Are you familiar with the term "Zero Trust"? for IT and for ICS-OT?
Daniel Ehrenreich
Leading ICS-OT-IIOT Cyber Security Expert, Consultant, Workshops Lecturer, International Keynote Speaker
The?zero-trust security model?describes an IT concept in which you “never trust” and “always verify” specific devices/entities while they are connected to the network even if they were connected to network and were previously verified and authenticated.
The once traditional approach of trusting devices within a highly diverse and distributed environments is no longer enough. The zero trust approach is including verification of the identity and integrity of devices without respect to previous verification.
According to the Zero trust model, an access to applications and services is based on the strong confidence of device identity and device health in combination with its authentication just shortly prior the connection and service are authorized.
ICS-OT networks are built on principles of “insecure by design" and their main goal is assure operating safety and reliability. As the authenticating service is in the IT architectures and not resident in the ICS-OT zone periodic re-authentication cannot be performed.
Managing Partner at Applied Control Solutions, LLC Emeritus Managing Director ISA99 ICS Cyber Security Pioneer, Keynote Speaker Process Automation Hall of Fame
2 年Bedrock Automation is the company I was referring to that actually has implemented a zero-trust approach for OT - and it is solid. Full disclosure: I am an on the Bedrock Industry Advisory Board.
ICS cyber security Consultant, Process Automation| Certified ScrumMaster? PLC/SCADA/DCS/Safety System/OT/ IIOT/Vibrant communicator and Humble listener.
2 年Well said
Moderator of Cyber Security and Real Time Systems & Global Digital Identity Groups
2 年I have just circulated the latest NIST document to the CSIRS Linkedin Group which is one of the best I have read. Contains extensive references. And YES it is totally applicable to IoT and ICS ... NIST 800 160 ... includes cross references to safety standards and international standards .... https://www.dhirubhai.net/feed/update/urn:li:activity:6889242750429007872 https://www.dhirubhai.net/groups/3623430/
Managing Partner at Applied Control Solutions, LLC Emeritus Managing Director ISA99 ICS Cyber Security Pioneer, Keynote Speaker Process Automation Hall of Fame
2 年Zero trust can. and has been applied to control systems (Level 2 on up). There is at least one control system vendor with a commercial zero trust system that has actual installations. The gap today is zero trust does not apply to Level 0,1 devices.