We discuss vulnerabilities or exploitable weaknesses that are hidden deep within our OT environments. The kind of vulnerabilities discussed are not the kind found in a published database of cyber vulnerabilities or that can be detected with a vulnerability scan. Because control systems rely on technology and architecture designed before OT cybersecurity were a real consideration, these weaknesses are often designed right into the OT assets. Given this challenge, how can we protect our facilities from these inherent cyber risks? We present two basic steps - good configuration management practices and configuration change auditing - to improve safety and reliability and reduce cyber risk.