Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement and potential damage.
For operational technology (OT), applying ZT requires careful consideration because OT systems interact with the physical environment and are constrained by availability and safety requirements, as well as legacy technology with long lifespans. The blanket application of traditional information technology (IT)-focused ZT capabilities to OT is neither reasonable nor feasible and requires continuous collaboration between OT engineers, IT architects, and cybersecurity professionals. This collaboration should include clear communication channels, joint development of policies and controls, and a shared understanding of both mission objectives and technical limitations.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Railway Cybersecurity – Good Practices in Cyber Risk Management
November 27, 2021
This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust cyber risk management methods to the needs of their organisation. It builds upon the 2020 ENISA ...
- IT threat evolution Q3 2021
November 26, 2021
Last March, Kaspersky researchers reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, they discovered a newer version. It contains the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. This confirms Kaspersky previous assumption ...
- The dangers of “connected” healthcare: predictions for 2022
November 23, 2021
For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic. Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in medicine. Part of our predictions last year were based on the ...
- TSA makes changes to new cyber requirements after industry feedback
November 23, 2021
The Transportation Security Administration is softening the deadlines on new cybersecurity requirements for major passenger and freight rail operators, as the agency’s leader said it learned from efforts earlier this year to begin regulating the cybersecurity of the pipeline sector. TSA is expected to issue the new security directives for major railroad and rail transit entities ...
- Cyberthreats to financial organizations in 2022
November 23, 2021
A look back on the year 2021 and what to expect in 2022 First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. Then we will go through the key events of 2021 relating to attacks on financial organizations. Finally, we will make ...
- Step Towards Foresight on Emerging Cybersecurity Challenges
November 22, 2021
ENISA kicks off a new area of work in line with its Strategy objective “Foresight on Emerging and Future Cybersecurity Challenges”. As a key element of ENISA’s strategy, foresight increases knowledge and understanding of emerging and future challenges, thus providing a path to find solutions that address those challenges and bolster EU resilience to cybersecurity threats. What ...