The Cybersecurity and Infrastructure Security Agency, in coordination with the Department of War, Department of Energy, Federal Bureau of Investigation, and Department of State, recently released the Adapting Zero Trust Principles to Operational Technology joint guidance. The release is designed for organizations applying zero trust principles to operational technology.
According to a recent statement, the agency feels that OT systems that were traditionally isolated or manually operated are now increasingly interconnected, digitally monitored, and remotely controlled. This IT-OT convergence introduces new cybersecurity risks that make perimeter-based defenses and implicit trust models inadequate for safeguarding OT systems and the critical physical processes they control.
This guidance supports OT owners and operators in addressing the unique challenges of transitioning to a ZT architecture, considering technology gaps from legacy infrastructure, operational constraints, and safety requirements.
It focuses on establishing comprehensive asset visibility, proactively addressing supply chain risks, and implementing robust identity and access management while stressing the importance of layered security measures—including network segmentation, secure communication protocols, and vulnerability management.
For more information, visit CISA’s Zero Trust webpage.
