Notifications
Clear all
Topic starter
06/06/2026 11:34 am
TL;DR: SCADA systems now connect HMIs, PLCs, RTUs, enterprise platforms, and vendor remote access, which expands attack surface and makes identity governance central to manufacturing cybersecurity, according to Imprivata and IDC. Legacy OT assets and shared access practices turn connectivity into operational risk; isolation is no longer a sufficient control model.
NHIMG editorial — based on content published by Imprivata: SCADA cybersecurity and identity control in manufacturing environments
By the numbers:
- Roughly 50% of manufacturers are still operating legacy OT assets that are more than 15 years old.
Questions worth separating out
Q: How should security teams govern access to SCADA environments across IT and OT?
A: Security teams should govern SCADA access as a single identity problem across operators, engineers, vendors, and connected systems.
Q: Why do legacy SCADA systems increase manufacturing cyber risk?
A: Legacy SCADA systems increase risk because many were built for isolated operation, not modern authentication, segmentation, or vendor connectivity.
Q: What breaks when SCADA vendor access is left persistently enabled?
A: Persistent vendor access breaks accountability, least privilege, and containment.
Practitioner guidance
- Segment SCADA identities by function and zone Separate operator, engineer, vendor, and service access so that HMI, PLC, RTU, and supervisory software privileges do not travel together across trust boundaries.
- Replace shared HMI credentials with attributable access Assign unique accounts to each operator and tie them to defined roles so incident response can reconstruct who accessed which interface and when.
- Put vendor maintenance behind time-bound controls Use vault-mediated credentials, session recording, and explicit expiry for every third-party support path that can touch production systems.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step access control guidance for operators, engineers, and vendors across SCADA environments
- Practical monitoring patterns for HMI, PLC, and RTU traffic in connected manufacturing networks
- Recommended controls for time-bound vendor maintenance and incident recovery in production settings
👉 Read Imprivata's analysis of SCADA cybersecurity and identity controls →
SCADA cybersecurity and identity controls: what teams need now?
Explore further
06/06/2026 12:27 pm
SCADA security is now an identity governance problem, not a perimeter problem. The article’s central point is that connected manufacturing environments no longer behave like isolated control networks. Once HMIs, PLCs, RTUs, enterprise systems, and vendor portals share access paths, the programme has to govern identities, not just devices. Practitioners should treat SCADA as part of the broader access control plane.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: What should manufacturers do when SCADA modernization cannot disrupt production?
A: Manufacturers should modernize SCADA governance in stages, starting with identity controls, network segmentation, and monitored remote access. The goal is to reduce exposure without forcing a production shutdown. Where replacement is not feasible, control the blast radius, narrow the access window, and test recovery paths before an incident makes those decisions for you.
👉 Read our full editorial: SCADA cybersecurity now depends on identity control, not isolation
