Zero trust has become the top approach for IT security, guiding how organizations worldwide design their networks and control access to systems and data.
While zero trust is widely accepted in IT, it has faced skepticism in operational technology (OT). However, many OT security experts agree that the core ideas of zero trust — assuming the network is compromised and limiting activities to what is essential — are relevant to OT. This is especially true now that industrial assets are often connected to IT systems and the cloud.
It is also true that implementing a zero trust framework in OT is challenging. The unique nature of OT devices and the fear of disrupting operations make many industrial operators see zero trust as unrealistic for their needs.
Still, with the right technology and approach, aspects of zero trust can be applied in OT networks with the goal of reducing the risk of cyberattacks on energy facilities, manufacturing plants, transportation systems and other critical infrastructures.
Key Principles to Consider for OT Zero Trust
- Different Objectives: IT security aims to protect data from theft or ransom attacks, while OT security focuses on preventing disruptions to physical processes. Cyberattackers targeting OT systems aim to manipulate sensors, pumps, robots, vehicles and other critical systems. Thus, OT cybersecurity strategies must be tailored to address these unique threats.
- Enhanced Visibility: Effective security in OT requires more than just mapping assets and passively monitoring the network. Active monitoring is essential for detecting and blocking threats. Unlike IT, where detecting and blocking malicious users and activities is standard practice, OT often relies on passive visibility tools that can overwhelm security teams with alerts and provide little real protection. Implementing active security measures can significantly enhance the security posture in OT environments.
- Securing OT Assets: OT devices, such as PLCs and Level 1 controllers, often lack built-in security features found in IT assets. These devices are typically not designed for external connectivity and cannot support basic security tasks like user authentication or malware scanning. This presents a unique challenge for OT security, requiring specialized approaches to protect these critical assets.
- Contextual Access: In IT, zero trust heavily relies on user identity to grant access. In OT, user identity is often less relevant, especially at lower network levels. Instead, OT zero trust should focus on network traffic patterns, locations and process roles to determine if network activity is legitimate. For example, it should evaluate if a workstation should connect to a particular PLC, if a request is made during a scheduled maintenance window or if a device should have read/write access to certain systems. Implementing these contextual rules can help prevent unauthorized access and actions within OT networks.
- Advanced Assurance: OT environments can potentially achieve higher levels of zero trust maturity compared to IT environments. In a mature OT zero trust setup, connections are authenticated and authorized, commands are validated and only "known safe" traffic is allowed.
By adapting zero trust principles to the unique needs of OT environments, organizations can significantly reduce the risk of cyberattacks on critical infrastructure such as energy facilities, manufacturing plants and transportation systems. Implementing a zero trust framework in OT may be challenging, but with the right technology and approach, aspects of zero trust may enhance the security and resilience of these essential systems.