Critical infrastructures such as oil and gas pipelines, the electric power grid, and railways, rely on the proper operation of supervisory control and data acquisition (SCADA) systems. The trend to interconnect SCADA system devices using networking technologies, however, has introduced additional entry points for malicious software, often via the Internet. In an attempt to manage the new risks, security personnel are incorporating network isolation and standard information technology practices (e.g., firewalls and access control lists). These boundary protection mechanisms attempt to create gaps between systems in order to logically or physically isolate the SCADA network, making it inaccessible by untrusted actors. However, physical or logical isolation does not necessarily imply a closed system. Untrusted actors can still gain access and control over a SCADA system, despite network security, through exploiting alternate pathways that are not evaluated for proper trust control. These nontraditional, indirect access points are overlooked as ingress paths that can result in system compromise. This paper introduces the concept of extending the security parameter to incorporate the nontraditional access points that are often ignored. Coupled with traditional network security postures, identifying and managing these nontraditional attack entry points can create a more robust, secure environment for critical infrastructures.