BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//bsides-ot-uk-2025//talk//W3GSMN
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-bsides-ot-uk-2025-W3GSMN@pretalx.com
DTSTART;TZID=GMT:20260410T100000
DTEND;TZID=GMT:20260410T102000
DESCRIPTION:Remote access keeps OT environments running\, but it also conce
 ntrates risk. Many incidents do not start with a sophisticated Programmabl
 e Logic Controller (PLC) exploit. They start at the “front door”: vend
 or VPNs\, jump hosts\, shared support accounts\, and rushed identity check
 s during outages. According to the SANS State of ICS/OT Security 2025 find
 ings\, about half of ICS/OT incidents begin with unauthorised external acc
 ess\, often through third-party remote maintenance.\n\nThis 20-minute talk
  shows how to secure OT remote support without breaking production. Using 
 a simple “front door path” diagram (Vendor → Remote Access → Jump 
 Host → Engineering/HMI)\, we cover two repeatable failure areas: 1) remo
 te access pathways that become broader or more permanent than intended\, a
 nd 2) identity/support workflows that expand access under operational pres
 sure. For each\, we pair the risk with practical controls that work in leg
 acy OT environments: time-boxed vendor access\, least-privilege support id
 entities\, and a safety-aware “normal vs emergency” access lane that p
 reserves availability while improving accountability.\n\nWe close with thr
 ee high-fidelity monitoring signals you can implement even in legacy OT en
 vironments: authentication anomalies\, interactive remote logons\, and pri
 vilege/role changes. I’ll map these signals to common jump-host and remo
 te-access setups\, and include one worked example from Windows event logs 
 (e.g.\, 4624/4625\, RDP logon type 10\, 4728/4732). We finish with an acti
 onable OT access plan that attendees can apply immediately.
DTSTAMP:20260501T121856Z
LOCATION:Rookie\, Student and Careers Track
SUMMARY:Fixing the Front Door: Securing OT Remote Access Without Killing Pr
 oduction - Richard Dosumu
URL:https://pretalx.com/bsides-ot-uk-2025/talk/W3GSMN/
END:VEVENT
END:VCALENDAR