Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement and potential damage.
For operational technology (OT), applying ZT requires careful consideration because OT systems interact with the physical environment and are constrained by availability and safety requirements, as well as legacy technology with long lifespans. The blanket application of traditional information technology (IT)-focused ZT capabilities to OT is neither reasonable nor feasible and requires continuous collaboration between OT engineers, IT architects, and cybersecurity professionals. This collaboration should include clear communication channels, joint development of policies and controls, and a shared understanding of both mission objectives and technical limitations.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Issues Emergency Directive Requiring Federal Agencies To Mitigate Apache Log4j Vulnerabilities
December 17, 2021
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 22-02 today requiring federal civilian departments and agencies to assess their internet-facing network assets for the Apache Log4j vulnerabilities and immediately patch these systems or implement other appropriate mitigation measures. This Directive will be updated to further drive additional mitigation actions. The directive is in response to the active exploitation by multiple threat actors of vulnerabilities found in the widely used Java-based ...
- Artificial Intelligence: How to make Machine Learning Cyber Secure?
December 14, 2021
Machine learning (ML) is currently the most developed and the most promising subfield of artificial intelligence for industrial and government infrastructures. By providing new opportunities to solve decision-making problems intelligently and automatically, artificial intelligence (AI) is applied in almost all sectors of our economy. While the benefits of AI are significant and undeniable, the development of ...
- CISA Issues Apache Log4j Vulnerability Guidance
December 14, 2021
CISA and its partners, through the Joint Cyber Defense Collaborative, are responding to active, widespread exploitation of a critical remote code execution (RCE) vulnerability (CVE-2021-44228) in Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1, known as “Log4Shell” and “Logjam.” Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications—as ...
- State of Cybersecurity in Germany in 2021
December 7, 2021
According to Germany’s Federal Office for Information Security (BSI), the country faces a grave and growing threat as society becomes more digitally connected and criminals more sophisticated. The BSI said threat levels have reached red alarm levels. Threat level increased BSI published their annual report “The State of IT Security in Germany in 2021.” It highlights that ...
- APT annual review 2021
November 30, 2021
The Global Research and Analysis Team at Kaspersky posted the summary of most interesting trends and developments of the last 12 months. This is based on Kaspersky visibility in the threat landscape and it’s important to note that no single vendor has complete visibility into the activities of all threat actors. Private sector vendors play a ...
- UK spy chief warns China, Russia racing to master AI
November 30, 2021
The chief of the United Kingdom’s foreign spy service is to warn that China and Russia are racing to master artificial intelligence in a way that could revolutionise geopolitics over the next 10 years. Richard Moore, who heads the Secret Intelligence Service, known as MI6, is due to make his first public speech since becoming chief ...