Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement and potential damage.
For operational technology (OT), applying ZT requires careful consideration because OT systems interact with the physical environment and are constrained by availability and safety requirements, as well as legacy technology with long lifespans. The blanket application of traditional information technology (IT)-focused ZT capabilities to OT is neither reasonable nor feasible and requires continuous collaboration between OT engineers, IT architects, and cybersecurity professionals. This collaboration should include clear communication channels, joint development of policies and controls, and a shared understanding of both mission objectives and technical limitations.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FBI: Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons
April 20, 2022
The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain. The FBI noted ransomware attacks during these seasons against six grain cooperatives during ...
- Five Eyes nations fear wave of Russian attacks against critical infrastructure
April 20, 2022
The Five Eyes nations’ cybersecurity agencies this week urged critical infrastructure to be ready for attacks by crews backed by or sympathetic to the Kremlin amid strong Western opposition to Russia’s invasion of Ukraine. The joint alert, issued by cybersecurity authorities in the US, UK, Australia, Canada and New Zealand, provides technical details on more than ...
- Critically Underrated: Studying the Data Distribution Service (DDS) Protocol
April 19, 2022
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable ...
- Coordinated Vulnerability Disclosure policies in the EU
April 13, 2022
Vulnerability disclosure has become the focus of attention of cybersecurity experts engaged in strengthening the cybersecurity resilience of the European Union. The valid source of concern comes from the cybersecurity threats looming behind vulnerabilities, as demonstrated by the impact of the Log4Shell vulnerability. Security researchers and ethical hackers constantly scrutinise ICT systems – both open source ...
- Demand for cyber threat intel growing, White House official says
April 6, 2022
Private sector companies are increasingly asking the federal government for cyber threat intelligence as they seek to shore up their defenses against growing online threats, a White House cyber official told lawmakers on Wednesday. Robert Knake, a U.S. official in charge of budget and policy at the White House’s Office of the National Cyber Director, told ...
- Bank had no firewall license, intrusion or phishing protection – guess the rest
April 5, 2022
An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 ...