The Cloud Security Alliance has released a report recommending a zero-trust approach for operational technology and industrial control systems at critical infrastructure organizations as these entities increasingly become interconnected through the cloud and Industrial Internet of Things technologies, according to Security Boulevard.
The zero-trust security method emphasizes continuous verification of user and application access, departing from traditional assumptions of trust. The guidance addresses the pressing need to secure critical sectors, including energy, healthcare, and financial services, in light of threats from nation-state actors like China, Russia, and Iran. The report outlines a five-step strategy for adopting zero trust in these complex environments, starting with asset inventory and risk prioritization, followed by mapping data flows, designing zero-trust architecture, creating restrictive access policies, and maintaining continuous monitoring. It emphasizes the unique challenges of securing older systems now embedded in highly integrated networks, where air-gapped systems are rare. Modernization challenges include handling legacy protocols and adapting systems for real-time monitoring without disrupting operations.
