Securing connected security devices in OT environments: What integrators need to know

As oil and gas operators connect more cameras, access control systems, and IoT sensors to their operational technology networks, the cybersecurity risks tied to these security devices are becoming more visible.
 
Cyber attackers have shifted focus to the edge, where IP cameras, IoT sensors, and monitoring devices serve as potential entry points into critical infrastructure. For physical security integrators, understanding these evolving threats is now essential to safeguarding customer environments.
 
According to Paul Smith, Cyber Portfolio Director at Honeywell, attackers are increasingly targeting the weakest link in these environments. The edge represents an attractive and often under protected target because many devices ship with default features enabled, outdated firmware, or poorly secured remote access pathways. Smith warns that adversaries are exploiting these conditions through a range of techniques.
 
“Through weak credentials, dependency chains or crypto still resident on the device, unpatched firmware, insecure protocols, poorly designed cloud channels, and access flaws,” Smith says, attackers are compromising edge devices in oil and gas settings. He notes that publicly available scanning tools also play a role in these attacks. “What Shodan is for industrial, Grayhatwarfare is for public cloud storage objects.”
 
For video surveillance and access control systems that rely heavily on IP-based architectures, these vulnerabilities create exposure that can go far beyond the device itself. A single camera or sensor with misconfigured access can provide attackers with a foothold to pivot deeper into the network.

IT and OT integration risks for connected security systems

As security technologies become more deeply integrated with IT networks and cloud platforms, they also intersect with OT environments that have traditionally remained isolated. Smith explains that this convergence increases the potential for security devices to become attack vectors if installations are not properly planned and hardened.
 
Integrators should pay close attention to how video, access control, and monitoring systems interface with OT networks. Smith emphasizes the shared responsibility to secure these pathways. “Integrators must harden configurations, isolate networks, restrict remote access, and continuously monitor devices to prevent these systems from becoming entry points into critical infrastructure.”
 
The principle of isolation is especially important in oil and gas environments, where OT networks control core industrial processes. Physical security devices rarely require direct communication with sensitive controllers or engineering workstations, yet poor segmentation can inadvertently place them in proximity to high value assets. Ensuring that security systems are deployed in tightly controlled network segments reduces the risk of lateral movement in the event of compromise.

Common attack paths in today’s industrial settings 

In many cyber physical incidents, attackers rely on a series of small misconfigurations rather than a single large flaw. Smith notes that the most common attack methods are not necessarily the most technical. They often exploit routine operational practices.
 
“Third party devices whether it be removable media, or laptops plugging into the network is still number one,” Smith explains. USB drives, contractor laptops, and vendor equipment can introduce malware or offer attackers a bridge into sensitive OT networks if they are not properly vetted or isolated. These risks remain prevalent despite increased awareness because many critical environments depend on third party maintenance activities.
 
Beyond these operational issues, supply chain vulnerabilities pose an increasingly significant threat. Smith highlights the risks created by modern software development practices. “Beyond these, supply chain issues with equipment; this can entail many items but predominately dependency inclusion attacks.” He points out that much of the software used in security and industrial systems is built using external libraries that can become compromised.
 
“Majority of software these days has been outsourced which opens the door to attacks like the 18 NPM packages that were compromised, these packages see roughly 2.6 billion downloads each week and the delivery system can be as simple as a developer typing ‘npm update’,” Smith notes. “This malicious package will sit there waiting to be compromised.”
 
For integrators deploying connected security devices, these insights underscore the importance of validating firmware sources, verifying vendor software practices, and maintaining a lifecycle approach to device updates.

Balancing remote support with OT security needs

Remote support has become a standard requirement in modern security deployments. Integrators often need access to troubleshoot cameras, door controllers, or management platforms. However, enabling continuous remote connectivity to OT environments introduces substantial risks.
 
Smith advises that secure remote support must be time limited, audited, and tightly controlled. “They can maintain secure remote support by using zero trust, time bounded access through monitored sessions, enforcing MFA, strict segmentation, and least privilege controls,” he says.
 
He warns integrators against architectures that provide direct pathways into OT networks. “I will re-iterate all sessions should be brokered, recorded, and approved by operators, with no always on VPN or direct OT access.” The use of hardened gateways and short lived credentials is essential. Smith adds that “hardened gateways, short lived credentials, and continuous monitoring ensure support without increasing OT network exposure.”
 
For service teams, this means adopting tools that provide session recording, just in time access provisioning, and privileged access controls. It also requires close coordination with OT operators, who must validate the necessity and duration of each remote session.

Hardening practices for security devices in industrial environments

Strong cybersecurity practices begin at installation. Smith outlines a set of practical hardening steps that integrators should implement whenever they deploy video surveillance, access control, or monitoring devices in OT contexts.
 
“All defaults should be changed, disable unused services, enforce MFA, and update firmware before deployment,” he advises. Default usernames and passwords remain one of the fastest ways attackers gain access to edge devices. Eliminating unnecessary services and updating firmware reduces the available attack surface.
 
Smith also stresses the importance of network controls. “Place devices in isolated network segments, block internet access, use encrypted protocols, and restrict vendor remote support.” These recommendations directly address common attack vectors and reflect best practices for industrial cybersecurity.
 
Account management is another critical element. “Apply least privilege non shared accounts, lock down APIs, log all activity, and ensure continuous monitoring to prevent these systems from becoming attack paths,” Smith says. In many security deployments, shared accounts or insufficient logging can prevent operators from identifying breaches until long after they occur.
 
For integrators, these hardening steps should be part of a standardized deployment checklist. Many oil and gas operators now require detailed documentation of cybersecurity controls for every device added to their environment. Integrators that can demonstrate a rigorous approach to secure configuration will be better positioned to win and retain customers who operate under stringent regulatory frameworks.

What this means for physical security professionals 

The insights from Smith illustrate a broader shift in how cyber attackers view physical security systems. IP cameras, access control panels, and IoT sensors are no longer seen only as tools for surveillance and access management. They are also potential gateways into industrial operations if not adequately secured.
 
For integrators, this requires a mindset change. Deploying connected security systems in OT environments means taking responsibility not only for physical protection but also for contributing to the organization's cyber resilience strategy.
 
The most successful integrators in the oil and gas sector are now those who can bridge the gap between physical and cyber security. This includes understanding network segmentation principles, recognizing supply chain risks, implementing zero trust access models, and applying consistent hardening practices across all security devices.
 
Smith’s guidance makes one point clear. Effective protection of critical infrastructure requires more than installing advanced cameras or controllers. It requires securing every component of the system from the moment it is deployed and ensuring that ongoing support does not create unintended vulnerabilities.
 
As industrial operators continue to modernize their facilities, integrators who embed strong cyber hygiene into every project will be increasingly valued. The edge will remain a focal point for attackers, but with the right practices, it can become a well defended part of the security architecture rather than a liability.