direct path into the control system. If the vendor is compromised, so is the plant. The fix is to broker the access through a DMZ with MFA and session recording.
Related
Keep exploring
Bring your next site online — secure by design.
Book a demo to see the model-to-evidence loop on your own architecture — or open the live studio now.