Adapting Zero Trust Principles to Operational Technology


Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement and potential damage.

For operational technology (OT), applying ZT requires careful consideration because OT systems interact with the physical environment and are constrained by availability and safety requirements, as well as legacy technology with long lifespans. The blanket application of traditional information technology (IT)-focused ZT capabilities to OT is neither reasonable nor feasible and requires continuous collaboration between OT engineers, IT architects, and cybersecurity professionals. This collaboration should include clear communication channels, joint development of policies and controls, and a shared understanding of both mission objectives and technical limitations.

Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ripple20 Vulnerability Mitigation Best Practices

    June 22, 2020

    On June 16th, the Department of Homeland Security and CISA ICS-CERT issued a critical security advisory warning covering multiple newly discovered vulnerabilities affecting Internet-connected devices manufactured by multiple vendors. This set of 19 vulnerabilities in a low-level TCP/IP software library developed by Treck has been dubbed “Ripple20” by researchers from JSOF. A networking stack is a software component that provides ...

  • US firms overconfident in their cybersecurity preparedness

    July 25, 2018

    A new survey finds that American firms overrate how prepared they are for a cyberattack. Research and consulting firm Ovum found that 68% of US firms believe they have better-than-average cyber-readiness for their industry. As humans, we often overrate our own abilities, with more than 50% of a group thinking they’re above-average at some task, like ...

  • Why is incident response automation and orchestration so hot?

    March 16, 2017

    I couldn’t attend the RSA Conference this year, but many cybersecurity professionals and my ESG colleagues told me that incident response (IR) automation and orchestration was one of the hottest topics in the halls of the Moscone Center—through the bar at the W hotel and even at the teahouse on the garden at Yerba Buena. Was ...