TL;DR: Operational systems are now business continuity and safety systems, yet awareness programmes often leave them outside traditional cybersecurity training, creating a gap between cyber risk and plant-floor reality, according to Corsha. The governance issue is not awareness alone but whether teams can secure machine connections and access without adding operational friction.
NHIMG editorial — based on content published by Corsha: cybersecurity awareness for operational systems and critical infrastructure
Questions worth separating out
Q: How should organisations secure machine access in OT environments without slowing operations?
A: Start by identifying which machine connections are actually business-critical, then apply identity-based controls that are automatic, attributable, and revocable.
Q: Why do shared logins create so much risk in operational systems?
A: Shared logins remove attribution, which makes it hard to tell who changed a command, who approved access, or who should be cut off after an incident.
Q: When should teams convert always-on vendor access into scheduled access?
A: Do it whenever external access can reach engineering, supervisory, or production systems and does not need to remain open continuously.
Practitioner guidance
- Map every OT connection to an accountable identity Document which machine, vendor, or operator owns each connection into control systems, and record whether that access is shared, scheduled, or always open.
- Replace shared floor logins with attributable access Phase out common credentials used by multiple operators and maintenance teams.
- Schedule external access instead of leaving it persistent Review every vendor path into engineering workstations and production systems, then convert always-on connectivity into time-bounded access with clear approval and expiry rules.
What's in the full article
Corsha's full blog post covers the operational detail this post intentionally leaves for the source:
- Practical examples for replacing shared logins with access patterns that fit plant operations.
- Operational messaging ideas for getting engineering and maintenance teams to care about cybersecurity.
- A closer look at how automated machine access can reduce friction without eliminating governance.
- Examples of how to explain uptime, safety, and resilience in language OT teams already use.
👉 Read Corsha's article on cybersecurity awareness for OT and critical infrastructure →
OT identity and access: what cybersecurity awareness still misses?
Explore further
OT awareness fails when cybersecurity is framed as an IT control problem instead of an operational identity problem. The article is right to move the conversation toward uptime and safety, because OT teams do not respond to abstract policy language. What matters is whether the identity model fits the way machines, vendors, and control systems actually interact. The practitioner conclusion is that awareness only changes behaviour when it reflects operational reality.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: What is the difference between automation and governed machine identity?
A: Automation simply means a system performs an action on its own. Governed machine identity means that action is tied to policy, ownership, scope, and revocation. In practice, a machine can log in automatically and still be poorly governed if no one can explain why it has access or how to remove it.
👉 Read our full editorial: Operational cybersecurity awareness needs to include OT identity