Zero Trust for Operational Technology: 6 Key Considerations

 Zero Trust has become the dominant paradigm for IT security, influencing how organizations around the world design their networks and grant access to systems and data. In fact, the Zero Trust concept is so prevalent that it effectively became U.S. government policy with 2021’s Executive Order on Improving the Nation’s Cybersecurity.

Despite its widespread adoption in IT, the concept of Zero Trust has met with suspicion, if not outright rejection, in the world of operational technology. Perhaps it’s finally time for that to change.

Most OT security professionals would probably agree that the core principles of Zero Trust—assume the network has been compromised and limit activity to only what is necessary—are relevant in OT environments, especially now that industrial assets routinely connect to IT systems and the cloud. Actually implementing a Zero Trust architecture in an OT environment is another matter. The unique characteristics of OT devices, together with concerns about disrupting operations, have led many industrial operators to dismiss Zero Trust as an unattainable goal.

However, with the right technology and the right approach, Zero Trust principles can be implemented safely and effectively in OT networks, dramatically reducing the risk of a cyber attack against energy facilities, manufacturing operations, transportation systems, and other critical infrastructure.

Defining Zero Trust for OT

 Any discussion of the topic has to include the disclaimer that Zero Trust is not a product or a technology. It’s a general set of assumptions and objectives that can guide an organization’s cybersecurity strategy. There’s not even a generally-accepted definition of the term, although the description in Executive Order 14028 sums it up well:

 “The Zero Trust security model eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources (Read more...)