All Research
Whitepaper
I like this
I don't like this

Zero Trust Network Access for OT Environments

John Tolbert
Operational Technology (OT) environments are often quite different from regular enterprise IT environments in terms of hardware and software deployed. However, both OT and IT need rigorous security measures such as strong and risk-adaptive authentication and policy-based access controls. Some tools for IT can work well in OT environments. Moreover, some OT environments are subject to regulatory requirements that mandate specific security controls and additional audit compliance capabilities.

1 Introduction / Executive Summary

Operational Technology (OT) encompasses the hardware and software systems that control, automate, and monitor equipment and physical processes in industrial settings such as manufacturing, warehouse and logistics management, power generation and distribution, transportation, and healthcare. These systems include Supervisory Control And Data Acquisition (SCADA) systems, Programmable Logic Controllers (PLCs), Human-to-Machine Interfaces (HMIs) and other devices and software that are designed to monitor and control the operation of machines, processes, and other specialized equipment in real-time. Operational Technology (OT) includes Industrial Controls Systems (ICS), Critical Infrastructure Systems (CIS), and Industrial Internet of Things (IIoT).

Critical Infrastructure Systems include energy, communications, defense industrial base, critical manufacturing, food and agriculture, government, healthcare, and transportation sectors. Some organizations in CIS are public utilities. Organizations that use Industrial Controls Systems (ICS) are generally considered to be a superset of the sectors in CIS, many of which operate as private enterprises. Industrial IoT (IIoT) refers to commoditized, IP communications-enabled devices (often sensors) which are increasingly used within ICS and CIS.

OT environments can have very high availability and security requirements, which, in many cases, necessitate the deployment of specially designed cybersecurity and identity management solutions.

The need to secure OT has increased in prominence for multiple reasons. Regulation to protect the public is being legislated by governments in many jurisdictions worldwide. Governments have intervened in cases of compromise of OT infrastructure, particularly where CIS has been involved. Companies and utilities are investing in IIoT technology to take advantage of expanding functionality and are decreasing costs to improve efficiency. Lastly, some high-profile attacks on ICS and CIS have brought awareness of cybersecurity risks to both the general public and to the boardroom.

Successful cyber-attacks against ICS infrastructure can cause significant downtime, lost productivity, reputation damage, and even threaten for-profit companies’ viability. Successful cyber-attacks against CIS can cause power outages, failures of public utilities, and even jeopardize lives. Organizations that operate OT environments must invest to avoid the downtime and damage that results from cyber-attacks

Companies and utilities that have OT systems typically have extreme uptime requirements and very short and infrequent system maintenance windows. This can exacerbate the problems of upgrading security products and even keeping critical systems up-to-date with security patches.

Securing access to OT assets is a paramount concern. Some attacks against ICS and CIS operators have used improperly secured Virtual Private Networks (VPNs) and other remote access tools as vectors. The Zero Trust Network Access (ZTNA) model is a leading cybersecurity paradigm that is founded upon the principle of least privilege. ZTNA can help reduce the risk of unauthorized access to OT environments.

Organizations that have OT should regularly review their security architectures and make investments to close cybersecurity gaps where discovered.

This whitepaper will review the cybersecurity threat landscape for OT, describe the high-level security architecture and some of the tool types needed for OT, consider some of the key requirements of the German KRITIS regulation, and provide an overview of the Cyolo Zero Trust Access solution.

Full article is available for registered users with free trial access or paid subscription.
Log in
Register and read on!
Create an account and buy Professional package, to access this and 600+ other in-depth and up-to-date insights
Register your account to start 30 days of free trial access
Register
Get premium access
Choose a package
Top related content
Event Recording
Yariv Lenchner - Securing Privileged Identities in OT (Operational Technology) and Industrial Control Systems
Yariv Lenchner
Event Recording
Strategic Approaches to Secure Industrial Control System Environments
John Tolbert
Webinar Recording
The Evolution of Secure Access in Critical Infrastructure
John Tolbert
Blog
Who is Responsible for Operational Technology Security?
John Tolbert
Blog
OT and IoT Security
Warwick Ashford

Stay up to date

Subscribe for a newsletter to receive updates on newest events, insights and research.
I have read and agree to the Privacy Policy
I have read and agree to the Terms of Use