SBN

ICS Cybersecurity: Zero Trust & CARTA for Operational Technology (OT)

The integration of IT and OT is a well-established trend, driven by the business benefits that typically come with richer real-time information sharing, analysis, and response. While the cybersecurity concerns of this integration are numerous and potentially significant, the horse has left the barn, so to speak, and cybersecurity teams need to respond strategically across infrastructure domains.

This integration of technology is driving an associated integration of IT and OT cybersecurity teams and a consolidation of responsibility for strategy. An interesting byproduct of that consolidation is the application of best practice IT cybersecurity models in OT environments. Two that have been gaining traction over the last several years are Forrester’s Zero Trust and Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA).

Zero Trust in OT Networks

As the name implies, Zero Trust is based on the simple premise that there is no such thing as a trusted source. This means that cybersecurity teams need to assume that there are attackers present both inside and outside of their networks and therefore treat all traffic as suspect.

Zero Trust is the older of the two strategies and currently has greater market awareness, but there is actually a sizable amount of overlap between the approaches, which demonstrates a growing consensus on best practice approaches to securing IT and OT infrastructure and data. As the name implies, Zero Trust is based on the simple premise that there is no such thing as a trusted source. This means that cybersecurity teams need to assume that there are attackers present both inside and outside of their networks and therefore treat all traffic as suspect. This, in turn, suggests that no communications should be allowed until each party is properly authenticated and authorized.

The Zero Trust concept has expanded over the years from its early focus chiefly (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Mission Secure Blog authored by Paul Arceneaux. Read the original post at: https://www.missionsecure.com/blog/industrial-cybersecurity-applying-zero-trust-and-carta-to-operational-technology-ot