Federal zero trust guidelines for OT environments unveiled

Mounting cybersecurity threats against operational technology networks stemming from the growing interconnectedness of industrial systems have prompted the Cybersecurity and Infrastructure Security and other federal agencies to issue joint guidance on implementing zero trust across OT systems, reports Infosecurity Magazine.

With OT-targeted cyber intrusions threatening significant disruption and equipment damage, OT operators and security teams should adopt zero trust by leveraging passive monitoring in the creation of extensive asset inventories, imposing network segmentation and microsegmentation, and ensuring legacy device coverage of identity and access controls, according to the guidelines. Organizations have also been urged to use multifactor authentication and jump hosts to secure remote access, as well as to integrate supply chain risk management in procurement decision-making.

Meanwhile, addressing challenges related to zero trust application in OT was noted to require the enforcement of more stringent monitoring and access policies, as well as the establishment of incident response plans and recovery processes.