OT/ICS Security – Critical Systems Require Unique Credentials

Conventional guidance highly recommends the use of unique credentials for each site and service, including ICS/OT assets, to minimize the risk of compromise. Many cyber threat actors are notorious for leveraging valid credentials to gain unauthorized access. Likewise, when credentials are shared/reused across IT and OT resources, the results can lead to a lot more than data or financial loss and makes the threat actor’s job a lot easier. Both CISA and Dragos have reported on findings that water and wastewater systems are often observed using shared credentials.