Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement and potential damage.
For operational technology (OT), applying ZT requires careful consideration because OT systems interact with the physical environment and are constrained by availability and safety requirements, as well as legacy technology with long lifespans. The blanket application of traditional information technology (IT)-focused ZT capabilities to OT is neither reasonable nor feasible and requires continuous collaboration between OT engineers, IT architects, and cybersecurity professionals. This collaboration should include clear communication channels, joint development of policies and controls, and a shared understanding of both mission objectives and technical limitations.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Chrome Zero-Day Under Active Attack – Patch ASAP
February 15, 2022
Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that’s actively being jumped on by attackers in the wild. In a brief update, Google described the weakness, tracked as CVE-2022-0609, as a use-after-free vulnerability in Chrome’s Animation component. This kind of flaw can lead to all sorts of misery, ...
- France opens new business campus to tackle cyberattacks
February 15, 2022
France is grouping the country’s top cybersecurity experts in Paris’ business district of La Defense, bringing together startups and household names to tackle the scourge of hacking, Finance Minister Bruno Le Maire said on Tuesday. Cyberattacks have become the number one worry of the world’s top company executives, according to a survey by PwC, and their ...
- France opens new business campus to tackle cyberattacks
February 15, 2022
France is grouping the country’s top cybersecurity experts in Paris’ business district of La Defense, bringing together startups and household names to tackle the scourge of hacking, Finance Minister Bruno Le Maire said on Tuesday. Cyberattacks have become the number one worry of the world’s top company executives, according to a survey by PwC, and their ...
- Patch now: Adobe releases emergency fix for exploited Commerce, Magento zero-day
February 14, 2022
Adobe has released an emergency patch to tackle a critical bug that is being exploited in the wild. On February 13, the tech giant said that the vulnerability impacts Adobe Commerce and Magento Open Source, and according to the firm’s threat data, the security flaw is being weaponized “in very limited attacks targeting Adobe Commerce merchants.” Tracked as CVE-2022-24086, ...
- Australia: Pezzullo frames Critical Infrastructure Bills as ‘defence’ and ransomware plan as ‘offence’
February 14, 2022
At the end of last year, Australia’s Security Legislation Amendment (Critical Infrastructure) Act 2021 became law to give government “last resort” powers to direct an entity when responding to cyber attacks, which included introducing a cyber-incident reporting regime for critical infrastructure assets. Those laws were originally drafted to be wider in scope, with Home Affairs proposing ...
- DDoS attacks in Q4 2021
February 10, 2022
Q4 2021 saw the appearance of several new DDoS botnets. A zombie network, named Abcbot by researchers, first hit the radar in July, but at the time it was little more than a simple scanner attacking Linux systems by brute-forcing weak passwords and exploiting known vulnerabilities. In October, the botnet was upgraded with DDoS functionality. ...