5 Surprising Findings From OT Vulnerability Assessments

The term "vulnerability assessment" has the potential to be too broad for engineers and technical personnel responsible for risk mitigation across critical infrastructure and operational technology (OT) environments. Yet, failure to regularly conduct such assessments or overlooking them due to a lack of understanding or clarity can inadvertently introduce significant security issues. Furthermore, OT assessments involve different steps and deliverables compared to traditional IT vulnerability assessments, which creates confusion for operational teams. Drawing on extensive experience in performing hundreds of OT vulnerability assessments across global industrial operations, Honeywell personnel offer detailed insights to help enterprises best utilize various assessment types.

Here, we highlight findings from OT vulnerability assessments that may be unexpected or overlooked, leveraging the experience of Honeywell's team to provide technical teams with insight into the real-world practical value of these specialized assessments. Additionally, we offer current cybersecurity posture information to broader audiences, particularly relevant in the context of risk reduction initiatives in OT environments according to ShieldsUp in the United States and other geopolitical movements. Finally, we address common questions surrounding OT vulnerability assessments and pentesting, two effective procedures for identifying and mitigating cybersecurity risks when utilized regularly as part of a cybersecurity program.